大家好，今天我給大家演示一下PE與CE之間如何通過靜態(tài)路由來實(shí)現(xiàn)MPLS VPN。實(shí)驗(yàn)本身并不難，目的在于如何去理解實(shí)現(xiàn)的原理、方法與步驟。

廢話不說，我們開始進(jìn)入主題。

拓?fù)洌?/p>

 

 

說明：

1. 所有的路由器都起環(huán)回口：x.x.x.x/24

2. R1為公司總部，R7和R8分別為分公司。

3. R2-R4-R6建立IBGP，并且R4為RR

4. 要求在SP內(nèi)部通過部署MPLS VPN，并且所有的CE和PE之間均為靜態(tài)路由。使得分公司均能與總公司通信，但分公司之間無法通信。

擴(kuò)展訓(xùn)練：

1. 要求總公司與分公司之間可以進(jìn)行互訪，而且分公司之間也可以進(jìn)行互訪，但必須通過總公司繞行來進(jìn)行互訪。

配置：

1. 底層預(yù)配：

說明：所有的串口都是通過FR相連的。 Router>en

Router#conf t

Router(config)#host CE-R1

CE-R1(config)#no ip do loo

CE-R1(config)#line co 0

CE-R1(config-line)#exec-t 0 0

CE-R1(config-line)#logging sy

CE-R1(config-line)#int s1/0

CE-R1(config-if)#en fr

CE-R1(config-if)#no arp fr

CE-R1(config-if)#no frame inv

CE-R1(config-if)#ip add 12.12.12.1 255.255.255.0

CE-R1(config-if)#frame map ip 12.12.12.2 102 b

CE-R1(config-if)#no shut

----------------------------------------------------------------------------------------------------------------------

Router>en

Router#conf t

Router(config)#host PE-R2

PE-R2(config)#no ip do loo

PE-R2(config)#line con 0

PE-R2(config-line)#exec-t 0 0

PE-R2(config-line)#logging sy

PE-R2(config-line)#int loo0

PE-R2(config-if)#ip add 2.2.2.2 255.255.255.0

PE-R2(config-if)#int s1/0

PE-R2(config-if)#en fr

PE-R2(config-if)#no arp fr

PE-R2(config-if)#no frame inv

PE-R2(config-if)#ip add 12.12.12.2 255.255.255.0

PE-R2(config-if)#frame map ip 12.12.12.1 201 b

PE-R2(config-if)#no shut

PE-R2(config-if)#int s1/1

PE-R2(config-if)#en fr

PE-R2(config-if)#no arp fr

PE-R2(config-if)#no frame inv

PE-R2(config-if)#ip add 23.23.23.2 255.255.255.0

PE-R2(config-if)#frame map ip 23.23.23.3 213 b

PE-R2(config-if)#no shut

----------------------------------------------------------------------------------------------------------------------

Router>en

Router#conf t

Router(config)#host P-R3

P-R3(config)#no ip do loo

P-R3(config)#line co 0

P-R3(config-line)#exec-t 0 0

P-R3(config-line)#logging sy

P-R3(config-line)#int loo0

P-R3(config-if)#ip add 3.3.3.3 255.255.255.0

P-R3(config-if)#int s1/1

P-R3(config-if)#en fr

P-R3(config-if)#no arp fr

P-R3(config-if)#no frame inv

P-R3(config-if)#ip add 23.23.23.3 255.255.255.0

P-R3(config-if)#frame map ip 23.23.23.2 312 b

P-R3(config-if)#no shut

P-R3(config-if)#int s1/0

P-R3(config-if)#en fr

P-R3(config-if)#no arp fr

P-R3(config-if)#no frame inv

P-R3(config-if)#ip add 34.34.34.3 255.255.255.0

P-R3(config-if)#frame map ip 34.34.34.4 304 b

P-R3(config-if)#no shut

----------------------------------------------------------------------------------------------------------------------

Router>en

Router#conf t

Router (config)#host P-RR-R4

P-RR-R4(config)#no ip do loo

P-RR-R4(config)#line con 0

P-RR-R4(config-line)#exec-t 0 0

P-RR-R4(config-line)#logging sy

P-RR-R4(config-line)#int loo0

P-RR-R4(config-if)#ip add 4.4.4.4 255.255.255.0

P-RR-R4(config-if)#int s1/0

P-RR-R4(config-if)#en fr

P-RR-R4(config-if)#no arp fr

P-RR-R4(config-if)#no frame inv

P-RR-R4(config-if)#ip add 34.34.34.4 255.255.255.0

P-RR-R4(config-if)#frame map ip 34.34.34.3 403 b

P-RR-R4(config-if)#no shut

P-RR-R4(config-if)#int s1/1

P-RR-R4(config-if)#en fr

P-RR-R4(config-if)#no arp fr

P-RR-R4(config-if)#no frame inv

P-RR-R4(config-if)#ip add 45.45.45.4 255.255.255.0

P-RR-R4(config-if)#frame map ip 45.45.45.5 415 b

P-RR-R4(config-if)#no shut

----------------------------------------------------------------------------------------------------------------------

