- 拓扑设计
- 拓扑介绍
如图,上海分公司与山东分公司之间为保证业务可以互通,需要使用MPLS VPN技术进行连接。且为了使设备减轻压力,只有拓扑中两边的设备需要建立VRF实例,其余设备不可以建立实例。因为网络需要经过联通与移动两个AS域,所以使用MPLS VPN OptionB方案来进行配置。
- 数据配置
R1配置
| ip vpn-instance vpn1 ipv4-family route-distinguisher 1:1 vpn-target 1:6 export-extcommunity vpn-target 6:1 import-extcommunity # mpls lsr-id 1.1.1.1 mpls # mpls ldp # isis 1 is-level level-2 cost-style wide network-entity 49.0000.0000.0001.00 # interface GigabitEthernet0/0/0 ip address 12.1.1.1 255.255.255.0 isis enable 1 mpls mpls ldp # interface GigabitEthernet0/0/1 ip binding vpn-instance vpn1 ip address 17.1.1.1 255.255.255.0 ospf enable 1 area 0.0.0.0 # interface LoopBack0 ip address 1.1.1.1 255.255.255.255 isis enable 1 # bgp 100 peer 3.3.3.3 as-number 100 peer 3.3.3.3 connect-interface LoopBack0 # ipv4-family unicast undo synchronization peer 3.3.3.3 enable # ipv4-family vpnv4 policy vpn-target peer 3.3.3.3 enable # ipv4-family vpn-instance vpn1 import-route ospf 1 # ospf 1 vpn-instance vpn1 import-route bgp area 0.0.0.0 # |
R2配置
| mpls lsr-id 2.2.2.2 mpls # mpls ldp # isis 1 is-level level-2 cost-style wide network-entity 49.0000.0000.0002.00 # interface GigabitEthernet0/0/0 ip address 12.1.1.2 255.255.255.0 isis enable 1 mpls mpls ldp # interface GigabitEthernet0/0/1 ip address 23.1.1.2 255.255.255.0 isis enable 1 mpls mpls ldp # interface GigabitEthernet0/0/2 # interface LoopBack0 ip address 2.2.2.2 255.255.255.255 isis enable 1 |
R3配置
| mpls lsr-id 3.3.3.3 mpls # mpls ldp # isis 1 is-level level-2 cost-style wide network-entity 49.0000.0000.0003.00 # interface GigabitEthernet0/0/0 ip address 23.1.1.3 255.255.255.0 isis enable 1 mpls mpls ldp # interface GigabitEthernet0/0/1 ip address 34.1.1.3 255.255.255.0 mpls # interface GigabitEthernet0/0/2 # interface NULL0 # interface LoopBack0 ip address 3.3.3.3 255.255.255.255 isis enable 1 # bgp 100 peer 1.1.1.1 as-number 100 peer 1.1.1.1 connect-interface LoopBack0 peer 34.1.1.4 as-number 200 # ipv4-family unicast undo synchronization peer 1.1.1.1 enable peer 34.1.1.4 enable # ipv4-family vpnv4 undo policy vpn-target peer 1.1.1.1 enable peer 34.1.1.4 enable |
R4配置
| mpls lsr-id 4.4.4.4 mpls # mpls ldp isis 1 is-level level-2 cost-style wide network-entity 50.0000.0000.0004.00 # interface GigabitEthernet0/0/0 ip address 34.1.1.4 255.255.255.0 mpls # interface GigabitEthernet0/0/1 ip address 45.1.1.4 255.255.255.0 isis enable 1 mpls mpls ldp # interface GigabitEthernet0/0/2 # interface NULL0 # interface LoopBack0 ip address 4.4.4.4 255.255.255.255 isis enable 1 # bgp 200 peer 6.6.6.6 as-number 200 peer 6.6.6.6 connect-interface LoopBack0 peer 34.1.1.3 as-number 100 # ipv4-family unicast undo synchronization peer 6.6.6.6 enable peer 34.1.1.3 enable # ipv4-family vpnv4 undo policy vpn-target peer 6.6.6.6 enable peer 34.1.1.3 enable # |
R5配置
