LAB-MPLS VPN Multi_VRF

[ngocky]

Trong mô hình MPLS VPN,khách hàng ở nhiều chi nhánh khác nhau kết nối vào mạng core MPLS có thể dùng dynamic routing protocal giữa các chi nhánh

[ngocky]

Qui hoạch IP:
(1) 192.168.1.0/24
(2) 192.168.2.0/24
(3) 192.168.3.0/24
(4) 192.168.4.0/24
(5) 192.168.5.0/24
(6) 192.168.6.0/24
(7) Lo0: 10.10.10.10/24
(8) Lo0: 20.20.20.20/24
(9) Lo0: 1.1.1.1/24
(10) Lo0: 3.3.3.3/24
(11) Lo0: 2.2.2.2/24
(12) Lo0: 30.30.30.30/24
(13) Lo0: 40.40.40.40/24

[ngocky]

ROUTER A1:
!
hostname A1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip subnet-zero
ip cef
!
!
!
no ip domain lookup
ip audit po max-events 100
!

!
interface Loopback0
ip address 10.10.10.10 255.255.255.0
!
interface FastEthernet0/0
ip address 192.168.1.1 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
router eigrp 10
network 10.0.0.0
network 192.168.1.0
no auto-summary
!
ip classless
!
ip http server
no ip http secure-server
!

!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
privilege level 15
no login
line vty 5 15
privilege level 15
no login
!
End

ROUTER B1:
hostname B1
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip subnet-zero
ip cef
!
!
!
no ip domain lookup
ip audit po max-events 100
!
!
interface Loopback0
ip address 20.20.20.20 255.255.255.0
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0
ip address 192.168.2.1 255.255.255.0
clock rate 2000000
!
interface FastEthernet0/1
ip address 100.100.100.100 255.255.255.0
duplex auto
speed auto
no keepalive
!
interface Serial0/1
no ip address
shutdown
clock rate 2000000
!
router eigrp 20
network 20.0.0.0
network 100.0.0.0
network 192.168.2.0
no auto-summary
!
ip classless
!
ip http server
no ip http secure-server
!

!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
privilege level 15
no login
line vty 5 15
privilege level 15
no login
!
End

[ngocky]

ROUTER PE01:
hostname PE01
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip subnet-zero
ip cef
!
!
!
no ip domain lookup
ip vrf A1
rd 1:100
route-target export 1:100
route-target import 1:100
!
ip vrf B1
rd 1:200
route-target export 1:200
route-target import 1:200
!
ip audit po max-events 100
!
!
interface Loopback0
ip address 1.1.1.1 255.255.255.0
!
interface FastEthernet0/0
ip vrf forwarding A1
ip address 192.168.1.2 255.255.255.0
duplex auto
speed auto
!
interface Serial0/0
ip vrf forwarding B1
ip address 192.168.2.2 255.255.255.0
clock rate 64000
!
interface FastEthernet0/1
ip address 192.168.3.1 255.255.255.0
duplex auto
speed auto
mpls label protocol ldp
tag-switching ip
!
interface Serial0/1
no ip address
shutdown
clock rate 2000000
!
router eigrp 100
auto-summary
!
address-family ipv4 vrf B1
network 192.168.2.0
no auto-summary
autonomous-system 20
exit-address-family
!
address-family ipv4 vrf A1
network 192.168.1.0
no auto-summary
autonomous-system 10
exit-address-family
!
router rip
version 2
network 1.0.0.0
network 192.168.3.0
no auto-summary
!
router bgp 1
no synchronization
bgp log-neighbor-changes
neighbor 2.2.2.2 remote-as 1
neighbor 2.2.2.2 update-source Loopback0
no auto-summary
!
address-family vpnv4
neighbor 2.2.2.2 activate
neighbor 2.2.2.2 send-community extended
exit-address-family
!
address-family ipv4 vrf B1
redistribute eigrp 20
no auto-summary
no synchronization
exit-address-family
!
address-family ipv4 vrf A1
redistribute eigrp 10
no auto-summary
no synchronization
exit-address-family
!
ip classless
!
ip http server
no ip http secure-server
!
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
privilege level 15
no login
line vty 5 15
privilege level 15
no login
!
End
ROUTER P:
hostname P
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip subnet-zero
ip cef
!
!
!
no ip domain lookup
ip audit po max-events 100
!
interface Loopback0
ip address 3.3.3.3 255.255.255.0
!
interface FastEthernet0/0
ip address 192.168.3.2 255.255.255.0
duplex auto
speed auto
mpls label protocol ldp
tag-switching ip
!
interface FastEthernet0/1
ip address 192.168.4.1 255.255.255.0
duplex auto
speed auto
mpls label protocol ldp
tag-switching ip
!
router rip
version 2
network 3.0.0.0
network 192.168.3.0
network 192.168.4.0
no auto-summary
!
ip classless
!
ip http server
no ip http secure-server
!
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
privilege level 15
no login
line vty 5 15
privilege level 15
no login
!
End