Router>en

Router#conf t

Router(config)#host P-R5

P-R5(config)#no ip do loo

P-R5(config)#line con 0

P-R5(config-line)#exec-t 0 0

P-R5(config-line)#logging sy

P-R5(config-line)#int loo0

P-R5(config-if)#ip add 5.5.5.5 255.255.255.0

P-R5(config-if)#int s1/1

P-R5(config-if)#en fr

P-R5(config-if)#no arp fr

P-R5(config-if)#no frame inv

P-R5(config-if)#ip add 45.45.45.5 255.255.255.0

P-R5(config-if)#frame map ip 45.45.45.4 514 b

P-R5(config-if)#no shut

P-R5(config-if)#int s1/0

P-R5(config-if)#en fr

P-R5(config-if)#no arp fr

P-R5(config-if)#no frame inv

P-R5(config-if)#ip add 56.56.56.5 255.255.255.0

P-R5(config-if)#frame map ip 56.56.56.6 506 b

P-R5(config-if)#no shut

----------------------------------------------------------------------------------------------------------------------

Router>en

Router#conf t

Router(config)#host PE-R6

PE-R6(config)#no ip do loo

PE-R6(config)#line con 0

PE-R6(config-line)#exec-t 0 0

PE-R6(config-line)#int loo0

PE-R6(config-if)#ip add 6.6.6.6 255.255.255.0

PE-R6(config-if)#int s1/0

PE-R6(config-if)#en fr

PE-R6(config-if)#no arp fr

PE-R6(config-if)#no frame inv

PE-R6(config-if)#ip add 56.56.56.6 255.255.255.0

PE-R6(config-if)#frame map ip 56.56.56.5 605 b

PE-R6(config-if)#no shut

PE-R6(config-if)#int s1/1

PE-R6(config-if)#en fr

PE-R6(config-if)#no arp f

PE-R6(config-if)#no frame inv

PE-R6(config-if)#ip add 67.67.67.6 255.255.255.0

PE-R6(config-if)#frame map ip 67.67.67.

PE-R6(config-if)#no shut

PE-R6(config-if)#int f0/0

PE-R6(config-if)#ip add 68.68.68.6 255.255.255.0

PE-R6(config-if)#no shut

----------------------------------------------------------------------------------------------------------------------

Router>en

Router#conf t

Router(config)#host CE-R7

CE-R7(config)#no ip do loo

CE-R7(config)#line co 0

CE-R7(config-line)#exec-t 0 0

CE-R7(config-line)#logging sy

CE-R7(config-line)#int s1/1

CE-R7(config-if)#en fr

CE-R7(config-if)#no arp fr

CE-R7(config-if)#no frame inv

CE-R7(config-if)#ip add 67.67.67.7 255.255.255.0

CE-R7(config-if)#frame map ip 67.67.67.6 716 b

CE-R7(config-if)#no shut

----------------------------------------------------------------------------------------------------------------------

Router>en

Router(config)#host CE-R8

CE-R8(config)#no ip do loo

CE-R8(config)#line con 0

CE-R8(config-line)#exec-t 0 0

CE-R8(config-line)#logging sy

CE-R8(config-line)#int loo0

CE-R8(config-if)#ip add 8.8.8.8 255.255.255.0

CE-R8(config-if)#int f0/0

CE-R8(config-if)#ip add 68.68.68.8 255.255.255.0

CE-R8(config-if)#no shut

2.測(cè)試底層的連通性 CE-R1#ping 12.12.12.2

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 12.12.12.2, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 16/33/48 ms

----------------------------------------------------------------------------------------------------------------------

PE-R2#ping 23.23.23.3

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 23.23.23.3, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 24/29/40 ms

----------------------------------------------------------------------------------------------------------------------

P-R3#ping 34.34.34.4

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 34.34.34.4, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 32/40/48 ms

----------------------------------------------------------------------------------------------------------------------

