实验环境
底层网络已配置;各个 Site 内部互通;MPLS Domain 内部互通;
实验需求
部署 MPLS L3 VPN 网络,要求:
- 通过 Site Hub 来实现 Site A 与 Site B 互通;
- PE CE 使用 BGP 协议对接;
实验拓扑
配置过程:
# ------------------------------------------------------------------------------- # BGP vpnv4 [AR2]bgp 65000 [AR2-bgp]peer 7.7.7.7 as-number 65000 [AR2-bgp]peer 7.7.7.7 connect-interface LoopBack 0 [AR2-bgp]ipv4-family vpnv4 [AR2-bgp-af-vpnv4]peer 7.7.7.7 enable [AR4]bgp 65000 [AR4-bgp]peer 7.7.7.7 as-number 65000 [AR4-bgp]peer 7.7.7.7 connect-interface LoopBack 0 [AR4-bgp]ipv4-family vpnv4 [AR4-bgp-af-vpnv4]peer 7.7.7.7 enable [AR7]bgp 65000 [AR7-bgp]peer 2.2.2.2 as-number 65000 [AR7-bgp]peer 2.2.2.2 connect-interface LoopBack 0 [AR7-bgp]peer 4.4.4.4 as-number 65000 [AR7-bgp]peer 4.4.4.4 connect-interface LoopBack 0 [AR7-bgp]ipv4-family vpnv4 [AR7-bgp-af-vpnv4]peer 2.2.2.2 enable [AR7-bgp-af-vpnv4]peer 4.4.4.4 enable # ---------------------------------------------------------------------------- # 传递路由 # -------------------------------------------------- # Site A [AR3]bgp 65002 [AR3-bgp]peer 10.0.23.2 as-number 65000 [AR3-bgp]ipv4-family unicast [AR3-bgp-af-ipv4]peer 10.0.23.2 enable [AR3-bgp-af-ipv4]network 192.168.10.0 24 [AR2]ip vpn-instance SiteA [AR2-vpn-instance-SiteA]ipv4-family [AR2-vpn-instance-SiteA-af-ipv4]route-distinguisher 10:1 [AR2-vpn-instance-SiteA-af-ipv4]vpn-target 10:1 [AR2]interface GigabitEthernet 0/0/0 [AR2-GigabitEthernet0/0/0]ip binding vpn-instance SiteA [AR2-GigabitEthernet0/0/0]ip address 10.0.23.2 24 [AR2]bgp 65000 [AR2-bgp]ipv4-family vpn-instance SiteA [AR2-bgp-SiteB]peer 10.0.23.3 as-number 65002 # -------------------------------------------------- # Site B [AR1]bgp 65002 [AR1-bgp]peer 10.0.14.4 as-number 65000 [AR1-bgp]network 192.168.20.0 24 [AR4]ip vpn-instance SiteB [AR4-vpn-instance-SiteB]route-distinguisher 20:1 [AR4-vpn-instance-SiteB-af-ipv4]vpn-target 20:1 [AR4]interface GigabitEthernet 0/0/0 [AR4-GigabitEthernet0/0/0]ip binding vpn-instance SiteB [AR4-GigabitEthernet0/0/0]ip address 10.0.14.4 24 [AR4]bgp 65000 [AR4-bgp]ipv4-family vpn-instance SiteB [AR4-bgp-SiteB]peer 10.0.14.1 as-number 65002 # -------------------------------------------------- # Site HQ InBound [AR7]ip vpn-instance SiteHqIn [AR7-vpn-instance-SiteHqIn]route-distinguisher 30:1 [AR7-vpn-instance-SiteHqIn-af-ipv4]vpn-target 10:1 import-extcommunity [AR7-vpn-instance-SiteHqIn-af-ipv4]vpn-target 20:1 import-extcommunity [AR7]interface GigabitEthernet 0/0/2 [AR7-GigabitEthernet0/0/2]ip binding vpn-instance SiteHqIn [AR7-GigabitEthernet0/0/2]ip address 10.0.78.7 24 [AR7]bgp 65000 [AR7-bgp]ipv4-family vpn-instance SiteHqIn [AR7-bgp-SiteHqIn]peer 10.0.78.8 as-number 65002 [AR7-bgp-SiteHqIn]peer 10.0.78.8 connect-interface GigabitEthernet 0/0/2 [AR8]bgp 65002 [AR8-bgp]peer 10.0.78.7 as-number 65000 [AR8-bgp]peer 10.0.78.7 as-number [AR8-bgp]peer 10.0.78.7 connect-interface GigabitEthernet 0/0/0 [AR8-bgp]peer 10.0.78.7 allow-as-loop 1 # ---------------------------------------------------------------------------- # 发送路由 # -------------------------------------------------- # Site HQ Outbound [AR8]bgp 65002 [AR8-bgp]peer 10.4.78.7 as-number 65000 [AR8-bgp]peer 10.4.78.7 connect-interface GigabitEthernet 0/0/2 [AR8-bgp]network 192.168.30.0 24 [AR7]ip vpn-instance SiteHqOut [AR7-vpn-instance-SiteHqOut]route-distinguisher 30:2 [AR7-vpn-instance-SiteHqOut-af-ipv4]vpn-target 10:1 export-extcommunity [AR7-vpn-instance-SiteHqOut-af-ipv4]vpn-target 20:1 export-extcommunity [AR7]interface GigabitEthernet 4/0/2 [AR7-GigabitEthernet4/0/2]ip binding vpn-instance SiteHqOut [AR7-GigabitEthernet4/0/2]ip address 10.0.78.7 24 [AR7]bgp 65000 [AR7-bgp]ipv4-family vpn-instance SiteHqOut [AR7-bgp-SiteHqOut]peer 10.4.78.7 as-number 65002 [AR7-bgp-SiteHqOut]peer 10.4.78.7 connect-interface GigabitEthernet 4/0/2 [AR7-bgp-SiteHqOut]peer 10.4.78.7 allow-as-loop 2 # -------------------------------------------------- # Site A [AR3]bgp 65002 [AR3-bgp]peer 10.0.23.2 allow-as-loop 2 # -------------------------------------------------- # Site B [AR1]bgp 65002 [AR1-bgp]peer 10.0.14.4 allow-as-loop 2
测试方法:
- PC1 ping PC3 能够成功;
- PC2 ping PC3 能够成功;
- PC1 ping PC2 能够成功;
排查指南:
- 检查网络连同情况;
- 检查 BGP 处于 Established 状态;
- 检查 BGP 防环;
- 检查 ERT IRT 配置;
补充说明:
- 该配置实验中,我们按照路由传递的顺序,设备配置;