華為 跨域虛擬專用網(wǎng)絡(luò)-OptionC2方案

點(diǎn)擊上方藍(lán)字“藝博東”關(guān)注我們

哈嘍，大家好！我是藝博東?，是一個(gè)思科出身、專注于華為的網(wǎng)工；好了，話不多說(shuō)，我們直接進(jìn)入正題。

文章目錄

• 
  

  • 一、無(wú) RR 的拓?fù)?/p>

  • 二、無(wú) RR 的簡(jiǎn)單配置與測(cè)試

  • 三、有 RR 的拓?fù)?/p>

  • 四、配置與分析

  • 五、特點(diǎn)

由于特殊原因，所以把“N”字母替換為“#”符號(hào)。

一、無(wú) RR 的拓?fù)?/p>

二、無(wú) RR 的簡(jiǎn)單配置與測(cè)試

2.1 底層配置

AR1

[Huawei]sysname AR1
[AR1]int g0/0/0
[AR1-GigabitEthernet0/0/0]ip address 10.1.13.1 24
[AR1-GigabitEthernet0/0/0]int l0
[AR1-LoopBack0]ip address 1.1.1.1 32

AR2

[Huawei]sysname AR2
[AR2]int g0/0/0
[AR2-GigabitEthernet0/0/0]ip address 10.1.23.2 24
[AR2-GigabitEthernet0/0/0]int l0
[AR2-LoopBack0]ip address 2.2.2.2 32

AR3

[Huawei]sysname AR3
[AR3]int g0/0/0   
[AR3-GigabitEthernet0/0/0]ip address 10.1.13.3 24
[AR3-GigabitEthernet0/0/0]int g0/0/1
[AR3-GigabitEthernet0/0/1]ip address 10.1.23.3 24
[AR3-GigabitEthernet0/0/1]int g0/0/2  
[AR3-GigabitEthernet0/0/2]ip address 10.1.34.3 24
[AR3-GigabitEthernet0/0/2]int l0
[AR3-LoopBack0]ip address  3.3.3.3 32
[AR3-LoopBack0]q
[AR3]rip 
[AR3-rip-1]v 2
[AR3-rip-1]network 10.0.0.0
[AR3-rip-1]network 3.0.0.0

AR4

[Huawei]sysname AR4
[AR4]int g0/0/0
[AR4-GigabitEthernet0/0/0]ip address 10.1.34.4 24
[AR4-GigabitEthernet0/0/0]int g0/0/1
[AR4-GigabitEthernet0/0/1]ip address 10.1.45.4 24
[AR4-GigabitEthernet0/0/1]int l0
[AR4-LoopBack0]ip address 4.4.4.4 32
[AR4-LoopBack0]q
[AR4]rip 
[AR4-rip-1]v 2
[AR4-rip-1]network 10.0.0.0 
[AR4-rip-1]network 4.0.0.0

AR5

[Huawei]sysname AR5
[AR5]int g0/0/0
[AR5-GigabitEthernet0/0/0]ip address 10.1.45.5 24
[AR5-GigabitEthernet0/0/0]int g0/0/1
[AR5-GigabitEthernet0/0/1]ip address 10.1.56.5 24
[AR5-GigabitEthernet0/0/1]int l0
[AR5-LoopBack0]ip address 5.5.5.5 32
[AR5-LoopBack0]q
[AR5]rip
[AR5-rip-1]v 2
[AR5-rip-1]undo summary 
[AR5-rip-1]network 10.0.0.0
[AR5-rip-1]network 5.0.0.0
[AR5-rip-1]q
[AR5]int g0/0/1
[AR5-GigabitEthernet0/0/1]undo rip output 
[AR5-GigabitEthernet0/0/1]undo rip input 

AR6、AR7、AR8、AR9、AR10底層配置類似

2.2 MPLS LDP

AR3

[AR3]mpls lsr-id 3.3.3.3
[AR3]mpls
[AR3-mpls]mpls ldp
[AR3-mpls-ldp]int g0/0/2
[AR3-GigabitEthernet0/0/2]mpls
[AR3-GigabitEthernet0/0/2]mpls ldp

AR4

[AR4]mpls lsr-id 4.4.4.4
[AR4]mpls 
[AR4-mpls]mpls ldp
[AR4-mpls-ldp]int g0/0/0
[AR4-GigabitEthernet0/0/0]mpls 
[AR4-GigabitEthernet0/0/0]mpls ldp
[AR4-GigabitEthernet0/0/0]int g0/0/1
[AR4-GigabitEthernet0/0/1]mpls 
[AR4-GigabitEthernet0/0/1]mpls ldp

