Está en la página 1de 9

Cu hnh MPLS VPN

M hnh :

-Bi lab ny minh ha ISP cung cp cc kt ni cho cc khch hng qua mng trc MPLS. Bng cch s dng cng ngh MPLS VPN m bo tnh ring t ca khch hng. Trong bi lab ny, ta s cu hnh cho ton m hnh bao gm pha khch hng v nh cung cp dch v. Trong : CE-1A v CE-1B l 2 router ca cng 1 khch hng A (Customer A). CE-2A v CE-2B l 2 router ca cng 1 khch hng B (Customer B). Cu hnh : Bc 1: Cu hnh c bn - t hostname cho cc router. - t IP cho Router theo m hnh trong bi lab. Bc 2: S dng giao thc nh tuyn IGP trong mng Core ca nh cung cp dch v bng cch dng giao thc nh tuyn OSPF. Trn PE-1: PE-1(config)#router ospf 1 PE-1 (config-router)#network 2.2.2.2 0.0.0.0 area 0 PE-1 (config-router)#network 192.168.10.0 0.0.0.255 area 0 PE-1 (config-router)#exit

Trn P: P(config)#router ospf 1 P(config-router)# network 192.168.10.0 0.0.0.255 area 0 P(config-router)# network 192.168.11.0 0.0.0.255 area 0

Trn PE-2: PE-2(config)#router ospf 1 PE-2 (config-router)# network 4.4.4.4 0.0.0.0 area 0 PE-2 (config-router)# network 192.168.11.0 0.0.0.255 area 0 Bc 3: Cu hnh MPLS trong mng li nh cung cp dch v Ta thc hin theo th t: Chy giao thc phn phi nhn : - Lnh cu hnh : mpls label protocol {ldp|tdp} - Trong LDP l giao thc phn phi nhn ph bin nht hin nay trn cc Router ca cc hng sn xut khc nhau - TDP l giao thc chun ng, ch c trn cc Router ca Cisco. Do , khi cu hnh nn dng giao thc LDP c th s dng Router Cisco v Router Non-Cisco trong cng MPLS Domain c, nhm nng tnh linh ng ca h thng mng. - Ta c th gn giao thc phn phi nhn ton cc cho MPLS Router (config)#mpls label protocol {ldp|tdp} Hoc cng c th gn cho tng giao tip: (config-if)#mpls label protocol {ldp|tdp} Bt tnh nng MPLS trn cng : PE-1(config)# interface s0/2 PE-1(config-if)#mpls label protocol ldp PE-1(config-if)#mpls ip P(config)# interface s0/0 P(config-if)#mpls label protocol ldp P(config-if)#mpls ip P(config)# interface s0/1 P(config-if)#mpls label protocol ldp P(config-if)#mpls ip PE-2(config)# interface s0/0 PE-2(config-if)#mpls label protocol ldp PE-2(config-if)#mpls ip Kim tra vic MPLS thit lp c lng ging cha. PE-1#show mpls ldp neighbor Peer LDP Ident: 3.3.3.3:0; Local LDP Ident 2.2.2.2:0

TCP connection: 3.3.3.3.20427 - 2.2.2.2.646 State: Oper; Msgs sent/rcvd: 15/16; Downstream Up time: 00:06:45 LDP discovery sources: Serial0/2, Src IP addr: 192.168.10.1 Addresses bound to peer LDP Ident: 192.168.10.1 192.168.11.1 3.3.3.3 PE-2#show mpls ldp neighbor Peer LDP Ident: 3.3.3.3:0; Local LDP Ident 4.4.4.4:0 TCP connection: 3.3.3.3.646 - 4.4.4.4.22275 State: Oper; Msgs sent/rcvd: 9/9; Downstream Up time: 00:01:22 LDP discovery sources: Serial0/0, Src IP addr: 192.168.11.1 Addresses bound to peer LDP Ident: 192.168.10.1 192.168.11.1 3.3.3.3 Xem bng forwarding-table : PE-1#show mpls forwarding-table Local Outgoing Prefix Bytes tag Outgoing Next Hop tag tag or VC or Tunnel Id switched interface 16 Untagged 3.3.3.3/32 0 Se0/2 point2point 17 17 4.4.4.4/32 0 Se0/2 point2point 18 Pop tag 192.168.11.0/24 0 Se0/2 point2point PE-1# P#show mpls forwarding-table Local Outgoing Prefix Bytes tag Outgoing Next Hop tag tag or VC or Tunnel Id switched interface 16 Untagged 2.2.2.2/32 0 Se0/0 point2point 17 Untagged 4.4.4.4/32 0 Se0/1 point2point P# Bc 4: To bng VRF tng ng cho tng khch hng trn cc router PE Trnh t khai bo gm cc bc nh sau: To bng VRF ng k Route Distinguisher cho VRF Ch ra cc gi tr Route target import v export Customer A: PE-1 (config)#ip vrf A PE-1 (config-vrf)#rd 12:12 PE-1(config-vrf)#route-target export 1:1

