OptionB方案
跨域VPN-OptionB中,两个ASBR通过MP-EBGP交换它们从各自AS的PE设备接收的标签VPN-IPv4路由。图中,VPN LSP表示私网隧道,LSP表示公网隧道。
跨域VPN-OptionB方案中,ASBR接收本域内和域外传过来的所有跨域VPN-IPv4路由,再把VPN-IPv4路由发布出去。但MPLS VPN的基本实现中,PE上只保存与本地VPN实例的VPN Target相匹配的VPN路由。通过对标签VPN-IPv4路由进行特殊处理,让ASBR不进行VPN Target匹配把收到的VPN路由全部保存下来,而不管本地是否有和它匹配的VPN实例。
这种方案的优点是所有的流量都经过ASBR转发,使流量具有良好的可控性,但ASBR的负担重。可以同时使用BGP路由策略(如对RT的过滤),使ASBR上只保存部分VPN-IPv4路由。
跨域OptionB路由发布
本例中,CE1将10.1.1.1/24的路由发布给CE2。NH表示下一跳,L1、L2和L3表示所携带的私网标签。图中省略了公网IGP路由和标签的分配。
VPN路由的具体发布过程:
(1)CE1通过BGP、OSPF或RIP方式将路由发布给AS100内的PE1。
(2)AS100内的PE1先通过MP-IBGP方式把标签VPNv4路由发布给AS100的ASBR1,或发布给路由反射器RR(Route Reflector),由RR反射给ASBR1。
(3)ASBR1通过MP-EBGP方式把标签VPNv4路由发布给ASBR2。由于MP-EBGP在传递路由时,需要改变路由的下一跳,ASBR1向外发布时给这些VPNv4路由信息分配新标签。
(4)ASBR2通过MP-IBGP方式把标签VPNv4路由发布给AS200内的PE3,或发布给RR,由RR反射给PE3。当ASBR2向域内的MP-IBGP对等体发布路由时,将下一跳改为自己。
(5)AS200内的PE3通过BGP、OSPF或RIP方式将路由发布给CE2。
在ASBR1和ASBR2上都对VPNv4路由交换内层标签,域间的标签由BGP携带,因此ASBR之间不需要运行LDP(Label Distribution Protocol)或RSVP(Resource Reservation Protocol)等协议。
跨域OptionB报文转发
在跨域VPN-OptionB方式的报文转发中,在两个ASBR上都要对VPN的LSP做一次交换。以LSP为公网隧道的报文转发流程,其中,L1、L2和L3表示私网标签。Lx和Ly表示公网外层隧道标签。
跨域OptionB方案特点
跨域OptionB方案,不同于OptionA,OptionB方案不受ASBR之间互联链路数目的限制。
局限性:VPN的路由信息时通过AS之间的ASBR来保存和扩散的,当VPN路由较多时,ASBR负担重,容易成为故障点。因此在MP-EBGP方案中,需要维护VPN路由信息的ASBR一般不再负责公网IP转发。
跨域OptionB方案实验配置
配置步骤
1.IP地址配置。
<Huawei>sy
[Huawei]sy AR1_CE1
[AR1_CE1]interface GigabitEthernet 0/0/0
[AR1_CE1-GigabitEthernet0/0/0]ip address 10.0.12.1 24
[AR1_CE1-GigabitEthernet0/0/0]qui
[AR1_CE1]interface LoopBack 0
[AR1_CE1-LoopBack0]ip address 192.168.1.1 24
[AR1_CE1-LoopBack0]q
[AR1_CE1]
<Huawei>system-view
[Huawei]sysname AR2_PE1
[AR2_PE1]interface g0/0/0
[AR2_PE1-GigabitEthernet0/0/0]ip address 10.0.12.2 24
[AR2_PE1-GigabitEthernet0/0/0]q
[AR2_PE1]interface GigabitEthernet 0/0/1
[AR2_PE1-GigabitEthernet0/0/1]ip address 10.0.23.2 24
[AR2_PE1-GigabitEthernet0/0/1]qui
[AR2_PE1]interface LoopBack 0
[AR2_PE1-LoopBack0]ip address 10.0.2.2 32
[AR2_PE1-LoopBack0]q
[AR2_PE1]
[Huawei]sysname AR3_P1
[AR3_P1]interface GigabitEthernet 0/0/1