AR5

[AR5]mpls lsr-id 5.5.5.5
[AR5]mpls 
[AR5-mpls]mpls ldp
[AR5-mpls-ldp]int g0/0/0
[AR5-GigabitEthernet0/0/0]mpls 
[AR5-GigabitEthernet0/0/0]mpls ldp
[AR5-GigabitEthernet0/0/0]int g0/0/1
[AR5-GigabitEthernet0/0/1]mpls

2.4 AR3和AR5建立MP-IBGP，AR6和AR8建立MP-IBGP；AR5和AR6建立MP-EBGP；AR3和AR8EBGP VP#v4 鄰居關(guān)系；配置標(biāo)簽?zāi)芰Α?/span>

AR3

[AR3]bgp 10
[AR3-bgp]peer 5.5.5.5 as-number 10 
[AR3-bgp]peer 5.5.5.5 connect-interface LoopBack0
[AR3-bgp]peer 8.8.8.8 as-number 20 
[AR3-bgp]peer 8.8.8.8 ebgp-max-hop 66 
[AR3-bgp]peer 8.8.8.8 connect-interface LoopBack0
[AR3-bgp]ipv4-family vpnv4 
[AR3-bgp-af-vpnv4]peer 8.8.8.8 enable

AR5

[AR5]route-policy asbr permit node 10
[AR5-route-policy]apply mpls-label
[AR5-route-policy]q
[AR5]bgp 10
[AR5-bgp]peer 3.3.3.3 as-number 10 
[AR5-bgp]peer 3.3.3.3 connect-interface LoopBack0
[AR5-bgp]peer 10.1.56.6 as-number 20 
[AR5-bgp]network 3.3.3.3 255.255.255.255
[AR5-bgp]peer 10.1.56.6 route-policy asbr export
[AR5-bgp]peer 10.1.56.6 label-route-capability
[AR5-bgp]q
[AR5]mpls 
[AR5-mpls]lsp-trigger bgp-label-route //用來(lái)配置LDP為帶標(biāo)簽的公網(wǎng)BGP路由分標(biāo)簽的能力
[AR5-mpls]quit
[AR5]rip
[AR5-rip-1]import-route bgp

AR6

[AR6]route-policy asbr permit node 10
[AR6-route-policy]apply mpls-label
[AR6-route-policy]q
[AR6]bgp 20
[AR6-bgp]peer 8.8.8.8 as-number 20 
[AR6-bgp]peer 8.8.8.8 connect-interface LoopBack0
[AR6-bgp]peer 10.1.56.5 as-number 10 
[AR6-bgp]network 8.8.8.8 255.255.255.255 
[AR6-bgp]peer 10.1.56.5 route-policy asbr export
[AR6-bgp]peer 10.1.56.5 label-route-capability
[AR6-bgp]q
[AR6]mpls 
[AR6-mpls]lsp-trigger bgp-label-route
[AR6-mpls]quit
[AR6]rip
[AR6-rip-1]import-route bgp

AR8

[AR8]bgp 20
[AR8-bgp]peer 3.3.3.3 as-number 10 
[AR8-bgp]peer 3.3.3.3 ebgp-max-hop 66 
[AR8-bgp]peer 3.3.3.3 connect-interface LoopBack0
[AR8-bgp]peer 6.6.6.6 as-number 20 
[AR8-bgp]peer 6.6.6.6 connect-interface LoopBack0
[AR8-bgp]ipv4-family vpnv4
[AR8-bgp-af-vpnv4]peer 3.3.3.3 enable

2.5 測(cè)試

[AR3]display bgp peer

[AR6]display bgp peer

[AR8]display mpls lsp

AR8已經(jīng)有AR3的3.3.3.3的標(biāo)簽了。

[AR8]ping -a 8.8.8.8 3.3.3.3

2.6 MPLS VP#業(yè)務(wù)接入

配置好公網(wǎng)之后，接下來(lái)是配置公司B和公司D，讓他們可以互訪；

AR3

[AR3]ip vpn-instance ybd2
[AR3-vpn-instance-ybd2]route-distinguisher 10:1
[AR3-vpn-instance-ybd2-af-ipv4]vpn-target 10:1 both 
[AR3-vpn-instance-ybd2-af-ipv4]int g0/0/1
[AR3-GigabitEthernet0/0/1]ip binding vpn-instance ybd2
[AR3-GigabitEthernet0/0/1]ip address 10.1.23.3 24
[AR3-GigabitEthernet0/0/1]bgp 10 
[AR3-bgp]peer 10.1.23.2 as 1
[AR3-bgp]ipv4-family vpn-instance ybd2
[AR3-bgp-ybd2]peer 10.1.23.2 as 1
[AR3-bgp-ybd2]peer 10.1.23.2 substitute-as //做AS號(hào)的偽裝

