学习精彩网络技术老师:华为、华三、锐捷、WLAN、IPv6等全套视频课程
通过部署路由策略,可灵活控制复杂网络中的流量。
组网需求
图1为承载多媒体、信令、计费等多种L3VPN业务的MPLS网络简化图。该图以两个站点为例,每个站点有两台PE接入核心层。核心层可分为两个平面,同一平面的P节点全连接。不同平面的节点相连提供备份路径。使用MP-BGP在PE之间发布内层标签和VPNv4路由信息。每台PE都和RR建立MP-IBGP对等体。
图1为简化的组网图,只以两个站点为例;以1个RR节点和每个平面的3个P节点为例。实际网络有14个站点共28台PE;每个平面有4台P节点和两个RR节点;每个RR实际上要与28个PE建立MP-IBGP连接。
该网络中,每个PE都发送BGP更新消息给RR,其他PE将会分别从不同平面收到BGP更新消息,因此要求部署路由策略,保证一条VPN流量只经过一个平面。
配置注意事项
在配置过程中,需注意以下事项:
同一站点的两个PE需配置不同的RD。
为不同平面PE发布的路由分配不同的团体属性。
在BGP-VPNv4地址族下需要配置undo policy vpn-target命令,保证VPNv4路由不被VPN-target过滤。
引用路由策略时,需注意区分策略名称的大小写。
配置思路
采用如下的思路部署BGP的路由策略:
为位于同一站点的两个PE分配不同的RD,保证每个PE都能从远端站点的不同BGP下一跳收到两条路由。当站点内两个PE发布到同一个目的地址的路由时,不同RD值可以保证BGP对等体将其看成两条不同的路由,因为BGP-VPNv4使用的是IPv4地址和RD构成的VPN-IPv4地址。
为平面A的PE发布的路由和平面B的PE发布的路由分配不同的团体属性。
基于不同的团体属性设置不同的本地优先级。使平面A的PE总是选择从平面A的远端PE发布的路由,使平面B的PE总是选择从平面B的远端PE发布的路由。
数据准备
完成此例配置,需准备以下数据:
| 表1 物理接口IP地址 | |||
| 设备名称 | 接口及IP地址 | 对端IP地址 | 对端设备 |
| P1 | GE0/1/0 10.1.1.1/30 | GE0/1/0 10.1.1.2/30 | P3 |
| P1 | GE0/2/0 10.1.2.1/30 | GE0/1/0 10.1.2.2/30 | P5 |
| P1 | GE0/3/0 10.1.3.1/30 | GE0/1/0 10.1.3.2/30 | RR |
| P1 | GE0/1/1 10.1.4.1/30 | GE0/1/0 10.1.4.2/30 | P2 |
| P1 | GE0/1/2 10.1.5.1/30 | GE0/1/0 10.1.5.2/30 | PE1 |
| P2 | GE0/1/1 10.1.6.1/30 | GE0/1/0 10.1.6.2/30 | P6 |
| P2 | GE0/3/0 10.1.7.1/30 | GE0/1/0 10.1.7.2/30 | P4 |
| P2 | GE0/2/0 10.1.8.1/30 | GE0/2/0 10.1.8.2/30 | RR |
| P2 | GE0/1/2 10.1.9.1/30 | GE0/1/0 10.1.9.2/30 | PE2 |
| P3 | GE0/2/0 10.1.10.1/30 | GE0/2/0 10.1.10.2/30 | P5 |
| P3 | GE0/3/0 10.1.11.1/30 | GE0/2/0 10.1.11.2/30 | P4 |
| P3 | GE0/1/1 10.1.12.1/30 | GE0/1/0 10.1.12.2/30 | PE3 |
| P4 | GE0/3/0 10.1.13.1/30 | GE0/3/0 10.1.13.2/30 | P6 |
| P4 | GE0/1/1 10.1.14.1/30 | GE0/1/0 10.1.14.2/30 | PE4 |
| P5 | GE0/3/0 10.1.15.1/30 | GE0/2/0 10.1.15.2/30 | P6 |
| PE1 | GE0/2/0 10.1.16.1/30 | GE0/2/0 10.1.16.2/30 | PE2 |
| PE3 | GE0/2/0 10.1.17.1/30 | GE0/2/0 10.1.17.2/30 | PE4 |
| 表2 Loopback接口IP地址 | |
| 设备名称 | Loopback0接口IP地址 |
| P1 | 10.1.1.9/32 |
| P2 | 10.2.2.9/32 |
| P3 | 10.3.3.9/32 |
| P4 | 10.4.4.9/32 |
| P5 | 10.5.5.9/32 |
| P6 | 10.6.6.9/32 |
| PE1 | 10.7.7.9/32 |
| PE2 | 10.8.8.9/32 |
| PE3 | 10.9.9.9/32 |
| PE4 | 10.10.10.9/32 |
| RR | 10.11.11.9/32 |
| 表3 BGP参数值 | |
| BGP参数 | 值 |
| AS号 | 65000 |
| Router ID | 与Loopback0地址相同 |
| BGP团体属性 | 平面A:65000:100 平面B:65000:200 |
| BGP本地优先级 | 平面A:对于团体属性65000:100设置本地优先级200 平面B:对于团体属性65000:200设置本地优先级200 |
| 路由策略名称 | 路由引入策略:local_pre 路由发布策略:comm |
| 团体属性过滤器名称 | 1 |
| BGP对等体组名称 | client |
操作步骤
- 配置设备名称、接口IP地址
具体配置请参见配置文件。
- 配置IGP
本例采用IS-IS,具体配置请参见配置文件。
完成此步骤后,执行display ip routing-table命令,可发现PE之间、P和PE之间,以及P节点之间互相学习到对方的Loopback0接口地址。
- 在PE和RR之间建立MP-IBGP连接
# PE上的配置以PE1为例,其他PE上的配置与之相同,此不赘述。
[*PE1] bgp 65000
[~PE1-bgp] peer 10.11.11.9 as-number 65000
[*PE1-bgp] peer 10.11.11.9 connect-interface LoopBack0
[*PE1-bgp] ipv4-family unicast
[*PE1-bgp-af-ipv4] undo peer 10.11.11.9 enable
[*PE1-bgp] ipv4-family vpnv4
[*PE1-bgp-af-vpnv4] peer 10.11.11.9 enable
[*PE1-bgp-af-vpnv4] commit
