1.实验项目:VPN、MPLS、多种协议下的MPLS/VPN、VOip、IS-IS、RIP、静态路由、BGP
1. 实验目的:
验证MPLS/VPN的可实施性、及在MPLS/VPN基础上的可实时业务的应用。
本实验验证以下技术点:
a. VPN
b. MPLS
c. 多种环境下的MPLS/VPN
d. VOIP的应用
2. 实验方法:
a. 验证基于IS-IS的MPLS/VPN
b. 验证基于Inter AS 的 MPLS/VPN
c. 验证基于Inter AS 的 MPLS/VPN中VOIP的应用
2.基于IS-IS的MPLS/VPN
1.实验方案:
实验环境如图:
骨干IGP为IS-IS,其中包括三个独立的L2域、每一个骨干路由器为一个独立的域,与骨干网的设计相符。
MPLS/VPN 中,三台骨干路由器为PE、其它设备为CE。
MPLS/VPN上建立三个VPN :
a. VPN1的CE分别在两个不同的AS、采用EBGP和骨干路由器互联,AS号码为65505和65506。
b. VPN2的两个CE采用不同的IGP路由协议互联、S3采用OSPF和R3连接、S2采用RIP和R2连接。
c. VPN3的两个CE采用静态路由和PE连接。
2. 方案技术要点:
a. 网络协议IS-IS、EBGP、IBGP、OSPF、RIP、静态路由。
b. 完全相同IP地址的VPN( VPN1与 VPN2 )。
c. VPN中采用不同协议:VPN1 (EBGP-EBGP),VPN2 (RIP-OSPF), VPN3 ( 静态路由-静态路由)。
3. 配置命令:
version 12.0
!
hostname R2
!
boot system disk0:rsp-pv-mz.120-22.S.bin
ip cef
no ip domain-lookup
!
ip vrf vpn1
rd 100:1
route-target eXPort 100:1
route-target import 100:1
!
ip vrf vpn2
rd 100:2
route-target export 100:2
route-target import 100:2
!
ip vrf vpn3
rd 100:3
route-target export 100:3
route-target import 100:3
clns routing
!
interface Loopback0
ip address 10.10.20.2 255.255.255.255
no ip directed-broadcast
ip router isis
isis circuit-type level-2-only
!
interface Multilink1
ip address 10.10.12.2 255.255.255.0
no ip directed-broadcast
ip router isis
tag-switching ip
ppp multilink
multilink-group 1
isis circuit-type level-2-only
!
router isis
net 00.1111.0000.0000.1112.00
is-type level-2-only
!
router rip
version 2
!
address-family ipv4 vrf vpn2
version 2
redistribute bgp 100 metric transparent
network 10.0.0.0
no auto-summary
exit-address-family
!
router bgp 100
bgp log-neighbor-changes
bgp graceful-restart restart-time 120
bgp graceful-restart stalepath-time 360
bgp graceful-restart
neighbor 10.10.10.1 remote-as 100
neighbor 10.10.10.1 update-source Loopback0
neighbor 10.10.30.3 remote-as 100
neighbor 10.10.30.3 update-source Loopback0
no auto-summary
!
address-family ipv4 multicast
no auto-summary
no synchronization
exit-address-family
!
address-family vpnv4
neighbor 10.10.10.1 activate
neighbor 10.10.10.1 next-hop-self
neighbor 10.10.10.1 send-community extended
neighbor 10.10.30.3 activate
neighbor 10.10.30.3 next-hop-self
neighbor 10.10.30.3 send-community extended
no auto-summary
exit-address-family
!
address-family ipv4
neighbor 10.10.10.1 activate
neighbor 10.10.30.3 activate
no auto-summary
no synchronization
exit-address-family
!
address-family ipv4 vrf vpn3
redistribute connected
redistribute static
no auto-summary
no synchronization
exit-address-family
!