AR2

[AR2]bgp 1
[AR2-bgp]peer 10.1.23.3 as 10
[AR2-bgp]network 2.2.2.2 32

AR8

[AR8]ip vpn-instance ybd6
[AR8-vpn-instance-ybd10]route-distinguisher 10:1
[AR8-vpn-instance-ybd10-af-ipv4]vpn-target 10:1 both 
[AR8-vpn-instance-ybd10-af-ipv4]int g0/0/2
[AR8-GigabitEthernet0/0/2]ip binding vpn-instance ybd10
[AR8-GigabitEthernet0/0/2]ip address 10.1.81.8 24
[AR8-GigabitEthernet0/0/2]bgp 20
[AR8-bgp]ipv4-family vpn-instance ybd6
[AR8-bgp-ybd10]peer 10.1.81.10 as 1
[AR8-bgp-ybd10]peer 10.1.81.10 substitute-as 

AR10

[AR10]bgp 1
[AR10-bgp]peer 10.1.81.8 as 20
[AR10-bgp]network 10.10.10.10 32

[AR10]display ip routing-table protocol bgp

[AR2]ping -a 2.2.2.2 10.10.10.10

公司 B 2.2.2.2 訪問(wèn)公司 AD10.10.10.10

AR2 上的 IPv4 路由傳遞到 AR3

[AR2]dis ip routing-table 10.10.10.10

封裝為：

查看10.10.10.10路由，下一跳是10.1.23.3；

然后根據(jù)AR3的接口下G0/0/0綁定的實(shí)例ybd2的路由表，去查相關(guān)路由。

[AR3]display ip routing-table vpn-instance ybd2 10.10.10.10

下一跳是 8.8.8.8

[AR3]display bgp vpnv4 vpn-instance ybd2 routing-table 10.10.10.10

私網(wǎng)標(biāo)簽1027 打上標(biāo)簽封裝成：

接著是查看公網(wǎng)標(biāo)簽

[AR3]display mpls lsp

公網(wǎng)標(biāo)簽1026 打上標(biāo)簽封裝成：

從G0/0/2接口出發(fā)

[AR4]dis mpls lsp

進(jìn)來(lái)標(biāo)簽是1026，出標(biāo)簽為1027，從G0/0/1接口發(fā)出

打上標(biāo)簽封裝成：

[AR5]dis mpls lsp

進(jìn)來(lái)標(biāo)簽是1027，出標(biāo)簽為1026，

封裝為：

[AR7]display mpls lsp

8.8.8.8出標(biāo)簽是3，然后進(jìn)行彈出頂部標(biāo)簽，從G0/0/1接口發(fā)送出去。

[AR8]dis mpls lsp

[AR8]dis bgp vpnv4 vpn-instance ybd6 routing-table 

下一跳是10.1.81.10

三、有 RR 的拓?fù)?/p>

四、配置與分析

4.1 概括

（1）AS內(nèi)IGP和LDP配置好
（2）ASBR之間建立EBGP鄰居，并啟動(dòng)傳遞標(biāo)簽ipv4路由能力，互聯(lián)接口啟動(dòng)mpls（3）在ASBR向?qū)Χ薃SBR發(fā)布本端PE/RR的標(biāo)簽ipv4路由，通過(guò)產(chǎn)生標(biāo)簽策略完成
（4）在ASBR上開(kāi)啟LSP觸發(fā)策略，為BGP路由產(chǎn)生LDP的LSP
（5）在ASBR上引入PE/RR的BGP路由到IGP協(xié)議中
（6）PE和RR之間建立mp-ibgp鄰居關(guān)系，傳遞vp#v4路由，并保證路由傳遞到對(duì)端PE下一跳不變
（7）RR之間建立MP-EBGP鄰居關(guān)系，傳遞vp#v4路由，并保證路由傳遞到對(duì)端下一跳不變
目的：是建立一條PE到PE之間的LSP，方便PE之間建立MP-EBGP傳遞vp#v4路由。

