Bgp mpls/VPN Network Technology

Bgp mpls/VPN Network Technology BGP protocol has been well known for a long time. Its powerful routing policy tool capabilities and its storage and routing performance go beyond any internal gateway protocol of the image model, therefore, it exists as a "bridge" between autonomous systems. before that, there was an EGP protocol, and few people knew it, because it was not widely used, and it is not used by the US military now, but there are not many points. BGP as an External Border Gateway Protocol, continuous development, now the application is the BGP-4 version, belongs to the class protocol, the first three are class, function is not so complete. the related data formats and attributes are mentioned above. MPLS technology comes from the Technical Innovation of ATM. the traditional IP group exchange uses the destination address in the route table to select the next route for communication. It uses HOP-BY-HOP and IP group, which has many disadvantages, that is, people are also looking for a technology to replace IP addressing. at this time, ATM and FR appeared. FR was updated on X.25 and appeared as a new technology. it is mainly reflected in the data link layer. however, not only does ATM appear in The data link layer is also extended to three layers, and also to the user's desktop, but it also has very high requirements. It imposes limits on the configuration performance of network devices and network terminals, therefore, it has not been widely used. It uses fixed cells to forward data, which is highly efficient. VPI/VCI is applied during the exchange, similar to the DLCL of FR, it can be based on vro interfaces or devices. in this case, MPLS is generated. It does not require specific hardware support or unique group switching. It also supports multiple protocols, forward the Group as a tag and use the corresponding protocol internally. cisco has long supported MPLS on devices, but it does not actually apply to this performance. VPN, virtual private network, for network security engineers, this technology is certainly not familiar with, whether it is layer-2 PPTP, L2TP and layer-3 ipsec vpn And easy vpn, ssl vpn. the same problem is involved, that is, data encryption and authentication. Through comparison, we can know that these VPN technologies Compared with the mpls vpn technology, the latter is rarely encrypted and authenticated, and can be learned through configuration. implement an intercommunication between private network addresses. the use of GRE or other closed nesting technologies is all for this purpose. perform the following operations on the mpls vpn experiment. the network topology is shown as follows: the loop interface is configured on the PE1 P PE2 routers respectively as the source address 1.1.1.9/32 2.2.2.9/32 3.3.3.3.9/32 using OSPF as the internal gateway protocol, enable the loopback interface to communicate with each other. configure MPLS in AS 100 and use the loopback interface AS the test result. Use rip as the internal network protocol between CE1 and PE1, OSPF is used as the internal network protocol between CE2 and PE1, and OSPF is used as the internal protocol between CE2 and PE2, use EIGPR between CE4 and PE2 as the internal protocol to configure the corresponding IP address on the corresponding network device, and test the connectivity. /Check OSPF neighbor creation in AS 100: PE1 # sh ip OS neighborNeighbor ID Pri State Dead Time Address Interface2.2.2.9 0 FULL/-00:00:30 172.1.1.2 Serial1/0192.168.2.1 1 FULL/DR 00:00:38 10.2.1.1 FastEthernet0/1 MPLS neighbor establishment: PE1 # sh mpls ldp neighbor Peer LDP Ident: 2.2.2.9: 0; Local LDP Ident 1.1.1.9: 0 TCP connection: 2.2.2.9.51455-1.1.1.9.646 State: Unknown; Msgs sent/rcvd: 16/15; downstream Up time: 00:06:54 LDP Discovery sources: Serial1/0, Src IP addr: 172.1.1.2 Addresses bound to peer LDP Ident: 172.1.1.2 2.2.2.9 172.2.1.1 P # sh mpls ldp neighbor Peer LDP Ident: 1.1.1.9: 0; local LDP Ident 2.2.2.9: 0 TCP connection: 1.1.1.9.646-2.2.2.9.51455 State: enabled; Msgs sent/rcvd: 16/16; Downstream Up time: 00:07:13 LDP disces sources: Serial1/0, Src IP addr: 172.1.1.1 Addresses bound to peer LDP Ident: 172.1.1. 