# RR上的配置。
[~RR] bgp 65000
[*RR-bgp] group client internal
[*RR-bgp] peer client connect-interface LoopBack0
[*RR-bgp] ipv4-family unicast
[*RR-bgp-af-ipv4] undo peer client enable
[*RR-bgp-af-ipv4] quit
[*RR-bgp] ipv4-family vpnv4
[*RR-bgp-af-vpnv4] undo policy vpn-target
[*RR-bgp-af-vpnv4] peer client enable
[*RR-bgp-af-vpnv4] peer 10.7.7.9 group client
[*RR-bgp-af-vpnv4] peer 10.8.8.9 group client
[*RR-bgp-af-vpnv4] peer 10.9.9.9 group client
[*RR-bgp-af-vpnv4] peer 10.10.10.9 group client
[*RR-bgp-af-vpnv4] peer client reflect-client
[*RR-bgp-af-vpnv4] commit
[~RR-bgp-af-vpnv4] quit
在RR的BGP-VPNv4地址族下需要配置undo policy vpn-target命令,保证VPNv4路由不被VPN-target过滤。缺省情况下,RR对收到的VPNv4路由进行VPN-target过滤。过滤后的路由将被添加到VPN路由表中,其他的被丢弃。而RR上并没有配置VPN实例,如果没有关闭VPN-target过滤策略,所有收到的VPNv4路由将全部被丢弃。
完成此步骤后,在RR上执行命令display bgp vpnv4 all peer,可发现RR与所有PE建立了MP-IBGP连接。
<RR> display bgp vpnv4 all peer
BGP local router ID : 10.11.11.9
Local AS number : 65000
Total number of peers : 4 Peers in established state : 4
Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv
10.7.7.9 4 65000 79 82 0 00:01:31 Established 0
10.8.8.9 4 65000 42 66 0 00:01:16 Established 0
10.9.9.9 4 65000 21 34 0 00:00:50 Established 0
10.10.10.9 4 65000 2 4 0 00:00:21 Established 0
- 配置路由策略
以PE1、PE2和RR上的配置为例。PE3和PE4的配置分别与PE1和PE2相同,此不赘述。
# 在PE1上配置路由策略。平面A的PE发布给RR的路由携带团体属性65000:100。
[~PE1] route-policy comm permit node 10
[*PE1-route-policy] apply community 65000:100
[*PE1-route-policy] commit
# 在PE2上配置路由策略。平面B的PE发布给RR的路由携带团体属性65000:200。
[~PE2] route-policy comm permit node 10
[*PE2-route-policy] apply community 65000:200
[*PE2-route-policy] commit
# 在PE1上配置对发布的BGP VPNv4路由应用路由策略,将团体属性发布给RR。
[~PE1] bgp 65000
[*PE1-bgp] ipv4-family vpnv4
[*PE1-bgp-af-vpnv4] peer 10.11.11.9 route-policy comm export
[*PE1-bgp-af-vpnv4] peer 10.11.11.9 advertise-community
[*PE1-bgp-af-vpnv4] commit
# 在PE2上配置对发布的BGP VPNv4路由应用路由策略,将团体属性发布给RR。
[~PE2] bgp 65000
[*PE2-bgp] ipv4-family vpnv4
[*PE2-bgp-af-vpnv4] peer 10.11.11.9 route-policy comm export
[*PE2-bgp-af-vpnv4] peer 10.11.11.9 advertise-community
[*PE2-bgp-af-vpnv4] commit
# 在RR上配置将团体属性发布给PE。
[~RR] bgp 65000
[*RR-bgp] ipv4-family vpnv4
[*RR-bgp-af-vpnv4] peer client advertise-community
[*RR-bgp-af-vpnv4] commit
# 在PE1上配置团体属性过滤器。
[~PE1] ip community-filter 1 permit 65000:100
[*PE1] commit
# 在PE2上配置团体属性过滤器。
[~PE2] ip community-filter 1 permit 65000:200
[*PE2] commit
# 在PE1上配置路由策略,对于团体属性65000:100设置本地优先级200。
[~PE1] route-policy local_pre permit node 10
[*PE1-route-policy] if-match community-filter 1
[*PE1-route-policy] apply local-preference 200
[*PE1-route-policy] commit
[~PE1-route-policy] quit
# 在PE2上配置路由策略,对于团体属性65000:200设置本地优先级200。
[~PE2] route-policy local_pre permit node 10
[*PE2-route-policy] if-match community-filter 1
[*PE2-route-policy] apply local-preference 200
[*PE2-route-policy] commit
[~PE2-route-policy] quit
# 在PE1上配置对引入的BGP VPNv4路由应用路由策略,使平面A的PE选择从远端站点平面A的PE发布的路由。
[~PE1] bgp 65000
[*PE1-bgp] ipv4-family vpnv4