[AR3_P1-GigabitEthernet0/0/1]ip address 10.0.23.3 24
[AR3_P1-GigabitEthernet0/0/1]q
[AR3_P1-GigabitEthernet0/0/1]qui
[AR3_P1]interface LoopBack 0
[AR3_P1-LoopBack0]ip address 10.0.3.3 32
[AR3_P1-LoopBack0]q
[AR3_P1]interface GigabitEthernet 0/0/2
[AR3_P1-GigabitEthernet0/0/2]ip address 10.0.34.3 24
[AR3_P1-GigabitEthernet0/0/2]qui
[AR3_P1]
<Huawei>system-view
[Huawei]sysname AR4_ASBR1
[AR4_ASBR1]interface LoopBack 0
[AR4_ASBR1-LoopBack0]ip address 10.0.4.4 32
[AR4_ASBR1-LoopBack0]qui
[AR4_ASBR1]interface GigabitEthernet 0/0/2
[AR4_ASBR1-GigabitEthernet0/0/2]ip address 10.0.34.4 24
[AR4_ASBR1-GigabitEthernet0/0/2]qui
[AR4_ASBR1]interface GigabitEthernet 0/0/0
[AR4_ASBR1-GigabitEthernet0/0/0]ip address 10.0.45.4 24
[AR4_ASBR1-GigabitEthernet0/0/0]qui
[AR4_ASBR1]
<AR5_ASBR2>system-view
[AR5_ASBR1]sysname AR5_ASBR2
[AR5_ASBR2]interface LoopBack 0
[AR5_ASBR2-LoopBack0]ip address 10.0.5.5 32
[AR5_ASBR2-LoopBack0]qui
[AR5_ASBR2]interface GigabitEthernet 0/0/0
[AR5_ASBR2-GigabitEthernet0/0/0]ip address 10.0.45.5 24
[AR5_ASBR2-GigabitEthernet0/0/0]qui
[AR5_ASBR2]interface GigabitEthernet 0/0/1
[AR5_ASBR2-GigabitEthernet0/0/1]ip address 10.0.56.5 24
[AR5_ASBR2-GigabitEthernet0/0/1]qui
[AR5_ASBR2]
<AR6_P2>system-view
[Huawei]sysname AR6_P2
[AR6_P2]interface LoopBack 0
[AR6_P2-LoopBack0]ip address 10.0.6.6 32
[AR6_P2-LoopBack0]qui
[AR6_P2]interface GigabitEthernet 0/0/1
[AR6_P2-GigabitEthernet0/0/1]ip address 10.0.56.6 24
[AR6_P2-GigabitEthernet0/0/1]qui
[AR6_P2]interface GigabitEthernet 0/0/0
[AR6_P2-GigabitEthernet0/0/0]ip address 10.0.67.6 24
[AR6_P2-GigabitEthernet0/0/0]qui
[AR6_P2]
<AR7_PE2>system-view
[Huawei]sysname AR7_PE2
[AR7_PE2]interface LoopBack 0
[AR7_PE2-LoopBack0]ip address 10.0.7.7 32
[AR7_PE2-LoopBack0]qui
[AR7_PE2]interface GigabitEthernet 0/0/0
[AR7_PE2-GigabitEthernet0/0/0]ip address 10.0.67.7 24
[AR7_PE2-GigabitEthernet0/0/0]qui
[AR7_PE2]interface GigabitEthernet 0/0/1
[AR7_PE2-GigabitEthernet0/0/1]ip address 10.0.78.7 24
[AR7_PE2-GigabitEthernet0/0/1]qui
[AR7_PE2]
<Huawei>system-view
[Huawei]sysname AR8_CE2.