| mpls lsr-id 5.5.5.5 mpls # mpls ldp # isis 1 is-level level-2 cost-style wide network-entity 50.0000.0000.0005.00 # interface GigabitEthernet0/0/0 ip address 45.1.1.5 255.255.255.0 isis enable 1 mpls mpls ldp # interface GigabitEthernet0/0/1 ip address 56.1.1.5 255.255.255.0 isis enable 1 mpls mpls ldp # interface LoopBack0 ip address 5.5.5.5 255.255.255.255 isis enable 1 |
R6配置
| ip vpn-instance vpn1 ipv4-family route-distinguisher 6:6 vpn-target 6:1 export-extcommunity vpn-target 1:6 import-extcommunity # mpls lsr-id 6.6.6.6 mpls # mpls ldp # # isis 1 is-level level-2 cost-style wide network-entity 50.0000.0000.0006.00 # firewall zone Local priority 15 # interface GigabitEthernet0/0/0 ip address 56.1.1.6 255.255.255.0 isis enable 1 mpls mpls ldp # interface GigabitEthernet0/0/1 ip binding vpn-instance vpn1 ip address 68.1.1.6 255.255.255.0 ospf enable 1 area 0.0.0.0 # interface GigabitEthernet0/0/2 # interface LoopBack0 ip address 6.6.6.6 255.255.255.255 isis enable 1 # bgp 200 peer 4.4.4.4 as-number 200 peer 4.4.4.4 connect-interface LoopBack0 # ipv4-family unicast undo synchronization peer 4.4.4.4 enable # ipv4-family vpnv4 policy vpn-target peer 4.4.4.4 enable # ipv4-family vpn-instance vpn1 import-route ospf 1 # ospf 1 vpn-instance vpn1 import-route bgp area 0.0.0.0 |
R7配置
| interface GigabitEthernet0/0/0 ip address 17.1.1.7 255.255.255.0 ospf enable 1 area 0.0.0.0 # interface GigabitEthernet0/0/1 # interface GigabitEthernet0/0/2 # interface NULL0 # interface LoopBack0 ip address 7.7.7.7 255.255.255.255 ospf enable 1 area 0.0.0.0 # ospf 1 area 0.0.0.0 |
R8配置
| interface GigabitEthernet0/0/0 ip address 68.1.1.8 255.255.255.0 ospf enable 1 area 0.0.0.0 # interface GigabitEthernet0/0/1 # interface GigabitEthernet0/0/2 # interface NULL0 # interface LoopBack0 ip address 8.8.8.8 255.255.255.255 ospf enable 1 area 0.0.0.0 # ospf 1 area 0.0.0.0 |
- 查看现象
在此处进行抓包,预估会出现两个标签,分别是MPLS的标签与MP-BGP的标签
由此可以验证,此处两个标签,分别是MPLS与MP-BGP产生
预估此处会把外层标签剥掉,只剩下内层标签
由此可以验证,因为R3与R4之间启用了MPLS功能,用于传递内层标签,如果不开启,则无法传递内层标签。
进入AS 100时,会再次通过MPLS增加外层标签,用于转发。
- 配置细节
配置时,因为中间设备没有配置实例,也就不会有RT值,所以默认是不会接收VPN-V4路由的,如果要他可以接收VPN-V4路由,那么则需要关闭检查功能
华为设备如果在一个AS域传递到另一个AS域,会自动把从另一个AS域的EBGP邻居获取到的路由传递给IBGP,那么下一跳是可达的。
- 注意事项
- 中间R3与R4设备需要开启MPLS功能,因为要传递VPNV4路由,而MP-BGP会产生内层标签,转发时是根据内层标签转发的,如果不开启MPLS功能,那么就无法转发VPNV4路由。
- 下一跳发生变化,MPLS标签也会发生变化;MPLS标签变了之后,下一跳肯定也会变。
- 转发平面
- R7通过OSPF将路由传递给R1,R1把OSPF导入到BGP中,通过MP-BGP路由把路由往外发送,R3可以接收(需要关闭检查功能);R3继续与R4建立EBGP邻居,并将VPNV4路由也传递过去,此时路由已经传递到了AS 200区域;R4设备继续传递向R6传递VPNV4路由,此时R6设备需要开启实例,RT值配置为接收值,接收VPNV4路由,并将路由导入到ospf中,此时R8就可以接收到了R7的明细路由。
![[论文阅读]A ConvNet for the 2020s](https://img-blog.csdnimg.cn/14dcdfc29ff8463990419a3235716af8.png)
![Unity WebGL 编译 报错: emcc2: error: ‘*‘ failed: [WinError 2] ϵͳ�Ҳ���ָ�����ļ���解决办法](https://img-blog.csdnimg.cn/9573794490b04f1d92cbd420c4932b83.png)