[*PE1-bgp-af-vpnv4] peer 10.11.11.9 route-policy local_pre import
[*PE1-bgp-af-vpnv4] commit
# 在PE2上配置对引入的BGP VPNv4路由应用路由策略,使平面B的PE选择从远端站点平面B的PE发布的路由。
[~PE2] bgp 65000
[*PE2-bgp] ipv4-family vpnv4
[*PE2-bgp-af-vpnv4] peer 10.11.11.9 route-policy local_pre import
[*PE2-bgp-af-vpnv4] commit
完成此步骤后,还需要配置MPLS,建立隧道,并配置MPLS L3VPN,接入CE。具体配置请参见配置文件。
- 检查配置结果
# 在PE上执行命令display bgp vpnv4 all routing-table community,可看到带有团体属性的VPNv4路由信息。以PE1和PE2为例:
[~PE1] display bgp vpnv4 all routing-table community
Total Number of Routes from all PE: 2
BGP Local router ID is 10.7.7.9
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Route Distinguisher: 65000:10001012
Network NextHop MED LocPrf PrefVal Community
*> 10.22.1.0/24 10.9.9.9 0 200 65000:100
* 10.10.10.9 0 100 65000:200
Total routes of vpn-instance NGN_Media: 2
Network NextHop MED LocPrf PrefVal Community
*>i 10.22.1.0/24 10.9.9.9 0 200 0 65000:100
* 10.10.10.9 0 100 0 65000:200
[~PE2] display bgp vpnv4 all routing-table community
Total Number of Routes from all PE: 2
BGP Local router ID is 10.8.8.9
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Route Distinguisher: 65000:10001011
Network NextHop MED LocPrf PrefVal Community
*> 10.22.1.0/24 10.10.10.9 0 200 65000:200
* 10.9.9.9 0 100 65000:100
Total routes of vpn-instance NGN_Media: 2
Network NextHop MED LocPrf PrefVal Community
*>i 10.22.1.0/24 10.10.10.9 0 200 0 65000:200
* 10.9.9.9 0 100 0 65000:100
# 在PE1上执行命令display ip routing-table vpn-instance NGN_Media 10.22.1.0 24,可发现10.22.1.0/24的下一跳为PE3,即PE1优选从PE3发布的路由。
[~PE1] display ip routing-table vpn-instance NGN_Media 10.22.1.0 24Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route
------------------------------------------------------------------------------
Routing Table: NGN_Media
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.22.1.0/24 BGP 255 0 RD 10.9.9.9 GigabitEthernet0/1/0
配置文件
P1的配置文件
#
sysname P1
#
mpls lsr-id 10.1.1.9
#
mpls
#
mpls ldp
#
isis 64
network-entity 49.0091.0100.0100.1009.00
#
interface GigabitEthernet0/1/0
description toP3GE0/1/0
undo shutdown
ip address 10.1.1.1 255.255.255.252
mpls
mpls ldp
isis enable 64
#
interface GigabitEthernet0/2/0
description toP5GE0/1/0
undo shutdown
ip address 10.1.2.1 255.255.255.252
mpls
mpls ldp
isis enable 64
#
interface GigabitEthernet0/3/0
description toRRGE0/1/0
undo shutdown
ip address 10.1.3.1 255.255.255.252
mpls
mpls ldp
isis enable 64
#
interface GigabitEthernet0/1/1
description toP2GE0/1/0
undo shutdown
ip address 10.1.4.1 255.255.255.252
mpls
mpls ldp
isis enable 64
#
interface GigabitEthernet0/1/2
description toP2GE0/1/0
undo shutdown
ip address 10.1.5.1 255.255.255.252
mpls
mpls ldp
isis enable 64
#
interface LoopBack0
ip address 10.1.1.9 255.255.255.255
isis enable 64
#
return
P2的配置文件
#
sysname P2
#
mpls lsr-id 10.2.2.9
#
mpls
#
mpls ldp
#
isis 64
network-entity 49.0091.0100.0200.2009.00
#
interface GigabitEthernet0/1/0
description toP1GE0/1/1