PE-1(config-vrf)#route-target import 2:2 PE-2(config)#ip vrf A PE-2(config-vrf)#rd 12:12 PE-2(config-vrf)#route-target export 2:2 PE-2(config-vrf)#route-target import 1:1

Customer B PE-1(config)#ip vrf B PE-1(config-vrf)#rd 34:34 PE-1(config-vrf)#route-target export 3:3 PE-1(config-vrf)#route-target import 4:4 PE-2(config)#ip vrf B PE-2(config-vrf)#rd 34:34 PE-2(config-vrf)#route-target export 4:4 PE-2(config-vrf)#route-target import 3:3 Kim tra bng VRF c to PE-1#show ip vrf Name Default RD Interfaces A 12:12 B 34:34 PE-2#show ip vrf Name Default RD Interfaces A 12:12 B 34:34 Bc 5: ng k bng VRF vi cc interface ca tng khch hng. ng k interface vo VRF: Router(config-if)# ip vrf forwarding [vrf-name] Khi p t interface vo vrf, a ch ip trn interface s b loi b i, lc ta cn cu hnh li a ch ip. Chuyn mch CEF phi c bt ln trn interface. Customer A: PE-1(config)# interface s0/0 PE-1(config-if)#ip vrf forwarding A PE-1(config-if)#ip address 192.168.1.2 255.255.255.0 PE-2(config)# interface s0/1 PE-2(config-if)#ip vrf forwarding A PE-2(config-if)#ip address 192.168.2.2 255.255.255.0

Customer B: PE-1(config)# interface s0/1 PE-1(config-if)#ip vrf forwarding B PE-1(config-if)#ip address 192.168.1.2 255.255.255.0 PE-2(config)# interface s0/2 PE-2(config-if)#ip vrf forwarding B PE-2(config-if)#ip address 192.168.2.2 255.255.255.0 Kim tra bng nh tuyn VRF: PE-1#show ip route vrf A . Gateway of last resort is not set C 192.168.1.0/24 is directly connected, Serial0/0 PE-1#show ip route vrf B .. Gateway of last resort is not set C 192.168.1.0/24 is directly connected, Serial0/1 Bc 6: nh tuyn gia PE v CE. Cu hnh trn cc router PE pha nh cung cp dch v: //nh tuyn gia PE-1 v CE-1A s dng RIPv2 PE-1(config)#router rip PE-1(config-router)# address-family ipv4 vrf A PE-1(config-router-af)# version 2 PE-1(config-router-af)# network 192.168.1.0 PE-1(config-router-af)# redistribute bgp 24 metric 1 PE-1(config-router-af)#no auto-summary PE-1(config-router-af)# exit //nh tuyn gia PE-1 v CE-2A s dng EIGRP PE-1(config)# router eigrp 1 PE-1(config-router)#address-family ipv4 vrf B PE-1(config-router-af)#network 192.168.1.0 PE-1(config-router-af)#redistribute bgp 24 metric 1000 100 255 1 1500 PE-1(config-router-af)#autonomous-system 101 PE-1(config-router-af)#no auto-summary PE-1(config-router-af)#exit //nh tuyn PE-2 v CE-1B s dng RIPv2

PE-2(config)#router rip PE-2(config-router)#address-family ipv4 vrf A PE-2(config-router-af)#version 2 PE-2(config-router-af)#network 192.168.2.0 PE-2(config-router-af)#redistribute bgp 24 metric 1 PE-2(config-router-af)#no auto-summary PE-2(config-router-af)#exit //nh tuyn PE-2 v CE-2B s dng EIGRP PE-2(config)#router eigrp 1 PE-2(config-router)#address-family ipv4 vrf B PE-2(config-router-af)#network 192.168.2.0 PE-2(config-router-af)#redistribute bgp 24 metric 1000 100 255 1 1500 PE-2(config-router-af)#autonomous-system 101 PE-2(config-router-af)#no auto-summary PE-2(config-router-af)#exit //Cu hnh giao thc nh tuyn trn Router khch hng CE-1A(config)#router rip CE-1A(config-router)#version 2 CE-1A(config-router)#network 192.168.1.0 CE-1A(config-router)#network 10.0.0.0 CE-1A(config-router)#no auto-summary CE-1A(config-router)#exit CE-2A(config)# router eigrp 101 CE-2A(config-router)# network 192.168.1.0 CE-2A(config-router)# network 10.0.0.0 CE-2A(config-router)# no auto-summary CE-2A(config-router)# exit CE-1B(config)#router rip CE-1B(config-router)#version 2 CE-1B(config-router)#network 192.168.2.0 CE-1B(config-router)#network 10.0.0.0 CE-1B(config-router)#exit CE-2B(config)#router eigrp 101 CE-2B(config-router)#network 192.168.2.0 CE-2B(config-router)#network 10.0.0.0 CE-2B(config-router)#no auto-summary CE-2B(config-router)#exit Bc 7: nh tuyn PE-PE bng cch s dng giao thc nh tuyn MP-BGP.