1 1.1.1.9 Peer LDP Ident: 3.3.3.9: 0; Local LDP Ident 2.2.2.9: 0 TCP connection: 3.3.3.9.45449-2.2.2.9.646 State: idle; Msgs sent/rcvd: 16/16; Downstream Up time: 00:07:13 LDP discovery sources: Serial1/1, Src IP addr: 172.2.1.2 Addresses bound to peer LDP Ident: 172.2.1.2 3.3.3.9 test MPLS network: PE1 # traceroute 3.3.3.9Type escape sequence to abort. tracing the route to 3.3.3.9 1 172.1.1.2 [MPLS: Label 1 6 Exp 0] 84 msec 40 msec 60 msec 2 172.2.1.2 48 msec * 60 msecPE1 # has been successfully created. Next, create a stream of interest and differentiate and divide the corresponding interfaces into VRF. ip vrf vpna rd 100:1 route-target export 100:1 route-target import 100:1! Ip vrf vpnb rd 200:1 route-target export 200:1 route-target import 200:1! Interface FastEthernet0/0 ip vrf forwarding vpna ip address 10.1.1.2 255.255.255.0 duplex auto speed auto! Interface FastEthernet0/1 ip vrf forwarding vpnb ip address 10.2.1.2 255.255.255.0 duplex auto speed autoPE1 # ping vrf vpna 10.1.1.1Type escape sequence to abort. sending 5, 100-byte ICMP Echos to 10.1.1.1, timeout is 2 seconds :!!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 12/32/48 msPE1 # create a M-BGP and configure the Protocol accordingly, router ospf 100 vrf vpnb log-adjacency-changes redistribute bgp 100 subnets network 10.2.1.0 0.0.255 area 0! Router ospf 1 log-adjacency-changes network 1.1.1.9 0.0.0.0 area 0 network 172.1.1.0 0.0.255 area 0! Router rip version 2 network 10.0.0.0 no auto-summary! Address-family ipv4 vrf vpna redistribute bgp 100 metric 1 network 10.0.0.0 no auto-summary exit-address-family! Router bgp 100 no synchronization bgp log-neighbor-changes neighbor 3.3.3.9 remote-as 100 neighbor 3.3.3.9 update-source Loopback0 no auto-summary! Address-family vpnv4 neighbor 3.3.3.9 activate neighbor 3.3.3.9 send-community both exit-address-family! Address-family ipv4 vrf vpnb redistribute ospf 100 vrf vpnb no synchronization exit-address-family! Address-family ipv4 vrf vpna redistribute rip no synchronization network 10.1.1.0 exit-address-family this is only the configuration made on PE1. You can also configure it on PE3, however, there are differences in the configuration of MongoDB, as shown below :! Router VPN 1 network 10.4.1.0 0.0.255 no auto-summary! Address-family ipv4 vrf vpnb redistribute bgp 100 metric 100000 100 255 1 1500 network 10.0.0.0 no auto-summary autonomous-system 1 exit-address-family view VRF route information on PE1: PE1 # sh ip route vrf vpnaRouting Table: vpnaCodes: C-connected, S-static, R-RIP, M-mobile, B-BGP D-VPN, EX-VPN external, o-OSPF, IA-OSPF inter area N1-ospf nssa external type 1, N2-ospf nssa external type 2 E 1-OSPF external type 1, E2-OSPF external type 2 I-IS, su-IS summary, L1-IS level-1, l2-IS level-2 ia-IS inter area, *-candidate default, U-per-user static route o-ODR, p-periodic downloaded static routeGateway of last resort is not set 10.0.0.0/24 is subnetted, 2 subnetsB 10.3.1.0 [200/0] via 3.3.3.9, 00: 10: 56C 10.1.1.0 is directly connected, fastEthernet0/0R 1 92.161.0/24 [120/1] via 10.1.1.1, 00:00:03, FastEthernet0/0 192.168.3.0/32 is subnetted, 1 subnetsB 192.168.3.1 [200/2] via 3.3.3.9, 00: 10: 56PE1 # sh ip route vrf vpnbRouting Table: vpnbCodes: C-connected, S-static, R-RIP, M-mobile, B-BGP D-VPN, EX-VPN external, o-OSPF, IA-OSPF inter area N1-ospf nssa external type 1, N2-ospf nssa external type 2 E1-OSPF external type 1, E2-OSPF external type 2 I-IS, su-IS summary, L1-IS level-1, l2-IS level-2 ia-IS inter area, *-candidate default, U-per-user static route o-ODR, p-periodic downloaded static routeGateway of last resort is not setB 192.168.4.0/24 [200/10] via 3.3.3.9, 00:11:08 10.0.0.0/24 is subnetted, 2 subnetsC 10.2.1.0 is directly connected, fastEthernet0/1B 10.4.1.0 [200/0] v Ia 3.3.9, 00:11:08 192.168.2.0/32 is subnetted, 1 subnetsO 192.168.2.1 [110/2] via 10.2.1.1, 00:12:51, FastEthernet0/1 test on CE1: CE1 # ping 192.168.3.1Type escape sequence to abort. sending 5, 100-byte ICMP Echos to 192.168.3.1, timeout is 2 seconds :!!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 56/101/116 msCE1 # trCE1 # traceroute 192.168.3.1Type escape sequence to abort. tracing the route to 192.168.3.1 1 10.1.1.2 40 msec 56 msec 28 msec 2 172.1.1.2 [MPLS: Labels 16/20 Exp 0] 92 msec 96 msec 44 msec 3 10.3.1.2 [MPLS: label 20 Exp 0] 124 msec 48 msec 56 msec 4 10.3.1.1 108 msec * 112 msecCE1 # The experiment is completed.