undo shutdown
ip address 10.1.4.2 255.255.255.252
mpls
mpls ldp
isis enable 64
#
interface GigabitEthernet0/2/0
description toRRGE0/2/0
undo shutdown
ip address 10.1.8.1 255.255.255.252
mpls
mpls ldp
isis enable 64
#
interface GigabitEthernet0/3/0
description toP4GE0/1/0
undo shutdown
ip address 10.1.7.1 255.255.255.252
mpls
mpls ldp
isis enable 64
#
interface GigabitEthernet0/1/1
description toP6GE0/1/0
undo shutdown
ip address 10.1.6.1 255.255.255.252
mpls
mpls ldp
isis enable 64
#
interface GigabitEthernet0/1/2
description toPE2GE0/1/0
undo shutdown
ip address 10.1.9.1 255.255.255.252
mpls
mpls ldp
isis enable 64
#
interface LoopBack0
ip address 10.2.2.9 255.255.255.255
isis enable 64
#
return
P3的配置文件
#
sysname P3
#
mpls lsr-id 10.3.3.9
#
mpls
#
mpls ldp
#
isis 64
network-entity 49.0091.0100.0300.3009.00
#
interface GigabitEthernet0/1/0
description toP1GE0/1/0
undo shutdown
ip address 10.1.1.2 255.255.255.252
mpls
mpls ldp
isis enable 64
#
interface GigabitEthernet0/2/0
description toP5GE0/2/0
undo shutdown
ip address 10.1.10.1 255.255.255.252
mpls
mpls ldp
isis enable 64
#
interface GigabitEthernet0/3/0
description toP4GE0/2/0
undo shutdown
ip address 10.1.11.1 255.255.255.252
mpls
mpls ldp
isis enable 64
#
interface GigabitEthernet0/1/1
description toPE3GE0/1/0
undo shutdown
ip address 10.1.12.1 255.255.255.252
mpls
mpls ldp
isis enable 64
#
interface LoopBack0
ip address 10.3.3.9 255.255.255.255
isis enable 64
#
return
P4的配置文件
#
sysname P4
#
mpls lsr-id 10.4.4.9
#
mpls
#
mpls ldp
#
isis 64
network-entity 49.0091.0100.0400.4009.00
#
interface GigabitEthernet0/1/0
description toP2GE0/3/0
undo shutdown
ip address 10.1.7.2 255.255.255.252
mpls
mpls ldp
isis enable 64
#
interface GigabitEthernet0/2/0
description toP3GE0/3/0
undo shutdown
ip address 10.1.11.2 255.255.255.252
mpls
mpls ldp
isis enable 64
#
interface GigabitEthernet0/3/0
description toP6GE0/3/0
undo shutdown
ip address 10.1.13.1 255.255.255.252
mpls
mpls ldp
isis enable 64
#
interface GigabitEthernet0/1/1
description toPE4GE0/1/0
undo shutdown
ip address 10.1.14.1 255.255.255.252
mpls
mpls ldp
isis enable 64
#
interface LoopBack0
ip address 10.4.4.9 255.255.255.255
isis enable 64
#
return
P5的配置文件
#
sysname P5
#
mpls lsr-id 10.5.5.9
#
mpls
#
mpls ldp
#
isis 64
network-entity 49.0091.0100.0500.5009.00
#
interface GigabitEthernet0/1/0
description toP1GE0/2/0
undo shutdown
ip address 10.1.2.2 255.255.255.252
mpls
mpls ldp
isis enable 64
#
interface GigabitEthernet0/2/0
description toP3GE0/2/0
undo shutdown
ip address 10.1.10.2 255.255.255.252
mpls
mpls ldp
isis enable 64
#
interface GigabitEthernet0/3/0
description toP6GE0/2/0
undo shutdown
ip address 10.1.15.1 255.255.255.252
mpls
mpls ldp
isis enable 64
#
interface LoopBack0
ip address 10.5.5.9 255.255.255.255
isis enable 64
#
return
P6的配置文件
#
sysname P6
#
mpls lsr-id 10.6.6.9
#
mpls
#
mpls ldp
#
isis 64
network-entity 49.0091.0100.0600.6009.00
#
interface GigabitEthernet0/1/0
