Simple MPLS configuration 2

Lab environment: DynamipsGUI 2.8

Tutorial topology:

650) this. width = 650; "style =" width: 587px; height: 275px "height =" 221 "alt =" "width =" 721 "border =" 0 "src =" http://www.bkjia.com/uploads/allimg/131227/0305341015-0.jpg "/>

 

Purpose: Configure Mpls vpn, To achieve 192.168.1.0/24 And 192.168.2.0/24 Intranet mutualConnect Tutorial steps: R1:CE1 (config) # int f0/0CE1 (config-if) # ip add 192.168.1.1 255.255.255.0CE1 (config-if) # no shCE1 (config) # int lo0 // configure the loop interface to test CE1 (config-if) # ip add 1.1.1.1 255.255.255.255CE1 (config-if) # no sh R2: PE1 (config) # int f0/0PE1 (config-if) # ip add192.168.1.2 255.255.255.0PE1 (config-if) # no shPE1 (config) # int f0/1PE1 (config-if) # ip add 100.1.1.1 255.255.255.252PE1 (config-if) # no shPE1 (config-if) # int lo0PE1 (config-if) # ip Add 2.2.2.2 configure 255.255.255pe1 (config-if) # no shut R3: P (config) # int f0/1 P (config-if) # ip add 100.1.1.2 255.255.255.252P (config-if) # no shP (config) # int f0/0 P (config-if) # ip add 100.1.1.5 255.255.255.252P (config-if) # no shP (config) # int lo0P (config-if) # ip add 3.3.3.3 255.255.255.255 P (config-if) # no sh R4PE2 (config) # int f0/0PE2 (config-if) # ip add 100.1.1.6 255.255.255.252PE2 (config-if) # no shPE2 (config) # int F0/1PE2 (config-if) # ip add 192.168.2.1 255.255.255.0PE2 (config-if) # no shPE2 (config) # int lo0PE2 (config-if) # ip add 4.4.4.4 255.255.255.255 R5: CE2 (config) # int s0/1CE2 (config-if) # ip add 192.168.2.2 255.255.255.0CE2 (config-if) # no shCE2 (config) # int lo0CE2 (config-if) # ip add 5.5.5.5 255.255.255.255CE2 (config-if) # After no sh is configured, you can use "show ip interface brief" in privileged mode to view router interface information, I will not demonstrate it here !! 2. Configure the dynamic routing protocol OSPF (on PE1, P, and PE2 ):PE1 (config) # router isisPE1 (config-router) # int 0/1PE1 (config-if) # ip router isisPE1 (config-router) # int lo0PE1 (config-if) # ip router isis P (config) # router isisP (config-router) # int 0/1 P (config-if) # ip router isisP (config) # router isisP (config-router) # int 0/0 P (config-router) # int lo0P (config-if) # ip router isis PE2 (config) # router isisPE2 (config-router) # int 0/0PE2 (config-if) # ip router isisPE2 (config-router) # int lo0PE2 (config-if) # ip router isis

After configuration, you can use "show ip route" in privileged mode to view the route table of the router !!

 

3. Configure MPLSPE and P routers)R2: PE1 (config) # ip cef // enable the fast forwarding function PE1 (config) # int f0/1PE1 (config-if) # mpls ip // enable MPLS R3: P (config) # ip cef P (config) # int f0/0 P (config-if) on int f0/0) # mpls ip P (config) # int f0/1 P (config-if) # mpls ip R4: PE2 (config) # ip cef PE2 (config) # int f0/0PE2 (config-if) # After the mpls ip is configured, you can use "show mpls ldp nei" in privileged mode to view the PE and P device configuration information.