address-family ipv4 vrf vpn2
redistribute connected
redistribute static
redistribute rip
no auto-summary
no synchronization
exit-address-family
!
address-family ipv4 vrf vpn1
neighbor 10.10.26.6 remote-as 65506
neighbor 10.10.26.6 activate
no auto-summary
no synchronization
exit-address-family
!
ip classless
ip route vrf vpn3 10.10.60.0 255.255.255.0 10.10.26.6
4. 确认命令:
R1# sh ip rou
10.0.0.0/8 is variably subnetted, 7 subnets, 2 masks
C 10.10.10.1/32 is directly connected, Loopback0
C 10.10.12.0/24 is directly connected, Multilink1
C 10.10.13.0/24 is directly connected, POS4/0/0
C 10.10.12.2/32 is directly connected, Multilink1
i L2 10.10.20.2/32 [115/17] via 10.10.13.2, POS4/0/0
i L2 10.10.23.0/24 [115/7] via 10.10.13.2, POS4/0/0
i L2 10.10.30.3/32 [115/15] via 10.10.13.2, POS4/0/0
R1#sh ip router vrf vpn2
10.0.0.0/24 is subnetted, 4 subnets
C 10.10.15.0 is directly connected, FastEthernet2/0/1
B 10.10.26.0 [200/0] via 10.10.20.2, 00:01:48
B 10.10.50.0 [20/0] via 10.10.15.5, 00:01:54
B 10.10.60.0 [200/0] via 10.10.20.2, 00:01:48
R1#sh ip router vrf vpn3
10.0.0.0/24 is subnetted, 3 subnets
C 10.10.15.0 is directly connected, FastEthernet2/0/0
B 10.10.26.0 [200/0] via 10.10.20.2, 00:01:57
B 10.10.60.0 [200/0] via 10.10.20.2, 00:01:57
R5-3640#sh ip rou
10.0.0.0/24 is subnetted, 4 subnets
C 10.10.15.0 is directly connected, FastEthernet0/0
B 10.10.26.0 [20/0] via 10.10.15.1, 00:02:24
C 10.10.50.0 is directly connected, Loopback0
B 10.10.60.0 [20/0] via 10.10.15.1, 00:02:24
R5-3640#ping 10.10.60.6
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.60.6, timeout is 2 seconds:
!!!!!
SUCcess rate is 100 percent (5/5), round-trip min/avg/max = 12/12/12 ms
R5-3640#trace 10.10.60.6
Type escape sequence to abort.
Tracing the route to 10.10.60.6
1 10.10.15.1 0 msec 0 msec 4 msec
2 10.10.13.2 [MPLS: Labels 17/18 Exp 0] 12 msec 12 msec 12 msec
3 10.10.26.2 [AS 65506] [MPLS: Label 18 Exp 1] 4 msec 4 msec 4 msec
4 10.10.26.6 [AS 65506] 12 msec 12 msec *
S1-4006 (enable) trace 10.10.60.6
traceroute to 10.10.60.6 (10.10.60.6), 30 hops max, 40 byte packets
1 10.10.15.1 (10.10.15.1) 8 ms 24 ms 7 ms
2 10.10.13.2 (10.10.13.2) 10 ms 9 ms 10 ms
3 10.10.26.2 (10.10.26.2) 10 ms 7 ms 7 ms
4 10.10.26.6 (10.10.26.6) 8 ms * 9 ms
S1-4006 (enable) exit
R2#sh ip rou
10.0.0.0/8 is variably subnetted, 7 subnets, 2 masks
i L2 10.10.10.1/32 [115/17] via 10.10.23.3, GigabitEthernet10/0/0
C 10.10.12.0/24 is directly connected, Multilink1
i L2 10.10.13.0/24 [115/7] via 10.10.23.3, GigabitEthernet10/0/0
C 10.10.12.1/32 is directly connected, Multilink1
C 10.10.20.2/32 is directly connected, Loopback0
C 10.10.23.0/24 is directly connected, GigabitEthernet10/0/0