description toP2GE0/1/1
undo shutdown
ip address 10.1.6.2 255.255.255.252
mpls
mpls ldp
isis enable 64
#
interface GigabitEthernet0/2/0
description toP5GE0/3/0
undo shutdown
ip address 10.1.15.2 255.255.255.252
mpls
mpls ldp
isis enable 64
#
interface GigabitEthernet0/3/0
description toP4GE0/3/0
undo shutdown
ip address 10.1.13.2 255.255.255.252
mpls
mpls ldp
isis enable 64
#
interface LoopBack0
ip address 10.6.6.9 255.255.255.255
isis enable 64
#
return
PE1的配置文件
#
sysname PE1
#
ip vpn-instance NGN_Media
route-distinguisher 65000:10001012
apply-label per-instance
vpn-target 65000:100 export-extcommunity
vpn-target 65000:100 import-extcommunity
vpn-target 65000:200 import-extcommunity
vpn-target 65000:300 import-extcommunity
ip vpn-instance NGN_Other
route-distinguisher 65000:30001012
apply-label per-instance
vpn-target 65000:300 export-extcommunity
vpn-target 65000:100 import-extcommunity
vpn-target 65000:200 import-extcommunity
vpn-target 65000:300 import-extcommunity
ip vpn-instance NGN_Signaling
route-distinguisher 65000:20001012
apply-label per-instance
vpn-target 65000:200 export-extcommunity
vpn-target 65000:100 import-extcommunity
vpn-target 65000:200 import-extcommunity
vpn-target 65000:300 import-extcommunity
#
mpls lsr-id 10.7.7.9
#
mpls
#
mpls ldp
#
isis 64
network-entity 49.0091.0100.0700.7009.00
#
interface GigabitEthernet0/1/0
description toP1GE0/1/2
undo shutdown
ip address 10.1.5.2 255.255.255.252
mpls
mpls ldp
isis enable 64
#
interface GigabitEthernet0/2/0
description toPE2GE0/2/0
undo shutdown
ip address 10.1.16.1 255.255.255.252
mpls
mpls ldp
isis enable 64
#
interface GigabitEthernet0/3/0
undo shutdown
#
interface GigabitEthernet0/3/0.10
ip binding vpn-instance NGN_Media
vlan-type dot1q 10
ip address 10.21.1.73 255.255.255.252
#
interface GigabitEthernet0/3/0.11
ip binding vpn-instance NGN_Signaling
vlan-type dot1q 11
ip address 10.21.1.77 255.255.255.252
#
interface GigabitEthernet0/3/0.12
ip binding vpn-instance NGN_Other
vlan-type dot1q 12
ip address 10.21.1.81 255.255.255.252
#
interface LoopBack0
ip address 10.7.7.9 255.255.255.255
isis enable 64
#
bgp 65000
peer 10.11.11.9 as-number 65000
peer 10.11.11.9 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
undo peer 10.11.11.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 10.11.11.9 enable
peer 10.11.11.9 route-policy local_pre import
peer 10.11.11.9 route-policy comm export
peer 10.11.11.9 advertise-community
#
ipv4-family vpn-instance NGN_Media
aggregate 10.21.1.0 255.255.255.0 detail-suppressed
import-route direct
#
ipv4-family vpn-instance NGN_Other
aggregate 10.21.1.0 255.255.255.0 detail-suppressed
import-route direct
#
ipv4-family vpn-instance NGN_Signaling
aggregate 10.21.1.0 255.255.255.0 detail-suppressed
import-route direct
#
route-policy comm permit node 10
apply community 65000:100
#
route-policy local_pre permit node 10
if-match community-filter 1
apply local-preference 200
