NOKIA VSR的MPLS L3VPN

------------------------------------------PE1上的操作------------------------------------------

接口预配置

configure card 1 card-type "iom3-xp-b"

configure card 1 mda 1 mda-type "m5-1gb-sfp-b"

configure port 1/1/[1..5] no shutdown

admin save

接口配置

configure system name pe1

configure router interface "to-pe2" address 192.168.12.1/24

configure router interface "to-pe2" port 1/1/1

configure router interface "to-pe3" address 192.168.13.1/24

configure router interface "to-pe3" port 1/1/3

configure router interface lo0 address 10.10.10.10/32

configure router interface "lo0" loopback

configure router interface "system" address 1.1.1.1/32

ospf配置

configure router router-id 10.10.10.10

configure router ospf traffic-engineering

configure router ospf router-id 10.10.10.10

configure router ospf area 0.0.0.0 interface "lo0" passive

configure router ospf area 0.0.0.0 interface system passive

configure router ospf area 0.0.0.0 interface "to-pe2" interface-type point-to-point

configure router ospf area 0.0.0.0 interface "to-pe3" interface-type point-to-point

configure router ospf area 0.0.0.0 interface "to-pe2" authentication-type message-digest

configure router ospf area 0.0.0.0 interface "to-pe2" message-digest-key 1 md5 "lab123"

configure router ospf area 0.0.0.0 interface "to-pe3" authentication-type message-digest

configure router ospf area 0.0.0.0 interface "to-pe3" message-digest-key 1 md5 "lab123"

admin save

LDP配置

configure router ldp interface-parameters interface "to-pe2" dual-stack ipv4 no sh

configure router ldp interface-parameters interface "to-pe2" no sh

configure router ldp interface-parameters interface "to-pe3" dual-stack ipv4 no sh

configure router ldp interface-parameters interface "to-pe3" no sh

configure router ldp targeted-session no disable-targeted-session

configure router ldp no shutdown

admin save

BGP配置

configure router autonomous-system 65000

configure router bgp group "PE-PE" family ipv4 vpn-ipv4

configure router bgp group "PE-PE" type internal

configure router bgp group "PE-PE" neighbor 2.2.2.2 type internal

configure router bgp group "PE-PE" neighbor 3.3.3.3 type internal

admin save

创建VRF

configure port 1/1/5 shutdown

configure port 1/1/5 ethernet mode access

configure port 1/1/5 no shutdown

configure service customer 1234 create desc "TO-CE-VRF"

configure service vprn 1234 customer 1234 create route-distinguisher 10.10.10.10:1

configure service vprn 1234 customer 1234 create auto-bind-tunnel resolution-filter ldp

configure service vprn 1234 customer 1234 create auto-bind-tunnel resolution filter

configure service vprn 1234 customer 1234 create vrf-target target:65000:1

configure service vprn 1234 customer 1234 create interface "to-ce1" create address 192.168.101.254/24

configure service vprn 1234 customer 1234 create interface "to-ce1" create sap 1/1/5 create description "to-ce1"

configure service vprn 1234 customer 1234 create no shutdown

configure service vprn 1234 customer 1234 autonomous-system 65000

configure service vprn 1234 customer 1234 bgp group TO-CE type external

configure service vprn 1234 customer 1234 bgp group TO-CE neighbor 192.168.101.1 peer-as 65001

configure service vprn 1234 customer 1234 bgp group TO-CE no shutdown

configure service vprn 1234 customer 1234 bgp no shutdown

admin save

------------------------------------------PE2上的操作------------------------------------------