4.2 刪除

刪除掉 AR3和AR5的MP-IBGP鄰居、AR6和AR8的MP-IBGP鄰居、AR3和AR8的EBGP VP#v4 鄰居關(guān)系；

4.3 然后建立AR4(RR)與AR3、AR7(RR)與AR8建立鄰居關(guān)系并且下一跳不變，AR4與AR7建立EBGP VP#4的鄰居關(guān)系。

AR3

[AR3]bgp 10
[AR3-bgp]peer 4.4.4.4 as 10 
[AR3-bgp]peer 4.4.4.4 connect-interface LoopBack 0
[AR3-bgp]ipv4-family vpnv4
[AR3-bgp-af-vpnv4]peer 4.4.4.4 enable 
[AR3-bgp-af-vpnv4]peer 4.4.4.4 next-hop-invariable

AR4

[AR4]bgp 10
[AR4-bgp]peer 3.3.3.3 as 10
[AR4-bgp]peer 3.3.3.3 connect-interface LoopBack  0
[AR4-bgp]ipv4-family vpnv4
[AR4-bgp-af-vpnv4]peer 3.3.3.3 enable 
[AR4-bgp-af-vpnv4]peer 3.3.3.3 reflect-client
[AR4-bgp-af-vpnv4]peer 3.3.3.3 next-hop-invariable
[AR4-bgp-af-vpnv4]undo policy vpn-target 
[AR4-bgp-af-vpnv4]q
[AR4-bgp]peer 7.7.7.7 as 20
[AR4-bgp]peer 7.7.7.7 connect-interface LoopBack 0
[AR4-bgp]peer 7.7.7.7 ebgp-max-hop 66
[AR4-bgp]ipv4-family vpnv4
[AR4-bgp-af-vpnv4]peer 7.7.7.7 enable 
[AR4-bgp-af-vpnv4]peer 7.7.7.7 next-hop-invariable

AR7

[AR7]bgp 20 
[AR7-bgp]peer 8.8.8.8 as 20
[AR7-bgp]peer 8.8.8.8 connect-interface LoopBack  0
[AR7-bgp]ipv4-family vpnv4
[AR7-bgp-af-vpnv4]peer 8.8.8.8 enable 
[AR7-bgp-af-vpnv4]peer 8.8.8.8 reflect-client 
[AR7-bgp-af-vpnv4]peer 8.8.8.8 next-hop-invariable
[AR7-bgp-af-vpnv4]undo policy vpn-target 
[AR7-bgp-af-vpnv4]q
[AR7-bgp]peer 4.4.4.4 as 10
[AR7-bgp]peer 4.4.4.4 connect-interface LoopBack  0
[AR7-bgp]peer 4.4.4.4 ebgp-max-hop 66
[AR7-bgp]ipv4-family vpnv4
[AR7-bgp-af-vpnv4]peer 4.4.4.4 enable 
[AR7-bgp-af-vpnv4]peer 4.4.4.4 next-hop-invariable

AR8

[AR8]bgp 20   
[AR8-bgp]peer 7.7.7.7 as 20
[AR8-bgp]peer 7.7.7.7 connect-interface  LoopBack  0
[AR8-bgp]ipv4-family vpnv4
[AR8-bgp-af-vpnv4]peer 7.7.7.7 enable 
[AR8-bgp-af-vpnv4]peer 7.7.7.7 next-hop-invariable

4.4 宣告RR的網(wǎng)段LOOPBACK 0

AR5

[AR5]bgp 10
[AR5-bgp]network 4.4.4.4 32

AR6

[AR6]bgp 20
[AR6-bgp]network 7.7.7.7 32

4.5 測(cè)試

[AR4]dis bgp peer

[AR7]dis bgp peer

4.6 MPLS VP#業(yè)務(wù)接入，公司A訪問(wèn)公司C

AR3

[AR3]ip vpn-instance ybd66
[AR3-vpn-instance-ybd1]route-distinguisher 20:1 
[AR3-vpn-instance-ybd1-af-ipv4]vpn-target 20:1 both 
[AR3-vpn-instance-ybd1-af-ipv4]int g0/0/0
[AR3-GigabitEthernet0/0/0]ip binding vpn-instance  ybd66
[AR3-GigabitEthernet0/0/0]ip address 10.1.13.3 24
[AR3-GigabitEthernet0/0/0]q
[AR3]ospf 1 router-id 3.3.3.3 vpn-instance ybd66
[AR3-ospf-1]a 0
[AR3-ospf-1-area-0.0.0.0]network 10.1.13.3 0.0.0.0
[AR3-ospf-1-area-0.0.0.0]q
[AR3-ospf-1]import-route bgp
[AR3-ospf-1]bgp 10
[AR3-bgp]ip  
[AR3-bgp]ipv4-family vpn-instance ybd66
[AR3-bgp-ybd1]import-route ospf 1