#
ip community-filter 1 permit 65000:100
#
return
PE2的配置文件
#
sysname PE2
#
ip vpn-instance NGN_Media
route-distinguisher 65000:10001011
apply-label per-instance
vpn-target 65000:100 export-extcommunity
vpn-target 65000:100 import-extcommunity
vpn-target 65000:200 import-extcommunity
vpn-target 65000:300 import-extcommunity
ip vpn-instance NGN_Other
route-distinguisher 65000:30001011
apply-label per-instance
vpn-target 65000:300 export-extcommunity
vpn-target 65000:100 import-extcommunity
vpn-target 65000:200 import-extcommunity
vpn-target 65000:300 import-extcommunity
ip vpn-instance NGN_Signaling
route-distinguisher 65000:20001011
apply-label per-instance
vpn-target 65000:200 export-extcommunity
vpn-target 65000:100 import-extcommunity
vpn-target 65000:200 import-extcommunity
vpn-target 65000:300 import-extcommunity
#
mpls lsr-id 10.8.8.9
#
mpls
#
mpls ldp
#
isis 64
network-entity 49.0091.0100.0800.8009.00
#
interface GigabitEthernet0/1/0
description toP2GE0/1/2
undo shutdown
ip address 10.1.9.2 255.255.255.252
mpls
mpls ldp
isis enable 64
#
interface GigabitEthernet0/2/0
description toPE1GE0/2/0
undo shutdown
ip address 10.1.16.2 255.255.255.252
mpls
mpls ldp
isis enable 64
#
interface GigabitEthernet0/3/0
undo shutdown
#
interface GigabitEthernet0/3/0.10
ip binding vpn-instance NGN_Media
vlan-type dot1q 10
ip address 10.21.1.13 255.255.255.252
#
interface GigabitEthernet0/3/0.11
ip binding vpn-instance NGN_Signaling
vlan-type dot1q 11
ip address 10.21.1.17 255.255.255.252
#
interface GigabitEthernet0/3/0.12
ip binding vpn-instance NGN_Other
vlan-type dot1q 12
ip address 10.21.1.21 255.255.255.252
#
interface LoopBack0
ip address 10.8.8.9 255.255.255.255
isis enable 64
#
bgp 65000
peer 10.11.11.9 as-number 65000
peer 10.11.11.9 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
undo peer 10.11.11.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 10.11.11.9 enable
peer 10.11.11.9 route-policy local_pre import
peer 10.11.11.9 route-policy comm export
peer 10.11.11.9 advertise-community
#
ipv4-family vpn-instance NGN_Media
aggregate 10.21.1.0 255.255.255.0 detail-suppressed
import-route direct
#
ipv4-family vpn-instance NGN_Other
aggregate 10.21.1.0 255.255.255.0 detail-suppressed
import-route direct
#
ipv4-family vpn-instance NGN_Signaling
aggregate 10.21.1.0 255.255.255.0 detail-suppressed
import-route direct
#
route-policy comm permit node 10
apply community 65000:200
#
route-policy local_pre permit node 10
if-match community-filter 1
apply local-preference 200
#
ip community-filter 1 permit 65000:200
#
return
PE3的配置文件
#
sysname PE3
#
ip vpn-instance NGN_Media
route-distinguisher 65000:10000811
apply-label per-instance
vpn-target 65000:100 export-extcommunity
vpn-target 65000:100 import-extcommunity
vpn-target 65000:200 import-extcommunity
vpn-target 65000:300 import-extcommunity
ip vpn-instance NGN_Other
route-distinguisher 65000:30000811
apply-label per-instance