P-RR-R4#ping 45.45.45.5

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 45.45.45.5, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 24/36/44 ms

----------------------------------------------------------------------------------------------------------------------

P-R5#ping 56.56.56.6

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 56.56.56.6, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 24/33/44 ms

----------------------------------------------------------------------------------------------------------------------

PE-R6#ping 67.67.67.7

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 67.67.67.7, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 24/34/48 ms

----------------------------------------------------------------------------------------------------------------------

PE-R6#ping 68.68.68.8

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 68.68.68.8, timeout is 2 seconds:

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 4/19/44 ms

3. 配置SP骨干網(wǎng)內(nèi)部IGP協(xié)議——OSPF，要求網(wǎng)絡(luò)接口類型統(tǒng)一為point-to-point PE-R2(config)#router ospf 100

PE-R2(config-router)#router-id 2.2.2.2

PE-R2(config-router)#net 2.2.2.0 0.0.0.255 a 0

PE-R2(config-router)#net 23.23.23.0 0.0.0.255 a 0

PE-R2(config-router)#int s1/1

PE-R2(config-if)#ip ospf net point-to-p

PE-R2(config-if)#int loo0

PE-R2(config-if)#ip ospf network point-to-p

----------------------------------------------------------------------------------------------------------------------

P-R3(config)#router ospf 100

P-R3(config-router)#router-id 3.3.3.3

P-R3(config-router)#net 3.3.3.0 0.0.0.255 a 0

P-R3(config-router)#net 23.23.23.0 0.0.0.255 a 0

P-R3(config-router)#net 34.34.34.0 0.0.0.255 a 0

P-R3(config-router)#int s1/1

P-R3(config-if)#ip ospf net point-to-p

P-R3(config-router)#int s1/0

P-R3(config-if)#ip ospf net point-to-point

P-R3(config-if)#int loo0

P-R3(config-if)#ip ospf net point-to-p

----------------------------------------------------------------------------------------------------------------------

P-RR-R4(config)#router ospf 100

P-RR-R4(config-router)#routere

P-RR-R4(config-router)#router

P-RR-R4(config-router)#router-id 4.4.4.4

P-RR-R4(config-router)#net 4.4.4.0 0.0.0.255 a 0

P-RR-R4(config-router)#net 34.34.34.0 0.0.0.255 a 0

P-RR-R4(config-router)#net 45.45.45.0 0.0.0.255 a 0

P-RR-R4(config-router)#int s1/0

P-RR-R4(config-if)#ip ospf net po

P-RR-R4(config-if)#ip ospf net point-to-p

P-RR-R4(config-if)#int s1/1

P-RR-R4(config-if)#ip ospf net point-to-p

P-RR-R4(config-if)#int loo0

P-RR-R4(config-if)#ip ospf net point-to-p

----------------------------------------------------------------------------------------------------------------------

P-R5(config)#router ospf 100

P-R5(config-router)#router-id 5.5.5.5

P-R5(config-router)#net 5.5.5.0 0.0.0.255 a 0

P-R5(config-router)#net 45.45.45.0 0.0.0.255 a 0

P-R5(config-router)#net 56.56.56.0 0.0.0.255 a 0

P-R5(config-router)#int s1/1

P-R5(config-if)#ip ospf net point-to-p

P-R5(config-if)#int s1/0

P-R5(config-if)#ip ospf net point-to-p

P-R5(config-if)#int loo0

P-R5(config-if)#ip ospf net point-to-p

----------------------------------------------------------------------------------------------------------------------

PE-R6(config)#router ospf 100

PE-R6(config-router)#router-id 6.6.6.6

PE-R6(config-router)#net 6.6.6.0 0.0.0.255 a 0

PE-R6(config-router)#net 56.56.56.0 0.0.0.255 a 0

PE-R6(config-router)#int s1/0

PE-R6(config-if)#ip ospf net point-to-p

PE-R6(config-if)#int loo0

PE-R6(config-if)#ip ospf network point-to-p

----------------------------------------------------------------------------------------------------------------------

測(cè)試連通性：

PE-R2#ping 6.6.6.6 source loo0

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 6.6.6.6, timeout is 2 seconds:

Packet sent with a source address of 2.2.2.2

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 40/54/72 ms

4. 在SP骨干網(wǎng)內(nèi)部配置LDP，并保證標(biāo)簽?zāi)軌蛘＾D(zhuǎn)發(fā) PE-R2(config)#mpls ldp router-id loo0