[AR8_CE2]interface LoopBack 0
[AR8_CE2-LoopBack0]ip address 192.168.2.1 24
[AR8_CE2-LoopBack0]qui
[AR8_CE2]interface GigabitEthernet 0/0/1
[AR8_CE2-GigabitEthernet0/0/1]ip address 10.0.78.8 24
[AR8_CE2-GigabitEthernet0/0/1]qui
[AR8_CE2]
2.配置各AS内路由互通。
[AR2_PE1]ospf 1 router-id 2.2.2.2
[AR2_PE1-ospf-1]area 0
[AR2_PE1-ospf-1-area-0.0.0.0]network 10.0.23.0 0.0.0.255
[AR2_PE1-ospf-1-area-0.0.0.0]network 10.0.2.2 0.0.0.0
[AR2_PE1-ospf-1-area-0.0.0.0]qui
[AR2_PE1-ospf-1]qui
[AR2_PE1]
[AR3_P1]ospf 1 router-id 3.3.3.3
[AR3_P1-ospf-1]area 0
[AR3_P1-ospf-1-area-0.0.0.0]network 10.0.34.0 0.0.0.255
[AR3_P1-ospf-1-area-0.0.0.0]network 10.0.3.3 0.0.0.0
[AR3_P1-ospf-1-area-0.0.0.0]network 10.0.23.0 0.0.0.255
[AR3_P1-ospf-1-area-0.0.0.0]qui
[AR3_P1-ospf-1]q
[AR3_P1]
[AR4_ASBR1]ospf 1 router-id 4.4.4.4
[AR4_ASBR1-ospf-1]area 0
[AR4_ASBR1-ospf-1-area-0.0.0.0]network 10.0.34.0 0.0.0.255
[AR4_ASBR1-ospf-1-area-0.0.0.0]network 10.0.4.4 0.0.0.0
[AR4_ASBR1-ospf-1-area-0.0.0.0]qui
[AR4_ASBR1-ospf-1]qui
[AR4_ASBR1]
==================================================================
[AR5_ASBR2]ospf 2 router-id 5.5.5.5
[AR5_ASBR2-ospf-2]area 0
[AR5_ASBR2-ospf-2-area-0.0.0.0]network 10.0.56.0 0.0.0.255
[AR5_ASBR2-ospf-2-area-0.0.0.0]network 10.0.5.5 0.0.0.0
[AR5_ASBR2-ospf-2-area-0.0.0.0]qui
[AR5_ASBR2-ospf-2]qui
[AR5_ASBR2]
[AR6_P2]ospf 2 router-id 6.6.6.6
[AR6_P2-ospf-2]area 0
[AR6_P2-ospf-2-area-0.0.0.0]network 10.0.6.6 0.0.0.0
[AR6_P2-ospf-2-area-0.0.0.0]network 10.0.67.0 0.0.0.255
[AR6_P2-ospf-2-area-0.0.0.0]network 10.0.56.0 0.0.0.255
[AR6_P2-ospf-2-area-0.0.0.0]qui
[AR6_P2-ospf-2]qui
[AR6_P2]
[AR7_PE2]ospf 2 router-id 7.7.7.7
[AR7_PE2-ospf-2]area 0
[AR7_PE2-ospf-2-area-0.0.0.0]network 10.0.7.7 0.0.0.0
[AR7_PE2-ospf-2-area-0.0.0.0]network 10.0.67.0 0.0.0.255
[AR7_PE2-ospf-2-area-0.0.0.0]qui
[AR7_PE2-ospf-2]qui
[AR7_PE2]
3.配置各AS的公网标签分配协议MPLS LDP。
[AR2_PE1]mpls lsr-id 10.0.2.2
[AR2_PE1]mpls
[AR2_PE1-mpls]quit
[AR2_PE1]mpls ldp
[AR2_PE1-mpls-ldp]qui
[AR2_PE1]interface GigabitEthernet 0/0/1
[AR2_PE1-GigabitEthernet0/0/1]mpls
[AR2_PE1-GigabitEthernet0/0/1]mpls ldp
[AR2_PE1-GigabitEthernet0/0/1]qui
[AR2_PE1]
[AR3_P1]mpls lsr-id 10.0.3.3
[AR3_P1]mpls
[AR3_P1-mpls]quit
[AR3_P1]mpls ldp
[AR3_P1-mpls-ldp]qui
[AR3_P1]interface GigabitEthernet 0/0/1
[AR3_P1-GigabitEthernet0/0/1]mpls