vpn-target 65000:300 export-extcommunity
vpn-target 65000:100 import-extcommunity
vpn-target 65000:200 import-extcommunity
vpn-target 65000:300 import-extcommunity
ip vpn-instance NGN_Signaling
route-distinguisher 65000:20000811
apply-label per-instance
vpn-target 65000:200 export-extcommunity
vpn-target 65000:100 import-extcommunity
vpn-target 65000:200 import-extcommunity
vpn-target 65000:300 import-extcommunity
#
mpls lsr-id 10.9.9.9
#
mpls
#
mpls ldp
#
isis 64
network-entity 49.0091.0100.0900.9009.00
#
interface GigabitEthernet0/1/0
description toP3GE0/1/1
undo shutdown
ip address 10.1.12.2 255.255.255.252
mpls
mpls ldp
isis enable 64
#
interface GigabitEthernet0/2/0
description toPE4GE0/2/0
undo shutdown
ip address 10.1.17.1 255.255.255.252
mpls
mpls ldp
isis enable 64
#
interface GigabitEthernet0/3/0
undo shutdown
#
interface GigabitEthernet0/3/0.10
ip binding vpn-instance NGN_Media
vlan-type dot1q 10
ip address 10.22.1.73 255.255.255.252
#
interface GigabitEthernet0/3/0.11
ip binding vpn-instance NGN_Signaling
vlan-type dot1q 11
ip address 10.22.1.77 255.255.255.252
#
interface GigabitEthernet0/3/0.12
ip binding vpn-instance NGN_Other
vlan-type dot1q 12
ip address 10.22.1.81 255.255.255.252
#
interface LoopBack0
ip address 10.9.9.9 255.255.255.255
isis enable 64
#
bgp 65000
peer 10.11.11.9 as-number 65000
peer 10.11.11.9 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
undo peer 10.11.11.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 10.11.11.9 enable
peer 10.11.11.9 route-policy local_pre import
peer 10.11.11.9 route-policy comm export
peer 10.11.11.9 advertise-community
#
ipv4-family vpn-instance NGN_Media
aggregate 10.22.1.0 255.255.255.0 detail-suppressed
import-route direct
#
ipv4-family vpn-instance NGN_Other
aggregate 10.22.1.0 255.255.255.0 detail-suppressed
import-route direct
#
ipv4-family vpn-instance NGN_Signaling
aggregate 10.22.1.0 255.255.255.0 detail-suppressed
import-route direct
#
route-policy comm permit node 10
apply community 65000:100
#
route-policy local_pre permit node 10
if-match community-filter 1
apply local-preference 200
#
route-policy local_pre permit node 20
#
ip community-filter 1 permit 65000:100
#
return
PE4的配置文件
#
sysname PE4
#
ip vpn-instance NGN_Media
route-distinguisher 65000:10000712
apply-label per-instance
vpn-target 65000:100 export-extcommunity
vpn-target 65000:100 import-extcommunity
vpn-target 65000:200 import-extcommunity
vpn-target 65000:300 import-extcommunity
#
ip vpn-instance NGN_Other
route-distinguisher 65000:30000712
apply-label per-instance
vpn-target 65000:300 export-extcommunity
vpn-target 65000:100 import-extcommunity
vpn-target 65000:200 import-extcommunity
vpn-target 65000:300 import-extcommunity
#
ip vpn-instance NGN_Signaling
route-distinguisher 65000:20000712
apply-label per-instance
vpn-target 65000:200 export-extcommunity
vpn-target 65000:100 import-extcommunity
vpn-target 65000:200 import-extcommunity