ROUTER PE02:
!
hostname PE02
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip subnet-zero
ip cef
!
!
!
no ip domain lookup
ip vrf A2
rd 1:100
route-target export 1:100
route-target import 1:100
!
ip vrf B2
rd 1:200
route-target export 1:200
route-target import 1:200
!
ip audit po max-events 100
!
!
interface Loopback0
ip address 2.2.2.2 255.255.255.0
!
interface FastEthernet0/0
ip address 192.168.4.2 255.255.255.0
duplex auto
speed auto
mpls label protocol ldp
tag-switching ip
!
interface Serial0/0
ip vrf forwarding A2
ip address 192.168.5.1 255.255.255.0
clock rate 64000
!
interface FastEthernet0/1
ip vrf forwarding B2
ip address 192.168.6.1 255.255.255.0
duplex auto
speed auto
!
interface Serial0/1
no ip address
shutdown
clock rate 2000000
!
router eigrp 100
auto-summary
!
address-family ipv4 vrf B2
redistribute bgp 1 metric 1000 100 100 100 100
network 192.168.6.0
auto-summary
autonomous-system 40
exit-address-family
!
address-family ipv4 vrf A2
redistribute bgp 1 metric 1000 100 100 100 100
network 192.168.5.0
auto-summary
autonomous-system 30
exit-address-family
!
router rip
version 2
network 2.0.0.0
network 192.168.4.0
no auto-summary
!
router bgp 1
no synchronization
bgp log-neighbor-changes
neighbor 1.1.1.1 remote-as 1
neighbor 1.1.1.1 update-source Loopback0
no auto-summary
!
address-family vpnv4
neighbor 1.1.1.1 activate
neighbor 1.1.1.1 send-community extended
exit-address-family
!
address-family ipv4 vrf B2
redistribute eigrp 40
no auto-summary
no synchronization
exit-address-family
!
address-family ipv4 vrf A2
redistribute eigrp 30
no auto-summary
no synchronization
exit-address-family
!
ip classless
!
ip http server
no ip http secure-server
!
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
privilege level 15
no login
line vty 5 15
privilege level 15
no login
!
End

[ngocky]

ROUTER A2:
!
hostname A2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip subnet-zero
ip cef
!
!
!
no ip domain lookup
ip audit po max-events 100
!
interface Loopback0
ip address 30.30.30.30 255.255.255.0
!
interface FastEthernet0/0
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/0
ip address 192.168.5.2 255.255.255.0
clock rate 2000000
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
interface Serial0/1
no ip address
shutdown
clock rate 2000000
!
router eigrp 30
network 30.0.0.0
network 192.168.5.0
no auto-summary
!
ip classless
!
ip http server
no ip http secure-server
!
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
privilege level 15
no login
line vty 5 15
privilege level 15
no login
!
End

ROUTER B2:
!
hostname B2
!
boot-start-marker
boot-end-marker
!
!
no aaa new-model
ip subnet-zero
ip cef
!
!
!
no ip domain lookup
ip audit po max-events 100
!

!
interface Loopback0
ip address 40.40.40.40 255.255.255.0
!
interface FastEthernet0/0
ip address 192.168.6.2 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet0/1
no ip address
shutdown
duplex auto
speed auto
!
router eigrp 40
network 40.0.0.0
network 192.168.6.0
no auto-summary
!
ip classless
!
ip http server
no ip http secure-server
!
!
line con 0
exec-timeout 0 0
line aux 0
line vty 0 4
privilege level 15
no login
line vty 5 15
privilege level 15
no login
!
End

[ngocky]

Kiểm tra hoạt động:

• Đối với MPLS Domain :

i. Kiểm tra bảng định tuyến :