接口预配置

configure card 1 card-type "iom3-xp-b"

configure card 1 mda 1 mda-type "m5-1gb-sfp-b"

configure port 1/1/[1..5] no shutdown

admin save

接口配置

configure system name pe2

configure router interface "to-pe1" address 192.168.12.2/24

configure router interface "to-pe1" port 1/1/1

configure router interface "to-pe3" address 192.168.23.2/24

configure router interface "to-pe3" port 1/1/2

configure router interface lo0 address 20.20.20.20/32

configure router interface "lo0" loopback

configure router interface "system" address 2.2.2.2/32

ospf配置

configure router router-id 20.20.20.20

configure router ospf traffic-engineering

configure router ospf router-id 20.20.20.20

configure router ospf area 0.0.0.0 interface "lo0" passive

configure router ospf area 0.0.0.0 interface system passive

configure router ospf area 0.0.0.0 interface "to-pe1" interface-type point-to-point

configure router ospf area 0.0.0.0 interface "to-pe3" interface-type point-to-point

configure router ospf area 0.0.0.0 interface "to-pe1" authentication-type message-digest

configure router ospf area 0.0.0.0 interface "to-pe1" message-digest-key 1 md5 "lab123"

configure router ospf area 0.0.0.0 interface "to-pe3" authentication-type message-digest

configure router ospf area 0.0.0.0 interface "to-pe3" message-digest-key 1 md5 "lab123"

admin save

LDP配置

configure router ldp interface-parameters interface "to-pe1" dual-stack ipv4 no sh

configure router ldp interface-parameters interface "to-pe1" no sh

configure router ldp interface-parameters interface "to-pe3" dual-stack ipv4 no sh

configure router ldp interface-parameters interface "to-pe3" no sh

configure router ldp targeted-session no disable-targeted-session

configure router ldp no shutdown

admin save

BGP配置

configure router autonomous-system 65000

configure router bgp group "PE-PE" family ipv4 vpn-ipv4

configure router bgp group "PE-PE" type internal

configure router bgp group "PE-PE" neighbor 1.1.1.1 type internal

configure router bgp group "PE-PE" neighbor 3.3.3.3 type internal

admin save

创建VRF

configure port 1/1/5 shutdown

configure port 1/1/5 ethernet mode access

configure port 1/1/5 no shutdown

configure service customer 1234 create desc "TO-CE-VRF"

configure service vprn 1234 customer 1234 create route-distinguisher 20.20.20.20:1

configure service vprn 1234 customer 1234 create auto-bind-tunnel resolution-filter ldp

configure service vprn 1234 customer 1234 create auto-bind-tunnel resolution filter

configure service vprn 1234 customer 1234 create vrf-target target:65000:1

configure service vprn 1234 customer 1234 create interface "to-ce2" create address 192.168.102.254/24

configure service vprn 1234 customer 1234 create interface "to-ce2" create sap 1/1/5 create description "to-ce2"

configure service vprn 1234 customer 1234 create no shutdown

configure service vprn 1234 customer 1234 autonomous-system 65000

configure service vprn 1234 customer 1234 bgp group TO-CE type external

configure service vprn 1234 customer 1234 bgp group TO-CE neighbor 192.168.102.1 peer-as 65002

configure service vprn 1234 customer 1234 bgp group TO-CE no shutdown

configure service vprn 1234 customer 1234 bgp no shutdown

admin save

------------------------------------------PE3上的操作------------------------------------------

接口预配置

configure card 1 card-type "iom3-xp-b"

configure card 1 mda 1 mda-type "m5-1gb-sfp-b"

configure port 1/1/[1..5] no shutdown

admin save

接口配置

configure system name pe3

configure router interface "to-pe1" address 192.168.13.3/24

configure router interface "to-pe1" port 1/1/3

configure router interface "to-pe2" address 192.168.23.3/24

configure router interface "to-pe2" port 1/1/2

configure router interface lo0 address 30.30.30.30/32

configure router interface "lo0" loopback

configure router interface "system" address 3.3.3.3/32

ospf配置

configure router router-id 30.30.30.30

configure router ospf traffic-engineering

configure router ospf router-id 30.30.30.30

configure router ospf area 0.0.0.0 interface "lo0" passive

configure router ospf area 0.0.0.0 interface system passive

configure router ospf area 0.0.0.0 interface "to-pe1" interface-type point-to-point

configure router ospf area 0.0.0.0 interface "to-pe2" interface-type point-to-point

configure router ospf area 0.0.0.0 interface "to-pe1" authentication-type message-digest

configure router ospf area 0.0.0.0 interface "to-pe1" message-digest-key 1 md5 "lab123"

configure router ospf area 0.0.0.0 interface "to-pe2" authentication-type message-digest