AR1

[AR1]ospf 1 
[AR1-ospf-1]a 0
[AR1-ospf-1-area-0.0.0.0]network 1.1.1.1 0.0.0.0
[AR1-ospf-1-area-0.0.0.0]network 10.1.13.1 0.0.0.0

AR8

[AR8]ip vpn-instance ybd99
[AR8-vpn-instance-ybd9]route-distinguisher 20:1
[AR8-vpn-instance-ybd9-af-ipv4]vpn-target 20:1 both 
[AR8-vpn-instance-ybd9-af-ipv4]int g0/0/1
[AR8-GigabitEthernet0/0/1]ip binding vpn-instance ybd99
[AR8-GigabitEthernet0/0/1]ip address 10.1.89.8 24
[AR8-GigabitEthernet0/0/1]q
[AR8]isis 1 vpn-instance ybd99
[AR8-isis-1]import-route bgp
[AR8-isis-1]network-entity 12.0001.0000.0000.0008.00
[AR8-isis-1]is-level level-2
[AR8-isis-1]int g0/0/1
[AR8-GigabitEthernet0/0/1]isis enable 1
[AR8-GigabitEthernet0/0/1]bgp 20
[AR8-bgp]ipv4-family vpn-instance ybd99
[AR8-bgp-ybd9]import-route  isis 1

AR9

[AR9]isis
[AR9-isis-1]network-entity 12.0001.0000.0000.0009.00
[AR9-isis-1]is-level level-2
[AR9-isis-1]int g0/0/0
[AR9-GigabitEthernet0/0/0]isis enable 1
[AR9]int l0
[AR9-LoopBack0]isis enable 

[AR1]dis ip routing-table protocol ospf

[AR9]ping -a 9.9.9.9 1.1.1.1


1031是私網(wǎng)標(biāo)簽，1026是公網(wǎng)標(biāo)簽。

[AR3]display bgp vpnv4 vpn-instance ybd66 routing-table 9.9.9.9

OK

五、特點(diǎn)

跨域VP#-OptionC2的優(yōu)缺點(diǎn)和跨域VP#-OptionC1一樣，只是在配置方面稍微有些不一樣。

特點(diǎn)：公網(wǎng)形成了一個(gè)架構(gòu)，后面如果有公司接入進(jìn)來(lái)的話，只需要在PE設(shè)備上配置接入MPLS VP#業(yè)務(wù)即可，公網(wǎng)不需要配置。

重要并且特別的配置，在ASBR上的MPLS視圖下需要配置lsp-trigger bgp-label-route命令，把BGP協(xié)議引入到RIP（從邏輯的角度來(lái)看，多個(gè)AS域形成了一個(gè)AS域）；AR4(RR)與AR3建立MP-IBGP鄰居關(guān)系，AR(RR)與AR7建立EBGP VP#V4鄰居，把PE和RR的Looback 0網(wǎng)段宣告進(jìn)BGP進(jìn)程。

勤學(xué)如春起之苗，不見(jiàn)其增，日有所長(zhǎng)；—陶淵明

好了這期就到這里了，如果你喜歡這篇文章的話，請(qǐng)點(diǎn)贊評(píng)論分享收藏，如果你還能點(diǎn)擊關(guān)注，那真的是對(duì)我最大的鼓勵(lì)。謝謝大家，下期見(jiàn)！

往期推薦：

華為 MPLS的數(shù)據(jù)轉(zhuǎn)發(fā)流程

2021-02-15

華為 Python網(wǎng)絡(luò)自動(dòng)化

2021-02-08

華為 LDP回話建立的過(guò)程

2021-01-27

關(guān)注?藝博東?公眾號(hào)，與你一起學(xué)習(xí)共同進(jìn)步。秀秀秀秀秀~

點(diǎn)贊在看養(yǎng)成習(xí)慣