i L2 10.10.30.3/32 [115/12] via 10.10.23.3, GigabitEthernet10/0/0
R2#sh ip router vrf vpn1
10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks
B 10.10.15.0/24 [200/0] via 10.10.10.1, 00:05:48
C 10.10.26.0/24 is directly connected, Multilink2
C 10.10.26.6/32 is directly connected, Multilink2
B 10.10.50.0/24 [200/0] via 10.10.10.1, 00:05:48
B 10.10.60.0/24 [20/0] via 10.10.26.6, 00:07:21
R2#sh ip route vrf vpn2
10.0.0.0/24 is subnetted, 3 subnets
C 10.10.22.0 is directly connected, FastEthernet9/0/0
B 10.10.33.0 [200/0] via 10.10.30.3, 00:05:51
B 10.10.100.0 [200/2] via 10.10.30.3, 00:05:21
R2#sh ip route vrf vpn3
10.0.0.0/24 is subnetted, 3 subnets
B 10.10.15.0 [200/0] via 10.10.10.1, 00:05:55
C 10.10.26.0 is directly connected, FastEthernet8/0/0
S 10.10.60.0 [1/0] via 10.10.26.6
R6-3640#sh ip rou
10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks
B 10.10.15.0/24 [20/0] via 10.10.26.2, 00:06:04
C 10.10.26.2/32 is directly connected, Multilink1
C 10.10.26.0/24 is directly connected, Multilink1
B 10.10.50.0/24 [20/0] via 10.10.26.2, 00:06:04
C 10.10.60.0/24 is directly connected, Loopback0
R6-3640#ping 10.10.50.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.50.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms
R6-3640#trace 10.10.50.5
Type escape sequence to abort.
Tracing the route to 10.10.50.5
1 10.10.26.2 0 msec 4 msec 0 msec
2 10.10.23.3 [MPLS: Labels 18/21 Exp 0] 4 msec 4 msec 4 msec
3 10.10.15.1 [AS 65505] 4 msec 4 msec 4 msec
4 10.10.15.5 [AS 65505] 0 msec * 4 msec
R3#sh ip rou
10.0.0.0/8 is variably subnetted, 6 subnets, 2 masks
i L2 10.10.10.1/32 [115/15] via 10.10.13.1, POS5/0/0
i L2 10.10.12.0/24 [115/12] via 10.10.23.2, GigabitEthernet1/0/0
C 10.10.13.0/24 is directly connected, POS5/0/0
i L2 10.10.20.2/32 [115/12] via 10.10.23.2, GigabitEthernet1/0/0
C 10.10.23.0/24 is directly connected, GigabitEthernet1/0/0
C 10.10.30.3/32 is directly connected, Loopback0
R3#sh ip route vrf vpn 2
10.0.0.0/24 is subnetted, 3 subnets
B 10.10.22.0 [200/0] via 10.10.20.2, 00:09:23
C 10.10.33.0 is directly connected, FastEthernet4/0/0
O 10.10.100.0 [110/2] via 10.10.33.33, 00:08:43, FastEthernet4/0/0
S3-4006-L3#sh ip rou
10.0.0.0/24 is subnetted, 3 subnets
O E2 10.10.22.0 [110/1] via 10.10.33.3, 00:09:38, Port-channel1.1
C 10.10.33.0 is directly connected, Port-channel1.1
C 10.10.100.0 is directly connected, Port-channel1.2
S3-4006-L3#ping 10.10.22.254
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.10.22.254, timeout is 2 seconds:
!!!!!
5. 结果:
a. 网络协议IS-IS、EBGP、IBGP、OSPF、RIP、静态路由等协议连通正常。
b. 完全相同IP地址的VPN( VPN1与 VPN2 )。
c. VPN中采用不同协议:VPN1 (EBGP-EBGP),VPN2 (RIP-OSPF), VPN3 ( 静态路由-静态路由) 连通正常。