PE-R2(config)#mpls label range 200 299

PE-R2(config)#int s1/1

PE-R2(config-if)#mpls ip

----------------------------------------------------------------------------------------------------------------------

P-R3(config)#mpls ldp router-id loo0

P-R3(config)#mpls label range 300 399

P-R3(config)#int s1/1

P-R3(config-if)#mpls ip

P-R3(config-if)#int s1/0

P-R3(config-if)#mpls ip

----------------------------------------------------------------------------------------------------------------------

P-RR-R4(config)#mpls ldp router loo0

P-RR-R4(config)#mpls label range 400 499

P-RR-R4(config)#int s1/1

P-RR-R4(config-if)#mpls ip

P-RR-R4(config-if)#int s1/0

P-RR-R4(config-if)#mpls ip

----------------------------------------------------------------------------------------------------------------------

P-R5(config)#mpls ldp router-id loo0

P-R5(config)#mpls label range 500 599

P-R5(config)#int s1/1

P-R5(config-if)#mpls ip

P-R5(config-if)#int s1/0

P-R5(config-if)#mpls ip

----------------------------------------------------------------------------------------------------------------------

PE-R6(config)#mpls ldp router loo0

PE-R6(config)#mpls label range 600 699

PE-R6(config)#int s1/0

PE-R6(config-if)#mpls ip

----------------------------------------------------------------------------------------------------------------------

進(jìn)行標(biāo)簽追蹤

PE-R2#traceroute 6.6.6.6

Type escape sequence to abort.

Tracing the route to 6.6.6.6

1 23.23.23.3 [MPLS: Label 302 Exp 0] 84 msec 56 msec 80 msec

2 34.34.34.4 [MPLS: Label 403 Exp 0] 84 msec 76 msec 76 msec

3 45.45.45.5 [MPLS: Label 504 Exp 0] 80 msec 80 msec 72 msec

4 56.56.56.6 60 msec * 48 msec

5. 在R2-R4-R6之間運(yùn)行MP IBGP，并將R4設(shè)置為RR PE-R2(config)#router bgp 100

PE-R2(config-router)#no au

PE-R2(config-router)#no sy

PE-R2(config-router)#bgp router-id 2.2.2.2

PE-R2(config-router)#no bgp default ipv4-unicast

PE-R2(config-router)#nei 4.4.4.4 remote-as 100

PE-R2(config-router)#nei 4.4.4.4 update-source loo0

PE-R2(config-router)#address-family vpnv4

PE-R2(config-router-af)#nei 4.4.4.4 activate

----------------------------------------------------------------------------------------------------------------------

P-RR-R4(config)#router bgp 100

P-RR-R4(config-router)#no au

P-RR-R4(config-router)#no sy

P-RR-R4(config-router)#bgp router-id 4.4.4.4

P-RR-R4(config-router)#no bgp default ipv4-unicast

P-RR-R4(config-router)#nei 2.2.2.2 remote-as 100

P-RR-R4(config-router)#nei 2.2.2.2 update-source loo0

P-RR-R4(config-router)#nei 6.6.6.6 remote-as 100

P-RR-R4(config-router)#nei 6.6.6.6 update-source loo0

P-RR-R4(config-router)#address-family vpnv4

P-RR-R4(config-router-af)#nei 2.2.2.2 activate

P-RR-R4(config-router-af)#nei 2.2.2.2 route-reflector-client

P-RR-R4(config-router-af)#nei 6.6.6.6 activate

P-RR-R4(config-router-af)#nei 6.6.6.6 route-reflector-client

----------------------------------------------------------------------------------------------------------------------

PE-R6(config)#router bgp 100

PE-R6(config-router)#no au

PE-R6(config-router)#no sy

PE-R6(config-router)#bgp router 6.6.6.6

PE-R6(config-router)#no bgp default ipv4-unicast

PE-R6(config-router)#nei 4.4.4.4 remote-as 100

PE-R6(config-router)#nei 4.4.4.4 update-source loo0

PE-R6(config-router)#address-family vpnv4

PE-R6(config-router-af)#nei 4.4.4.4 activate

----------------------------------------------------------------------------------------------------------------------

驗(yàn)證VPNv4鄰居是否建立起來

P-RR-R4#sh ip bgp vpnv4 all summary

BGP router identifier 4.4.4.4, local AS number 100

BGP table version is 1, main routing table version 1

Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd

2.2.2.2 4 100 20 21 1 0 0 00:15:42 0

6.6.6.6 4 100 12 12 1 0 0 00:08:37 0

6. 在CE上分別創(chuàng)建靜態(tài)路由，這里我們采用默認(rèn)路由方式。 CE-R1(config)#ip route 0.0.0.0 0.0.0.0 12.12.12.2