Trên PE01
PE01#show ip route
Gateway of last resort is not set

1.0.0.0/24 is subnetted, 1 subnets
C 1.1.1.0 is directly connected, Loopback0
2.0.0.0/24 is subnetted, 1 subnets
R 2.2.2.0 [120/2] via 192.168.3.2, 00:00:12, FastEthernet0/1
3.0.0.0/24 is subnetted, 1 subnets
R 3.3.3.0 [120/1] via 192.168.3.2, 00:00:12, FastEthernet0/1
R 192.168.4.0/24 [120/1] via 192.168.3.2, 00:00:12, FastEthernet0/1
C 192.168.3.0/24 is directly connected, FastEthernet0/1
Trên P
P#show ip route
Gateway of last resort is not set
1.0.0.0/24 is subnetted, 1 subnets
R 1.1.1.0 [120/1] via 192.168.3.1, 00:00:07, FastEthernet0/0
2.0.0.0/24 is subnetted, 1 subnets
R 2.2.2.0 [120/1] via 192.168.4.2, 00:00:11, FastEthernet0/1
3.0.0.0/24 is subnetted, 1 subnets
C 3.3.3.0 is directly connected, Loopback0
C 192.168.4.0/24 is directly connected, FastEthernet0/1
C 192.168.3.0/24 is directly connected, FastEthernet0/0

Trên PE02

PE02#show ip route
Gateway of last resort is not set
1.0.0.0/24 is subnetted, 1 subnets
R 1.1.1.0 [120/2] via 192.168.4.1, 00:00:27, FastEthernet0/0
2.0.0.0/24 is subnetted, 1 subnets
C 2.2.2.0 is directly connected, Loopback0
3.0.0.0/24 is subnetted, 1 subnets
R 3.3.3.0 [120/1] via 192.168.4.1, 00:00:27, FastEthernet0/0
C 192.168.4.0/24 is directly connected, FastEthernet0/0
R 192.168.3.0/24 [120/1] via 192.168.4.1, 00:00:27, FastEthernet0/0
Kết luận : Định tuyến nội giữa MPLS Domain đã thông, từ đó cấu hình MPLS

ii. Kiểm tra LFIP table

Trên PE01
PE01#show mpls forwarding-table
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
16 16 2.2.2.0/24 0 Fa0/1 192.168.3.2
17 Pop tag 3.3.3.0/24 0 Fa0/1 192.168.3.2
18 Pop tag 192.168.4.0/24 0 Fa0/1 192.168.3.2
Trên P
P#show mpls forwarding-table
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
16 Pop tag 2.2.2.0/24 3375 Fa0/1 192.168.4.2
17 Pop tag 1.1.1.0/24 5007 Fa0/0 192.168.3.1
Trên PE02
PE02#show mpls forwarding-table
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
16 Pop tag 3.3.3.0/24 0 Fa0/0 192.168.4.1
17 Pop tag 192.168.3.0/24 0 Fa0/0 192.168.4.1
18 17 1.1.1.0/24 0 Fa0/0 192.168.4.1


iii. Cấu hình BGP trên PE01 và PE02

Trên PE01
PE01#show ip bgp summary
BGP router identifier 1.1.1.1, local AS number 1
BGP table version is 1, main routing table version 1

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
2.2.2.2 4 1 55 54 1 0 0 00:43:36 0
Trên PE02
PE02#show ip bgp summary
BGP router identifier 2.2.2.2, local AS number 1
BGP table version is 1, main routing table version 1

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
1.1.1.1 4 1 55 56 1 0 0 0024 0

- Kiểm tra vrf routing table của A1,A2,B1,B2 trên PE01 và PE02
Trên PE01:

PE01#show ip route vrf A1
Routing Table: A1
Gateway of last resort is not set

B 192.168.5.0/24 [200/0] via 2.2.2.2, 0007
10.0.0.0/24 is subnetted, 1 subnets
D 10.10.10.0 [90/156160] via 192.168.1.1, 0024, FastEthernet0/0
C 192.168.1.0/24 is directly connected, FastEthernet0/0
30.0.0.0/24 is subnetted, 1 subnets
B 30.30.30.0 [200/2297856] via 2.2.2.2, 0007