 

4. Create a VPN instance (on a PE device ):R2: PE1 (config) # ip vrf aa // create a VPN instance on PE1, named "aa" PE1 (config-vrf) # rd 100// configure RD: used to distinguish non-VPN use the same IP address, after the IP address header with RD, IPV4 becomes a VPN-IPV4, for example: vpna and vpnb use network segment 10.0.0.0/8, the RD of vpna is: 1, and the RD of vpnb is: 1. This can be a unique identifier. RD is only useful when different VPNs have the same IP address, different RD can be configured on different sites of the same VPN. In the same PE, different VPN instances have different IP addresses and can have the same RD, however, to prevent the customer's IP address changes from causing the same IP address as other customers, the vendor generally does not allow different VPN instances to configure the same RD. For example, cisco will prompt "% Cannot set RD, check if it's unique ". PE1 (config-vrf) # route-target both 100:1 // configure RT to filter different VPNs by ID) -- route-target [export | import | both] xx: xx, for example, route-target both 100:1 indicates that only packets with a 100:1 ID are sent and received. different VPNs have different RT values, the RT Entry and Exit identifiers of different sites in the same VPN must match PE1 (config-vrf) # int f0/0PE1 (config-if) # ip vrf forwarding aa // bind the Interface to the VPN instance % Interface FastEthernet0/0 IP address 192.168.1.2 removed due to enabling VRF aa // The system will prompt the Interface ip address f0/0) the IP address will be deleted and must be reconfigured. This is because the original IP address belongs to the global route table. Now this interface belongs to the route table of the vpna instance. You need to reconfigure the IP address 192.168.1.2 255.255.255.0) PE1 (config-if) # ip add 192.168.1.2 255.255.255.0PE1 (config-if) # no shut R4: PE2 (config) # ip vrf bb // create a VPN instance on PE2, name: "bb" PE2 (config-vrf) # rd 100: 1PE2 (config-vrf) # route-target both 100: 1PE2 (config-vrf) # int f0/1PE2 (config-if) # ip vrf forwarding bb % Interface FastEthernet0/1 IP address 192.168.2.1 removed due to enabling VRF bbPE2 (config-if) # ip add 192.168.2.1 255.255.255.0PE2 (config-if) # no shut

 

5. Configure the dynamic routing protocol and configure it on CE:R1: CE1 (config) # router ripCE1 (config-router) # ver 2CE1 (config-router) # no auto-summaryCE1 (config-router) # net 192.168.1.0CE1 (config-router) # net 1.1.1.1 CE2 (config) # router ripCE2 (config-router) # ver 2CE2 (config-router) # no auto-summaryCE2 (config-router) # net 192.168.2.0CE2 (config-router) # net 5.5.5.5 6. Configure the iBGP protocol between PES to carry a large number of private prefixes ( Configuration MPBGP Protocol. PE Vro slave CE Learned from vro VRF After routing, you need to run MPBGP Agreement announcement to others PE ) R2:PE1 (config) # router bgp 100 PE1 (config-router) # bgp router-id 2.2.2.2 PE1 (config-router) # neighbor 4.4.4.4 remote-as 100PE1 (config-router) # neighbor 4.4.4.4 update-source lo0PE1 (config-router) # no synchronizationPE1 (config-router) # no auto-summary you can use "show ip bgp summary" in privileged mode to view the configuration information: 650) this. width = 650; "alt =" "border =" 0 "src =" http://www.bkjia.com/uploads/allimg/131227/0305344U4-1.jpg "/> R4: PE2 (config) # router bgp 100 PE2 (config-router) # bgp router-id 4.4.4 PE2 (config-router) # neighbor 2.2.2.2 remote-as 100PE2 (config-router) # neighbor 2.2.2.2 update-source lo0PE2 (config-router) # no synchronizationPE2 (config-router) # no auto-summary

650) this. width = 650; "alt =" "border =" 0 "src =" http://www.bkjia.com/uploads/allimg/131227/0305343344-2.jpg "/>

 