configure router ospf area 0.0.0.0 interface "to-pe2" message-digest-key 1 md5 "lab123"

admin save

LDP配置

configure router ldp interface-parameters interface "to-pe1" dual-stack ipv4 no sh

configure router ldp interface-parameters interface "to-pe1" no sh

configure router ldp interface-parameters interface "to-pe2" dual-stack ipv4 no sh

configure router ldp interface-parameters interface "to-pe2" no sh

configure router ldp targeted-session no disable-targeted-session

configure router ldp no shutdown

admin save

BGP配置

configure router autonomous-system 65000

configure router bgp group "PE-PE" family ipv4 vpn-ipv4

configure router bgp group "PE-PE" type internal

configure router bgp group "PE-PE" neighbor 1.1.1.1 type internal

configure router bgp group "PE-PE" neighbor 2.2.2.2 type internal

admin save

创建VRF

configure port 1/1/5 shutdown

configure port 1/1/5 ethernet mode access

configure port 1/1/5 no shutdown

configure service customer 1234 create desc "TO-CE-VRF"

configure service vprn 1234 customer 1234 create route-distinguisher 30.30.30.30:1

configure service vprn 1234 customer 1234 create auto-bind-tunnel resolution-filter ldp

configure service vprn 1234 customer 1234 create auto-bind-tunnel resolution filter

configure service vprn 1234 customer 1234 create vrf-target target:65000:1

configure service vprn 1234 customer 1234 create interface "to-ce3" create address 192.168.103.254/24

configure service vprn 1234 customer 1234 create interface "to-ce3" create sap 1/1/5 create description "to-ce3"

configure service vprn 1234 customer 1234 create no shutdown

configure service vprn 1234 customer 1234 autonomous-system 65000

configure service vprn 1234 customer 1234 bgp group TO-CE type external

configure service vprn 1234 customer 1234 bgp group TO-CE neighbor 192.168.103.1 peer-as 65003

configure service vprn 1234 customer 1234 bgp group TO-CE no shutdown

configure service vprn 1234 customer 1234 bgp no shutdown

admin save

----------------------------------VMX-CE1的配置-----------------------------------------------

set interfaces ge-0/0/0 unit 0 family inet address 192.168.101.1/24

set interfaces lo0 unit 0 family inet address 10.1.255.1/32

set routing-options router-id 10.1.255.1

set routing-options autonomous-system 65001

set protocols bgp group TO-PE type external

set protocols bgp group TO-PE export export-lo0

set protocols bgp group TO-PE neighbor 192.168.101.254 peer-as 65000

set policy-options policy-statement export-lo0 term 1 from interface lo0.0

set policy-options policy-statement export-lo0 term 1 then accept

set policy-options policy-statement export-lo0 term last then reject

----------------------------------VMX-CE2的配置-----------------------------------------------

set interfaces ge-0/0/0 unit 0 family inet address 192.168.102.1/24

set interfaces lo0 unit 0 family inet address 10.1.255.2/32

set routing-options router-id 10.1.255.2

set routing-options autonomous-system 65002

set protocols bgp group TO-PE type external

set protocols bgp group TO-PE export export-lo0

set protocols bgp group TO-PE neighbor 192.168.102.254 peer-as 65000

set policy-options policy-statement export-lo0 term 1 from interface lo0.0

set policy-options policy-statement export-lo0 term 1 then accept

set policy-options policy-statement export-lo0 term last then reject

----------------------------------VMX-CE3的配置-----------------------------------------------

set interfaces ge-0/0/0 unit 0 family inet address 192.168.103.1/24

set interfaces lo0 unit 0 family inet address 10.1.255.3/32

set routing-options router-id 10.1.255.3

set routing-options autonomous-system 65003

set protocols bgp group TO-PE type external

set protocols bgp group TO-PE export export-lo0

set protocols bgp group TO-PE neighbor 192.168.103.254 peer-as 65000

set policy-options policy-statement export-lo0 term 1 from interface lo0.0

set policy-options policy-statement export-lo0 term 1 then accept

set policy-options policy-statement export-lo0 term last then reject

在PE1,PE2,PE3上导出vpnv4-into-ce

configure router policy-options

begin

policy-statement "export-vpnv4-into-ce"

entry 10

from

protocol bgp-vpn

exit

action accept

exit

exit

exit

commit

exit

configure service vprn 1234 bgp export "export-vpnv4-into-ce"