PE01#show ip route vrf B1

Routing Table: B1
Gateway of last resort is not set
100.0.0.0/24 is subnetted, 1 subnets
D 100.100.100.0 [90/2172416] via 192.168.2.1, 0046, Serial0/0
20.0.0.0/24 is subnetted, 1 subnets
D 20.20.20.0 [90/2297856] via 192.168.2.1, 0046, Serial0/0
40.0.0.0/24 is subnetted, 1 subnets
B 40.40.40.0 [200/156160] via 2.2.2.2, 0020
B 192.168.6.0/24 [200/0] via 2.2.2.2, 0020
C 192.168.2.0/24 is directly connected, Serial0/0

Trên PE02:

PE02#show ip route vrf A2
Routing Table: A2
Gateway of last resort is not set
C 192.168.5.0/24 is directly connected, Serial0/0
10.0.0.0/24 is subnetted, 1 subnets
B 10.10.10.0 [200/156160] via 1.1.1.1, 0016
B 192.168.1.0/24 [200/0] via 1.1.1.1, 0016
30.0.0.0/24 is subnetted, 1 subnets
D 30.30.30.0 [90/2297856] via 192.168.5.2, 0047, Serial0/0

PE02#show ip route vrf B2

Routing Table: B2
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

100.0.0.0/24 is subnetted, 1 subnets
B 100.100.100.0 [200/2172416] via 1.1.1.1, 0044
20.0.0.0/24 is subnetted, 1 subnets
B 20.20.20.0 [200/2297856] via 1.1.1.1, 0044
40.0.0.0/24 is subnetted, 1 subnets
D 40.40.40.0 [90/156160] via 192.168.6.2, 00:49:30, FastEthernet0/1
C 192.168.6.0/24 is directly connected, FastEthernet0/1
B 192.168.2.0/24 [200/0] via 1.1.1.1, 0059

- Kiểm tra thông tuyến:

A1#ping 30.30.30.30

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 30.30.30.30, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 196/236/300 ms
B1#ping 40.40.40.40

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 40.40.40.40, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 156/180/200 ms

- Kiểm tra bảng LFIP hoàn chỉnh trên mỗi Router PE01 và PE02:

PE01#show mpls forwarding-table
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
16 16 2.2.2.0/24 0 Fa0/1 192.168.3.2
17 Pop tag 3.3.3.0/24 0 Fa0/1 192.168.3.2
18 Pop tag 192.168.4.0/24 0 Fa0/1 192.168.3.2
19 Untagged 20.20.20.0/24[V] 0 Se0/0 point2point
20 Untagged 100.100.100.0/24[V] \
0 Se0/0 point2point
21 Untagged 10.10.10.0/24[V] 0 Fa0/0 192.168.1.1
22 Aggregate 192.168.1.0/24[V] 520
23 Aggregate 192.168.2.0/24[V] 520
PE02#show mpls forwarding-table
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
16 Pop tag 3.3.3.0/24 0 Fa0/0 192.168.4.1
17 Pop tag 192.168.3.0/24 0 Fa0/0 192.168.4.1
18 17 1.1.1.0/24 0 Fa0/0 192.168.4.1
19 Untagged 30.30.30.0/24[V] 520 Se0/0 point2point
20 Aggregate 192.168.5.0/24[V] 0
21 Untagged 40.40.40.0/24[V] 570 Fa0/1 192.168.6.2
22 Aggregate 192.168.6.0/24[V] 0

- Kiểm tra cơ chế chuyển mạch nhãn tại MPLS Domain

PE01#traceroute vrf A1 30.30.30.30

Type escape sequence to abort.
Tracing the route to 30.30.30.30

1 192.168.3.2 [MPLS: Labels 16/19 Exp 0] 160 msec 184 msec 144 msec
2 192.168.5.1 [MPLS: Label 19 Exp 0] 128 msec 60 msec 92 msec
3 192.168.5.2 176 msec * 216 msec
PE02#traceroute vrf B2 20.20.20.20

Type escape sequence to abort.
Tracing the route to 20.20.20.20

1 192.168.4.1 [MPLS: Labels 17/19 Exp 0] 176 msec 120 msec 156 msec
2 192.168.2.2 [MPLS: Label 19 Exp 0] 212 msec 64 msec 52 msec
3 192.168.2.1 92 msec * 160 msec

[sjcola]

làm xong bài này em ping A1 sang PE01 được còn PE01 Ping sang A1 không được!!!!!Như vậy A2 chỉ ping được tới PE01, Ai biết tình huống này giúp mình với!!!!!

[sjcola]

ai chỉ với coi