[AR3_P1-GigabitEthernet0/0/1]mpls ldp
[AR3_P1-GigabitEthernet0/0/1]qui
[AR3_P1]interface GigabitEthernet 0/0/2
[AR3_P1-GigabitEthernet0/0/2]mpls
[AR3_P1-GigabitEthernet0/0/2]mpls ldp
[AR3_P1-GigabitEthernet0/0/2]qui
[AR3_P1]
[AR4_ASBR1]mpls lsr-id 10.0.4.4
[AR4_ASBR1]mpls
[AR4_ASBR1-mpls]quit
[AR4_ASBR1]mpls ldp
[AR4_ASBR1-mpls-ldp]qui
[AR4_ASBR1]interface GigabitEthernet 0/0/2
[AR4_ASBR1-GigabitEthernet0/0/2]mpls
[AR4_ASBR1-GigabitEthernet0/0/2]mpls ldp
[AR4_ASBR1-GigabitEthernet0/0/2]qui
[AR4_ASBR1]
===============================================================
[AR5_ASBR2]mpls lsr-id 10.0.5.5
[AR5_ASBR2]mpls
[AR5_ASBR2-mpls]quit
[AR5_ASBR]mpls ldp
[AR5_ASBR2-mpls-ldp]qui
[AR5_ASBR2]interface GigabitEthernet 0/0/1
[AR5_ASBR2-GigabitEthernet0/0/1]mpls ldp
[AR5_ASBR2-GigabitEthernet0/0/1]qui
[AR5_ASBR2]
[AR6_P2]mpls lsr-id 10.0.6.6
[AR6_P2]mpls
[AR6_P2-mpls]qui
[AR6_P2]mpls ldp
[AR6_P2-mpls-ldp]qui
[AR6_P2]interface GigabitEthernet 0/0/1
[AR6_P2-GigabitEthernet0/0/1]mpls
[AR6_P2-GigabitEthernet0/0/1]mpls ldp
[AR6_P2-GigabitEthernet0/0/1]qui
[AR6_P2]interface GigabitEthernet 0/0/0
[AR6_P2-GigabitEthernet0/0/0]mpls
[AR6_P2-GigabitEthernet0/0/0]mpls ldp
[AR6_P2-GigabitEthernet0/0/0]qui
[AR6_P2]
[AR7_PE2]mpls lsr-id 10.0.7.7
[AR7_PE2]mpls
[AR7_PE2-mpls]qui
[AR7_PE2]mpls ldp
[AR7_PE2-mpls-ldp]q
[AR7_PE2]interface GigabitEthernet 0/0/0
[AR7_PE2-GigabitEthernet0/0/0]mpls
[AR7_PE2-GigabitEthernet0/0/0]mpls ldp
[AR7_PE2-GigabitEthernet0/0/0]qui
[AR7_PE2]
4.配置各AS内的MP-IBGP邻居。
[AR2_PE1]bgp 100
[AR2_PE1-bgp]router-id 2.2.2.2
[AR2_PE1-bgp]peer 10.0.4.4 as-number 100
[AR2_PE1-bgp]peer 10.0.4.4 connect-interface LoopBack 0
[AR2_PE1-bgp]ipv4-family unicast
[AR2_PE1-bgp-af-ipv4]undo peer 10.0.4.4 enable
[AR2_PE1-bgp-af-ipv4]qui
[AR2_PE1-bgp]ipv4-family vpnv4
[AR2_PE1-bgp-af-vpnv4]peer 10.0.4.4 enable
[AR2_PE1-bgp-af-vpnv4]qui
[AR2_PE1-bgp]qui
[AR2_PE1]
=======================================================
[AR4_ASBR1]bgp 100
[AR4_ASBR1-bgp]router-id 4.4.4.4
[AR4_ASBR1-bgp]peer 10.0.2.2 as-number 100
[AR4_ASBR1-bgp]peer 10.0.2.2 connect-interface LoopBack 0
[AR4_ASBR1-bgp]ipv4-family unicast
[AR4_ASBR1-bgp-af-ipv4]undo peer 10.0.2.2 enable //关闭单播IPv4邻居
[AR4_ASBR1-bgp-af-ipv4]qui
[AR4_ASBR1-bgp]ipv4-family vpnv4
[AR4_ASBR1-bgp-af-vpnv4]peer 10.0.2.2 enable //开启MP-BGP功能
[AR4_ASBR1
