IT运维管理,创造商业价值!
中国IT运维网首页 | 资讯中心 | 运维管理 | 信息安全 | CIO视界 | 云计算 | 最佳案例 | 运维资源 | 专题策划 | 知识库 | 论坛

某项目CISCO产品测试报告基于Inter_AS的MPLS/VPN 实验

2008年06月24日
/
  1.实验方案:
  实验环境如图:
  
  两个骨干的AS环境、R1、R3为AS200,R2为AS100
  AS200的骨干IGP为IS-IS,其中包括三两个独立的L2域、每一个骨干路由器为一个独立的域,AS100的骨干IGP为OSPF。Inter-AS VPN的出现、使骨干网和省网之间打通VPN成为可能。
  
  MPLS/VPN 中,三台骨干路由器为PE、其它设备为CE。
  MPLS/VPN在Inter-AS上建立三个VPN :
  
  a. VPN1的CE分别在两个不同的AS、采用EBGP和骨干路由器互联,AS号码为65505和65506
  
  b. VPN2的两个CE采用不同的IGP路由协议互联、S3采用OSPF和R3连接、S2采用RIP和R2连接
  
  c. VPN3的两个CE采用静态路由和PE连接
  
  
  
  2.方案技术要点:
  
  a. Inter_AS 的MPLS/VPN,R1为AS200 PE、R2为 AS100PE。CE R5、R6通过不同的AS连通。
  b. Inter_AS的MPLS/VPN可以实现夸骨干网、省网之间的VPN,也就是说可以在国调、省调甚至地调实现VPN。
  
  3. 配置命令:
  
  version 12.0
  
  hostname R3
  !
  ip vrf vpn2
  rd 100:2
  route-target export 100:2
  route-target import 100:2
  clns routing
  no mpls traffic-eng auto-bw timers frequency 0
  !
  interface Loopback0
  ip address 10.10.30.3 255.255.255.255
  no ip directed-broadcast
  ip router isis
  isis circuit-type level-2-only
  !
  interface GigabitEthernet1/0/0
  ip address 10.10.23.3 255.255.255.0
  no ip directed-broadcast
  ip router isis
  load-interval 30
  negotiation auto
  isis circuit-type level-2-only
  isis metric 2 level-2
  !
  interface POS5/0/0
  ip address 10.10.13.3 255.255.255.0
  no ip directed-broadcast
  ip router isis
  encapsulation ppp
  tag-switching ip
  isis circuit-type level-2-only
  isis metric 5 level-2
  !
  router ospf 33 vrf vpn2
  log-adjacency-changes
  network 10.10.33.0 0.0.0.255 area 0
  !
  router isis
  net 00.1111.0000.0000.1113.00
  is-type level-2-only
  nsf cisco
  !
  router bgp 200
  no bgp default ipv4-unicast
  no bgp default route-target filter
  bgp log-neighbor-changes
  bgp graceful-restart restart-time 120
  bgp graceful-restart stalepath-time 360
  bgp graceful-restart
  neighbor 10.10.10.1 remote-as 200
  neighbor 10.10.10.1 update-source Loopback0
  neighbor 10.10.23.2 remote-as 100
  no auto-summary
  !
  address-family ipv4 multicast
  no auto-summary
  no synchronization
  exit-address-family
  !
  address-family vpnv4
  neighbor 10.10.10.1 activate
  neighbor 10.10.10.1 next-hop-self
  neighbor 10.10.10.1 send-community extended
  neighbor 10.10.23.2 activate
  neighbor 10.10.23.2 next-hop-self
  neighbor 10.10.23.2 send-community extended
  no auto-summary
  exit-address-family
  !
  address-family ipv4
  redistribute isis level-1-2
  no auto-summary
  no synchronization
  exit-address-family
  !
  address-family ipv4 vrf vpn2
  redistribute connected
  redistribute static
  redistribute ospf 33
  no auto-summary
  no synchronization
  exit-address-family
  
  4. 确认命令:
  
  R1#sh ip rou
  
  100.0.0.0/24 is subnetted, 2 subnets
  C 100.100.100.0 is directly connected, FastEthernet10/0/0
  C 100.100.200.0 is directly connected, FastEthernet10/0/1
  10.0.0.0/8 is variably subnetted, 7 subnets, 2 masks
  C 10.10.10.1/32 is directly connected, Loopback0
  C 10.10.12.0/24 is directly connected, Serial4/1/0
  C 10.10.13.0/24 is directly connected, POS4/0/0
  C 10.10.13.3/32 is directly connected, POS4/0/0
  C 10.10.12.2/32 is directly connected, Serial4/1/0
  i L2 10.10.23.0/24 [115/7] via 10.10.13.3, POS4/0/0
  i L2 10.10.30.3/32 [115/15] via 10.10.13.3, POS4/0/0
  
  R1#sh ip router vrf vpn1
  
  10.0.0.0/24 is subnetted, 4 subnets
  C 10.10.15.0 is directly connected, FastEthernet2/0/1
  B 10.10.26.0 [20/0] via 10.10.12.2, 00:01:41
  B 10.10.50.0 [20/0] via 10.10.15.5, 00:05:31
  B 10.10.60.0 [20/0] via 10.10.12.2, 00:01:41
  
  
  R5-3640#sh ip rou
  
  10.0.0.0/24 is subnetted, 4 subnets
  C 10.10.15.0 is directly connected, FastEthernet0/0
  B 10.10.26.0 [20/0] via 10.10.15.1, 00:05:45
  C 10.10.50.0 is directly connected, Loopback0
  B 10.10.60.0 [20/0] via 10.10.15.1, 00:05:45
  
  R5-3640#ping 10.10.60.6
  
  Type escape sequence to abort.
  Sending 5, 100-byte ICMP Echos to 10.10.60.6, timeout is 2 seconds:
  !!!!!
  Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms
  
  R5-3640#trace 10.10.60.6
  
  Type escape sequence to abort.
  Tracing the route to 10.10.60.6
  
  1 10.10.15.1 0 msec 0 msec 4 msec
  2 10.10.26.2 [AS 65506] [MPLS: Label 17 Exp 0] 4 msec 4 msec 4 msec
  3 10.10.26.6 [AS 65506] 4 msec 4 msec *
  
  
  5.结果:
  R5 和R6之间实现VPN连接。
  真正实现Inter_AS 的MPLS/VPN 。
发表评论请到:http://bbs.cnitom.com

相关阅读

图文热点

以不变应万变 网络虚拟化应对园区网新挑战
以不变应万变 网络虚拟化应对园区网新挑战Forrester Research的分析师Robert Whiteley认为: “十年以来,虚拟化技术与网络...
OpenShift加入更多新元素 友好面对开发者
OpenShift加入更多新元素 友好面对开发者通过网络进行程序提供的服务称之为SaaS(Software as a Service),而将服务器平台...

本类热点