vpn-target 65000:300 import-extcommunity
#
mpls lsr-id 10.10.10.9
#
mpls
#
mpls ldp
#
isis 64
network-entity 49.0091.0100.1001.0009.00
#
interface GigabitEthernet0/1/0
description toP4GE0/1/1
undo shutdown
ip address 10.1.14.2 255.255.255.252
mpls
mpls ldp
isis enable 64
#
interface GigabitEthernet0/2/0
description toPE3GE0/2/0
undo shutdown
ip address 10.1.17.2 255.255.255.252
mpls
mpls ldp
isis enable 64
#
interface GigabitEthernet0/3/0
undo shutdown
#
interface GigabitEthernet0/3/0.10
ip binding vpn-instance NGN_Media
vlan-type dot1q 10
ip address 10.22.1.13 255.255.255.252
#
interface GigabitEthernet0/3/0.11
ip binding vpn-instance NGN_Signaling
vlan-type dot1q 11
ip address 10.22.1.17 255.255.255.252
#
interface GigabitEthernet0/3/0.12
ip binding vpn-instance NGN_Other
vlan-type dot1q 12
ip address 10.22.1.21 255.255.255.252
#
interface LoopBack0
ip address 10.10.10.9 255.255.255.255
isis enable 64
#
bgp 65000
peer 10.11.11.9 as-number 65000
peer 10.11.11.9 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
undo peer 10.11.11.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 10.11.11.9 enable
peer 10.11.11.9 route-policy local_pre import
peer 10.11.11.9 route-policy comm export
peer 10.11.11.9 advertise-community
#
ipv4-family vpn-instance NGN_Media
aggregate 10.22.1.0 255.255.255.0 detail-suppressed
import-route direct
#
ipv4-family vpn-instance NGN_Other
aggregate 10.22.1.0 255.255.255.0 detail-suppressed
import-route direct
#
ipv4-family vpn-instance NGN_Signaling
aggregate 10.22.1.0 255.255.255.0 detail-suppressed
import-route direct
#
route-policy comm permit node 10
apply community 65000:200
#
route-policy local_pre permit node 10
if-match community-filter 1
apply local-preference 200
#
ip community-filter 1 permit 65000:200
#
return
RR的配置文件
#
sysname RR
#
isis 64
network-entity 49.0091.0100.1101.1009.00
#
interface GigabitEthernet0/1/0
description toP1GE0/3/0
undo shutdown
ip address 10.1.3.2 255.255.255.252
isis enable 64
#
interface GigabitEthernet0/2/0
description toP2GE0/2/0
undo shutdown
ip address 10.1.8.2 255.255.255.252
isis enable 64
#
interface LoopBack0
ip address 10.11.11.9 255.255.255.255
isis enable 64
#
bgp 65000
group client internal
peer client connect-interface LoopBack0
peer 10.7.7.9 as-number 65000
peer 10.8.8.9 as-number 65000
peer 10.9.9.9 as-number 65000
peer 10.10.10.9 as-number 65000
#
ipv4-family unicast
undo synchronization
undo peer client enable
undo peer 10.7.7.9 enable
undo peer 10.8.8.9 enable
undo peer 10.9.9.9 enable
undo peer 10.10.10.9 enable
#
ipv4-family vpnv4
undo policy vpn-target
peer client enable
peer client reflect-client
peer client advertise-community
peer 10.7.7.9 enable
peer 10.7.7.9 group client
peer 10.8.8.9 enable
peer 10.8.8.9 group client
peer 10.9.9.9 enable
peer 10.9.9.9 group client
peer 10.10.10.9 enable
peer 10.10.10.9 group client
#
return
扫一扫
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