Thit lp lng ging MP-BGP gia PE-1 v PE-2: PE-1(config)#router bgp 24 PE-1(config-router)#neighbor 4.4.4.4 remote-as 24 PE-1(config-router)#neighbor 4.4.4.4 update-source loopback 0 PE-2(config)#router bgp 24 PE-2(config-router)#neighbor 2.2.2.2 remote-as 24 PE-2(config-router)#neighbor 2.2.2.2 update-source loopback 0 Cu hnh trao i cc route VPNv4 address family: Bt tnh nng trao i cc prefix vpnv4 (config-router)#address-family vpnv4 (config-router-af)#neighbor {ip-address| peer-group-name} activate PE-1(config)#router bgp 24 PE-1(config-router)#address-family vpnv4 PE-1(config-router-af)#neighbor 4.4.4.4 activate PE-2(config)#router bgp 24 PE-2(config-router)#address-family vpnv4 PE-2(config-router-af)#neighbor 2.2.2.2 activate Kim tra thit lp lng ging: PE-1#show ip bgp summary BGP router identifier 2.2.2.2, local AS number 24 BGP table version is 1, main routing table version 1 Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 4.4.4.4 4 24 4 4 1 0 0 00:00:36 0 PE-1# PE-2#show ip bgp summary BGP router identifier 4.4.4.4, local AS number 24 BGP table version is 1, main routing table version 1 Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 2.2.2.2 4 24 4 4 1 0 0 00:00:20 0 PE-2# Cu hnh IPv4 address family trao i nh tuyn gia PE v CE: Cu hnh cc tham s trn vrf gia PE v CE: (config-router)#address-family ipv4 vrf [vrf-name] (config-router-af)#redistribute [router protocol]

PE-1(config)#router bgp 24 PE-1(config-router)#address-family ipv4 vrf A PE-1(config-router-af)#redistribute rip PE-1(config-router-af)#exit PE-1(config-router)#address-family ipv4 vrf B PE-1(config-router-af)#redistribute eigrp 101 PE-1(config-router-af)#end PE-1# PE-2(config)#router bgp 24 PE-2(config-router)#address-family ipv4 vrf A PE-2(config-router-af)#redistribute rip PE-2(config-router-af)#exit PE-2(config-router)#address-family ipv4 vrf B PE-2(config-router-af)#redistribute eigrp 101 PE-2(config-router-af)#end PE-2# Kim tra bng nh tuyn ca cc router khch hng: CE-A1#show ip route .. Gateway of last resort is not set 10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks C 10.1.1.0/24 is directly connected, Loopback0 R 10.0.0.0/8 [120/1] via 192.168.1.2, 00:00:23, Serial0/0 C 192.168.1.0/24 is directly connected, Serial0/0 R 192.168.2.0/24 [120/1] via 192.168.1.2, 00:00:23, Serial0/0 CE-A1# CE-2A#show ip route Gateway of last resort is not set 10.0.0.0/24 is subnetted, 2 subnets D 10.2.2.0 [90/2809856] via 192.168.1.2, 00:15:28, Serial0/0 C 10.1.1.0 is directly connected, Loopback0 C 192.168.1.0/24 is directly connected, Serial0/0 D 192.168.2.0/24 [90/2681856] via 192.168.1.2, 00:15:28, Serial0/0 CE-2A# Thc hin lnh ping kim tra CE-1A#ping 10.2.2.1 source 10.1.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.2.2.1, timeout is 2 seconds: Packet sent with a source address of 10.1.1.1 !!!!!

Success rate is 100 percent (5/5), round-trip min/avg/max = 28/77/180 ms CE-2A#ping 10.2.2.1 source 10.1.1.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.2.2.1, timeout is 2 seconds: Packet sent with a source address of 10.1.1.1 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 28/77/180 ms