7. Enable extended group attributes of address-family vpnv4: On the PE device ):R2: PE1 (config) # router bgp 100PE1 (config-router) # address-family vpnv4PE1 (config-router-af) # neighbor 4.4.4.4 activatePE1 (config-router-af) # neighbor 4.4.4.4 send-community extended R4: PE2 (config) # router bgp 100PE2 (config-router) # address-family vpnv4PE2 (config-router-af) # neighbor 2.2.2.2 activatePE2 (config-router-af) # neighbor 2.2.2.2 send-community extended 8. Enable address-family ipv4 vrf vpna (configured on the PE device ):R2: PE1 (config) # router bgp 100PE1 (config-router) # address-family ipv4 vrf aaPE1 (config-router-af) # no synchronizationPE1 (config-router-af) # no auto-summary R4: PE2 (config) # router bgp 100PE2 (config-router) # address-family ipv4 vrf bbPE2 (config-router-af) # no synchronizationPE2 (config-router-af) # no auto-summary 9. In GBP And r00002 Bidirectional redistribution Address-family ipv4 vrf vpna Medium)R2: PE1 (config) # router bgp 100PE1 (config-router) # address-family ipv4 vrf aaPE1 (config-router-af) # redistribute ripPE1 (config) # router ripPE1 (config-router) # ver 2PE1 (config-router) # address-family ipv4 vrf aaPE1 (config-router-af) # no auto-summaryPE1 (config-router-af) # net 192.168.1.0PE1 (config-router-af) # ver 2PE1 (config-router-af) # redistribute bgp 100 metric 3 R4: PE2 (config) # router bgp 100PE2 (config-router) # address-family ipv4 vrf bbPE2 (config-router-af) # redistribute ripPE2 (config) # router ripPE2 (config-router) # ver 2PE2 (config-router) # address-family ipv4 vrf bbPE2 (config-router-af) # no auto-summaryPE2 (config-router-af) # net 192.168.2.0PE2 (config-router-af) # ver 2PE2 (config-router-af) # redistribute bgp 100 metric 3 After configuration, you can use "show ip route vrf vpn" in privileged mode. Name To view the route information:650) this. width = 650; "alt =" "border =" 0 "src =" http://www.bkjia.com/uploads/allimg/131227/0305345546-3.jpg "/> 650) this. width = 650; "alt =" "border =" 0 "src =" http://www.bkjia.com/uploads/allimg/131227/0305344444-4.jpg "/> at this point, you can view the route table on the CE device: 650) this. width = 650; "alt =" "border =" 0 "src =" http://www.bkjia.com/uploads/allimg/131227/030534OE-5.jpg "/> 650) this. width = 650; "alt =" "border =" 0 "src =" http://www.bkjia.com/uploads/allimg/131227/030534K25-6.jpg "/> Verification:Use CE1 (Source address1.1.1.1) to Ping CE2 (Destination 5.5.5.5) 650) this. width = 650; "alt =" "border =" 0 "src =" http://www.bkjia.com/uploads/allimg/131227/0305341113-7.jpg "/> Ping CE1 (Destination 1.1.1.1) 650 with CE2 (Source address 5.5.5.5) this. width = 650; "alt =" "border =" 0 "src =" http://www.bkjia.com/uploads/allimg/131227/0305343Z7-8.jpg "/> here we can see that only two Intranets can communicate with each other, to the data packet direction and encapsulation process, you need to use the "traceroute" and route tracking command. The specific operation procedure is as follows: 650) this. width = 650; "alt =" "border =" 0 "src =" http://www.bkjia.com/uploads/allimg/131227/0305345261-9.jpg "/> Similarly, test on CE2: Result: 650) this. width = 650; "alt =" "border =" 0 "src =" http://www.bkjia.com/uploads/allimg/131227/0305342318-10.jpg "/> The experiment is complete !!!!  If you cannot see any images in the article, you can download the attachment! 

This experiment is completed on the Xiao fan simulator. for IOS users, add Q: 821972656.

Thank you for your support !!!

 

 

This article is from the "cainiao blog" blog, please be sure to keep this source http://jiangjing.blog.51cto.com/3128309/577420