----------------------------------------------------------------------------------------------------------------------

CE-R7(config)#ip route 0.0.0.0 0.0.0.0 67.67.67.6

----------------------------------------------------------------------------------------------------------------------

CE-R8(config)#ip route 0.0.0.0 0.0.0.0 68.68.68.6

7. 在PE-R2和PE-R6上創(chuàng)建vrf表項(xiàng)，要求總公司能與各個(gè)分公司進(jìn)行互訪，但分公司之間不能互訪，這里我們通過指定RT值來實(shí)現(xiàn)。 PE-R2(config)#ip vrf A

PE-R2(config-vrf)#rd 1:1

PE-R2(config-vrf)#route-target import 62:62

PE-R2(config-vrf)#route-target export 26:26

PE-R2(config-vrf)#int s1/0

PE-R2(config-if)#ip vrf forwarding A

% Interface Serial1/0 IP address 12.12.12.2 removed due to enabling VRF A

PE-R2(config-if)#ip add 12.12.12.2 255.255.255.0

----------------------------------------------------------------------------------------------------------------------

PE-R6(config)#ip vrf A

PE-R6(config-vrf)#rd 7:7

PE-R6(config-vrf)#route-target import 26:26

PE-R6(config-vrf)#route-target export 62:62

PE-R6(config-vrf)#int s1/1

PE-R6(config-if)#ip vrf forwarding A

% Interface Serial1/1 IP address 67.67.67.6 removed due to enabling VRF A

PE-R6(config-if)#ip add 67.67.67.6 255.255.255.0

PE-R6(config-if)#exit

PE-R6(config)#ip vrf B

PE-R6(config-vrf)#rd 8:8

PE-R6(config-vrf)#route-target import 26:26

PE-R6(config-vrf)#route-target export 62:62

PE-R6(config-vrf)#int f0/0

PE-R6(config-if)#ip vrf forwarding B

% Interface FastEthernet0/0 IP address 68.68.68.6 removed due to enabling VRF B

PE-R6(config-if)#ip add 68.68.68.6 255.255.255.0

8. 在PE-R2和PE-R6上分別創(chuàng)建靜態(tài)路由 PE-R2(config)#ip route vrf A 1.1.1.0 255.255.255.0 12.12.12.1

----------------------------------------------------------------------------------------------------------------------

PE-R6(config)#ip route vrf A 7.7.7.0 255.255.255.0 67.67.67.7

PE-R6(config)#ip route vrf B 8.8.8.0 255.255.255.0 68.68.68.8

9. 在PE-R2和PE-R6上分別將創(chuàng)建的靜態(tài)路由以及PE-CE之間的直連路由重分布到MP-BGP中。 PE-R2(config)#router bgp 100

PE-R2(config-router)#address-family ipv4 vrf A

PE-R2(config-router-af)#redistribute connected

PE-R2(config-router-af)#redistribute static

----------------------------------------------------------------------------------------------------------------------

PE-R6(config)#router bgp 100

PE-R6(config-router)#address-family ipv4 vrf A

PE-R6(config-router-af)#redistribute connected

PE-R6(config-router-af)#redistribute static

PE-R6(config-router-af)#exit

PE-R6(config-router)#address-family ipv4 vrf B

PE-R6(config-router-af)#redistribute connected

10.驗(yàn)證 查看VPNv4表項(xiàng)

PE-R2#sh ip bgp vpnv4 all

BGP table version is 13, local router ID is 2.2.2.2

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

Route Distinguisher: 2:2 (default for vrf A)

*> 1.1.1.0/24 12.12.12.1 0 32768 ?

*>i7.7.7.0/24 6.6.6.6 0 100 0 ?

*>i8.8.8.0/24 6.6.6.6 0 100 0 ?

*> 12.12.12.0/24 0.0.0.0 0 32768 ?

*>i67.67.67.0/24 6.6.6.6 0 100 0 ?

*>i68.68.68.0/24 6.6.6.6 0 100 0 ?

Route Distinguisher: 7:7

*>i7.7.7.0/24 6.6.6.6 0 100 0 ?

*>i67.67.67.0/24 6.6.6.6 0 100 0 ?

Route Distinguisher: 8:8

*>i8.8.8.0/24 6.6.6.6 0 100 0 ?

*>i68.68.68.0/24 6.6.6.6 0 100 0 ?