在PE上验证

show service id 1234 base

A:pe3# show service id 1234 base

===============================================================================

Service Basic Information

===============================================================================

Service Id : 1234 Vpn Id : 0

Service Type : VPRN

Name : (Not Specified)

Description : (Not Specified)

Customer Id : 1234 Creation Origin : manual

Last Status Change: 04/07/2021 13:53:48

Last Mgmt Change : 04/07/2021 13:53:48

Admin State : Up Oper State : Up

Route Dist. : 30.30.30.30:1 VPRN Type : regular

Oper Route Dist : 30.30.30.30:1

Oper RD Type : configured

AS Number : 65000 Router Id : 30.30.30.30

ECMP : Enabled ECMP Max Routes : 1

Auto Bind Tunnel

Resolution : filter

Filter Protocol : ldp

Max IPv6 Routes : No Limit

Ignore NH Metric : Disabled

Hash Label : Disabled

Vrf Target : target:65000:1

Vrf Import : None

Vrf Export : None

MVPN Vrf Target : None

MVPN Vrf Import : None

MVPN Vrf Export : None

Car. Sup C-VPN : Disabled

Label mode : vrf

BGP VPN Backup : Disabled

BGP Export Inacti*: Disabled

SAP Count : 1 SDP Bind Count : 0

-------------------------------------------------------------------------------

Service Access & Destination Points

-------------------------------------------------------------------------------

Identifier Type AdmMTU OprMTU Adm Opr

-------------------------------------------------------------------------------

sap:1/1/5 null 1514 1514 Up Up

===============================================================================

* indicates that the corresponding row element may have been truncated.

show router bgp routes vpn-ipv4

A:pe3# show router bgp routes vpn-ipv4

===============================================================================

BGP Router ID:30.30.30.30 AS:65000 Local AS:65000

===============================================================================

Legend -

Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid

l - leaked

Origin codes : i - IGP, e - EGP, ? - incomplete, > - best, b - backup

===============================================================================

BGP VPN-IPv4 Routes

===============================================================================

Flag Network LocalPref MED

Nexthop (Router) Path-Id Label

As-Path

-------------------------------------------------------------------------------

u*>i 10.10.10.10:1:10.1.255.1/32 100 None

1.1.1.1 None 131070

65001

u*>i 10.10.10.10:1:192.168.101.0/24 100 None

1.1.1.1 None 131070

No As-Path

u*>i 20.20.20.20:1:10.1.255.2/32 100 None

2.2.2.2 None 131070

65002

u*>i 20.20.20.20:1:192.168.102.0/24 100 None

2.2.2.2 None 131070

No As-Path

-------------------------------------------------------------------------------

Routes : 4

===============================================================================

show router 1234 route-table

A:pe3# show router 1234 route-table

===============================================================================

Route Table (Service: 1234)

===============================================================================

Dest Prefix[Flags] Type Proto Age Pref

Next Hop[Interface Name] Metric

-------------------------------------------------------------------------------

10.1.255.1/32 Remote BGP VPN 00h27m35s 170

1.1.1.1 (tunneled) 0

10.1.255.2/32 Remote BGP VPN 00h27m25s 170

2.2.2.2 (tunneled) 0

10.1.255.3/32 Remote BGP 00h28m18s 170

192.168.103.1 0

192.168.101.0/24 Remote BGP VPN 00h27m35s 170

1.1.1.1 (tunneled) 0

192.168.102.0/24 Remote BGP VPN 00h27m25s 170

2.2.2.2 (tunneled) 0

192.168.103.0/24 Local Local 00h28m25s 0

to-ce3 0

-------------------------------------------------------------------------------

No. of Routes: 6

Flags: n = Number of times nexthop is repeated

B = BGP backup route available

L = LFA nexthop available

S = Sticky ECMP requested

===============================================================================

NOKIA VSR的MPLS L3VPN

推荐阅读更多精彩内容