PE-R6#sh ip bgp vpnv4 all

BGP table version is 15, local router ID is 6.6.6.6

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

Route Distinguisher: 2:2

*>i1.1.1.0/24 2.2.2.2 0 100 0 ?

*>i12.12.12.0/24 2.2.2.2 0 100 0 ?

Route Distinguisher: 7:7 (default for vrf A)

*>i1.1.1.0/24 2.2.2.2 0 100 0 ?

*> 7.7.7.0/24 67.67.67.7 0 32768 ?

*>i12.12.12.0/24 2.2.2.2 0 100 0 ?

*> 67.67.67.0/24 0.0.0.0 0 32768 ?

Route Distinguisher: 8:8 (default for vrf B)

*>i1.1.1.0/24 2.2.2.2 0 100 0 ?

*> 8.8.8.0/24 68.68.68.8 0 32768 ?

*>i12.12.12.0/24 2.2.2.2 0 100 0 ?

*> 68.68.68.0/24 0.0.0.0 0 32768 ?

----------------------------------------------------------------------------------------------------------------------

查看vrf表項(xiàng)：

PE-R2#sh ip route vrf A

Routing Table: A

Gateway of last resort is not set

68.0.0.0/24 is subnetted, 1 subnets

B 68.68.68.0 [200/0] via 6.6.6.6, 00:03:02

1.0.0.0/24 is subnetted, 1 subnets

S 1.1.1.0 [1/0] via 12.12.12.1

67.0.0.0/24 is subnetted, 1 subnets

B 67.67.67.0 [200/0] via 6.6.6.6, 00:03:17

7.0.0.0/24 is subnetted, 1 subnets

B 7.7.7.0 [200/0] via 6.6.6.6, 00:03:17

8.0.0.0/24 is subnetted, 1 subnets

B 8.8.8.0 [200/0] via 6.6.6.6, 00:03:02

12.0.0.0/24 is subnetted, 1 subnets

C 12.12.12.0 is directly connected, Serial1/0

PE-R6#sh ip route vrf A

Routing Table: A

Gateway of last resort is not set

1.0.0.0/24 is subnetted, 1 subnets

B 1.1.1.0 [200/0] via 2.2.2.2, 00:04:31

67.0.0.0/24 is subnetted, 1 subnets

C 67.67.67.0 is directly connected, Serial1/1

7.0.0.0/24 is subnetted, 1 subnets

S 7.7.7.0 [1/0] via 67.67.67.7

12.0.0.0/24 is subnetted, 1 subnets

B 12.12.12.0 [200/0] via 2.2.2.2, 00:04:31

PE-R6#sh ip route vrf B

Routing Table: B

Gateway of last resort is not set

68.0.0.0/24 is subnetted, 1 subnets

C 68.68.68.0 is directly connected, FastEthernet0/0

1.0.0.0/24 is subnetted, 1 subnets

B 1.1.1.0 [200/0] via 2.2.2.2, 00:04:35

8.0.0.0/24 is subnetted, 1 subnets

S 8.8.8.0 [1/0] via 68.68.68.8

12.0.0.0/24 is subnetted, 1 subnets

B 12.12.12.0 [200/0] via 2.2.2.2, 00:04:35

11.在CE上進(jìn)行測(cè)試 CE-R1#ping 7.7.7.7 source loo0

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 7.7.7.7, timeout is 2 seconds:

Packet sent with a source address of 1.1.1.1

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 36/58/76 ms

CE-R1#ping 8.8.8.8 source loo0

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:

Packet sent with a source address of 1.1.1.1

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 80/95/140 ms

----------------------------------------------------------------------------------------------------------------------

CE-R7#ping 1.1.1.1 source loo0

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:

Packet sent with a source address of 7.7.7.7

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 44/58/76 ms

CE-R7#ping 8.8.8.8 source loo0

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:

Packet sent with a source address of 7.7.7.7

U.U.U

Success rate is 0 percent (0/5)

----------------------------------------------------------------------------------------------------------------------

CE-R8#ping 1.1.1.1 source loo0

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:

Packet sent with a source address of 8.8.8.8

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 56/67/76 ms

CE-R8#ping 7.7.7.7 source loo0

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 7.7.7.7, timeout is 2 seconds:

Packet sent with a source address of 8.8.8.8

U.U.U

Success rate is 0 percent (0/5)

12. 優(yōu)化LDP繁衍 優(yōu)化前：

CE-R1#traceroute 7.7.7.7 source loo0

Type escape sequence to abort.

Tracing the route to 7.7.7.7

1 12.12.12.2 16 msec 28 msec 32 msec

2 23.23.23.3 48 msec 44 msec 60 msec

3 34.34.34.4 68 msec 44 msec 60 msec

4 45.45.45.5 52 msec 76 msec 44 msec

5 67.67.67.6 52 msec 44 msec 36 msec

6 67.67.67.7 60 msec * 48 msec

CE-R1#traceroute 8.8.8.8 source loo0

Type escape sequence to abort.

Tracing the route to 8.8.8.8

1 12.12.12.2 8 msec 8 msec 12 msec

2 23.23.23.3 56 msec 76 msec 72 msec

3 34.34.34.4 52 msec 56 msec 60 msec

4 45.45.45.5 44 msec 60 msec 44 msec

5 68.68.68.6 52 msec 44 msec 32 msec

6 68.68.68.8 56 msec * 52 msec

說明：此時(shí)在客戶端可以看到SP骨干網(wǎng)內(nèi)的路由器，這樣將會(huì)對(duì)SP骨干網(wǎng)將會(huì)構(gòu)成威脅，為此我們將對(duì)此情況進(jìn)行優(yōu)化，只保證在PE路由器上可以進(jìn)行路由追蹤。

----------------------------------------------------------------------------------------------------------------------

PE-R2(config)#no mpls ip propagate-ttl ?

forwarded Propagate IP TTL for forwarded traffic

local Propagate IP TTL for locally originated traffic

PE-R2(config)#no mpls ip propagate-ttl forwarded

PE-R6(config)#no mpls ip propagate-ttl forwarded

----------------------------------------------------------------------------------------------------------------------

再次在CE上進(jìn)行測(cè)試：

CE-R1#traceroute 7.7.7.7 source loo0

Type escape sequence to abort.

Tracing the route to 7.7.7.7

1 12.12.12.2 64 msec 64 msec 28 msec

2 67.67.67.6 40 msec 56 msec 88 msec

3 67.67.67.7 56 msec * 68 msec

CE-R1#traceroute 8.8.8.8 source loo0

Type escape sequence to abort.

Tracing the route to 8.8.8.8

1 12.12.12.2 32 msec 44 msec 44 msec

2 68.68.68.6 48 msec 48 msec 44 msec

3 68.68.68.8 72 msec * 80 msec

----------------------------------------------------------------------------------------------------------------------

再次在PE上進(jìn)行測(cè)試：

PE-R2#traceroute vrf A 7.7.7.7

Type escape sequence to abort.

Tracing the route to 7.7.7.7

1 23.23.23.3 [MPLS: Labels 304/608 Exp 0] 76 msec 116 msec 60 msec

2 34.34.34.4 [MPLS: Labels 404/608 Exp 0] 84 msec 44 msec 44 msec

3 45.45.45.5 [MPLS: Labels 500/608 Exp 0] 60 msec 16 msec 100 msec

4 67.67.67.6 [MPLS: Label 608 Exp 0] 32 msec 28 msec 36 msec

5 67.67.67.7 28 msec * 60 msec

PE-R2#traceroute vrf A 8.8.8.8

Type escape sequence to abort.

Tracing the route to 8.8.8.8

1 23.23.23.3 [MPLS: Labels 304/610 Exp 0] 88 msec 96 msec 92 msec

2 34.34.34.4 [MPLS: Labels 404/610 Exp 0] 56 msec 16 msec 40 msec

3 45.45.45.5 [MPLS: Labels 500/610 Exp 0] 36 msec 56 msec 28 msec

4 68.68.68.6 [MPLS: Label 610 Exp 0] 68 msec 40 msec 12 msec

5 68.68.68.8 68 msec * 44 msec

擴(kuò)展訓(xùn)練：

要求總公司與分公司之間可以進(jìn)行互訪，而且分公司之間也可以進(jìn)行互訪，但必須通過總公司繞行來進(jìn)行互訪。

配置： 在PE-R2上將原有的靜態(tài)路由刪掉

PE-R2(config)#no ip route vrf A 1.1.1.0 255.255.255.0 12.12.12.1

----------------------------------------------------------------------------------------------------------------------

在PE-R2上手動(dòng)創(chuàng)建一條默認(rèn)路由

PE-R2(config)#ip route vrf A 0.0.0.0 0.0.0.0 12.12.12.1

----------------------------------------------------------------------------------------------------------------------

在PE上將該默認(rèn)路由重分發(fā)到MP-BGP中

PE-R2(config)#router bgp 100

PE-R2(config-router)#address-family ipv4 vrf A

PE-R2(config-router-af)#net 0.0.0.0 mask 0.0.0.0

----------------------------------------------------------------------------------------------------------------------

查看PE-R2的VPNv4路由表項(xiàng)

PE-R2#sh ip bgp vpnv4 all

BGP table version is 15, local router ID is 2.2.2.2

Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,

r RIB-failure, S Stale

Origin codes: i - IGP, e - EGP, ? - incomplete

Network Next Hop Metric LocPrf Weight Path

Route Distinguisher: 2:2 (default for vrf A)

*> 0.0.0.0 12.12.12.1 0 32768 i

*>i7.7.7.0/24 6.6.6.6 0 100 0 ?

*>i8.8.8.0/24 6.6.6.6 0 100 0 ?

*> 12.12.12.0/24 0.0.0.0 0 32768 ?

*>i67.67.67.0/24 6.6.6.6 0 100 0 ?

*>i68.68.68.0/24 6.6.6.6 0 100 0 ?

Route Distinguisher: 7:7

*>i7.7.7.0/24 6.6.6.6 0 100 0 ?

*>i67.67.67.0/24 6.6.6.6 0 100 0 ?

Route Distinguisher: 8:8

*>i8.8.8.0/24 6.6.6.6 0 100 0 ?

*>i68.68.68.0/24 6.6.6.6 0 100 0 ?

----------------------------------------------------------------------------------------------------------------------

在PE-R6上查看各個(gè)vrf路由表項(xiàng)

Routing Table: A

Gateway of last resort is 2.2.2.2 to network 0.0.0.0

67.0.0.0/24 is subnetted, 1 subnets

C 67.67.67.0 is directly connected, Serial1/1

7.0.0.0/24 is subnetted, 1 subnets

S 7.7.7.0 [1/0] via 67.67.67.7

12.0.0.0/24 is subnetted, 1 subnets

B 12.12.12.0 [200/0] via 2.2.2.2, 00:44:33

B* 0.0.0.0/0 [200/0] via 2.2.2.2, 00:18:02

PE-R6#sh ip route vrf B

Routing Table: B

Gateway of last resort is 2.2.2.2 to network 0.0.0.0

68.0.0.0/24 is subnetted, 1 subnets

C 68.68.68.0 is directly connected, FastEthernet0/0

8.0.0.0/24 is subnetted, 1 subnets

S 8.8.8.0 [1/0] via 68.68.68.8

12.0.0.0/24 is subnetted, 1 subnets

B 12.12.12.0 [200/0] via 2.2.2.2, 00:44:38

B* 0.0.0.0/0 [200/0] via 2.2.2.2, 00:18:07

----------------------------------------------------------------------------------------------------------------------

在遠(yuǎn)端CE-R7和CE-R8上進(jìn)行測(cè)試

CE-R7#ping 1.1.1.1 source loo0

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:

Packet sent with a source address of 7.7.7.7

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 52/63/72 ms

CE-R7#ping 8.8.8.8 source loo0

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 8.8.8.8, timeout is 2 seconds:

Packet sent with a source address of 7.7.7.7

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 60/78/104 ms

CE-R8#ping 1.1.1.1 source loo0

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:

Packet sent with a source address of 8.8.8.8

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 64/70/84 ms

CE-R8#ping 7.7.7.7 source loo0

Type escape sequence to abort.

Sending 5, 100-byte ICMP Echos to 7.7.7.7, timeout is 2 seconds:

Packet sent with a source address of 8.8.8.8

!!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 72/89/108 ms

----------------------------------------------------------------------------------------------------------------------

在R8上進(jìn)行路由追蹤

CE-R8#traceroute 7.7.7.7 source loo0

Type escape sequence to abort.

Tracing the route to 7.7.7.7

1 68.68.68.6 52 msec 28 msec 36 msec

2 12.12.12.2 44 msec 60 msec 60 msec

3 12.12.12.1 96 msec 84 msec 56 msec

4 12.12.12.2 44 msec 60 msec 56 msec

5 67.67.67.6 56 msec 76 msec 92 msec

6 67.67.67.7 96 msec * 84 msec

 

【編輯推薦】

1. 思科攜手安博推CCIE360人才培養(yǎng)計(jì)劃
2. 思科認(rèn)證:3個(gè)CCIE對(duì)一個(gè)工程師的面試
3. CCIE SP Operations實(shí)驗(yàn)考試大綱1