MPLS VPN中实现HUB-SPOKE研究
概述
*********************************************************************************************
此文档描述在不同PE端的spoke与HUB相连
hub-spoke主要目的,就是让分支之间的通信要经过中心
MPLS VPN中实现这种方式,让spoke-ce的路由条目在hub-ce上进行交换,实现一个中心多个分支效果。
下面是在MPLS VPN运行环境下,实现这种hub-spoke的解决方案。********************************************************************************************
拓扑图
附件:
.jpg [ 67.5 KB | 被浏览 18 次 ]
配置
————————————————————————————————
R1
hostname r1
ip vrf a
rd 1:1
route-target export 1:1
route-target import 1:2
!
ip cef
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface Ethernet0/0
no ip address
!
interface Ethernet0/0.12
encapsulation dot1Q 12
ip address 12.1.1.1 255.255.255.0
tag-switching ip
no snmp trap link-status
!
interface Ethernet0/0.13
encapsulation dot1Q 13
ip address 13.1.1.1 255.255.255.0
tag-switching ip
no snmp trap link-status
!
interface Ethernet0/0.14
encapsulation dot1Q 14
ip vrf forwarding a
ip address 14.1.1.1 255.255.255.0
!
router ospf 10
log-adjacency-changes
network 0.0.0.0 255.255.255.255 area 0
!
router ospf 100 vrf a
log-adjacency-changes
redistribute bgp 1 subnets
network 0.0.0.0 255.255.255.255 area 0
!
router bgp 1
bgp log-neighbor-changes
neighbor 2.2.2.2 remote-as 1
neighbor 2.2.2.2 update-source Loopback0
neighbor 3.3.3.3 remote-as 1
neighbor 3.3.3.3 update-source Loopback0
!
address-family ipv4
neighbor 2.2.2.2 activate
neighbor 3.3.3.3 activate
no auto-summary
no synchronization
exit-address-family
!
address-family vpnv4
neighbor 2.2.2.2 activate
neighbor 2.2.2.2 send-community extended
neighbor 3.3.3.3 activate
neighbor 3.3.3.3 send-community extended
exit-address-family
!
address-family ipv4 vrf a
redistribute ospf 100
no auto-summary
no synchronization
exit-address-family
R2
hostname r2
!
ip vrf b
rd 1:1
route-target export 1:1
route-target import 1:2
!
ip cef
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface Ethernet0/0
no ip address
!
interface Ethernet0/0.12
encapsulation dot1Q 12
ip address 12.1.1.2 255.255.255.0
tag-switching ip
no snmp trap link-status
!
interface Ethernet0/0.23
encapsulation dot1Q 23
ip address 23.1.1.2 255.255.255.0
tag-switching ip
no snmp trap link-status
!
interface Ethernet0/0.25
encapsulation dot1Q 25
ip vrf forwarding b
ip address 25.1.1.2 255.255.255.0
!
router ospf 10
log-adjacency-changes
network 0.0.0.0 255.255.255.255 area 0
!
router ospf 100 vrf b
log-adjacency-changes
redistribute bgp 1 subnets
network 0.0.0.0 255.255.255.255 area 0
!
router bgp 1
bgp log-neighbor-changes
neighbor 1.1.1.1 remote-as 1
neighbor 1.1.1.1 update-source Loopback0
neighbor 3.3.3.3 remote-as 1
neighbor 3.3.3.3 update-source Loopback0
!
address-family ipv4
neighbor 1.1.1.1 activate
neighbor 3.3.3.3 activate
no auto-summary
no synchronization
exit-address-family
!
address-family vpnv4
neighbor 1.1.1.1 activate
neighbor 1.1.1.1 send-community extended
neighbor 3.3.3.3 activate
neighbor 3.3.3.3 send-community extended
exit-address-family
!
address-family ipv4 vrf b
redistribute ospf 100
no auto-summary
no synchronization
exit-address-family
!
在R3上,要有两条线下到HUB-CE端,学到的路由条目从一条链路下去,从另一条链路上来。
R3
hostname r3
ip vrf in
rd 1:2
route-target import 1:1
!
ip vrf out
rd 1:3
route-target export 1:2
!
ip cef
interface Loopback0
ip address 3.3.3.3 255.255.255.255
!
interface Ethernet0/0
no ip address
!
interface Ethernet0/0.13
encapsulation dot1Q 13
ip address 13.1.1.3 255.255.255.0
tag-switching ip
no snmp trap link-status
!
interface Ethernet0/0.23
encapsulation dot1Q 23
ip address 23.1.1.3 255.255.255.0
tag-switching ip
no snmp trap link-status
!
interface Ethernet0/0.26
encapsulation dot1Q 26
ip vrf forwarding in
ip address 26.1.1.3 255.255.255.0
no snmp trap link-status
!
interface Ethernet0/0.27
encapsulation dot1Q 27
ip vrf forwarding out
ip address 27.1.1.3 255.255.255.0
no snmp trap link-status
router ospf 10
log-adjacency-changes
network 0.0.0.0 255.255.255.255 area 0
!
router ospf 100 vrf in
log-adjacency-changes
redistribute bgp 1 subnets
network 0.0.0.0 255.255.255.255 area 0
!
router ospf 200 vrf out
log-adjacency-changes
network 0.0.0.0 255.255.255.255 area 0
!
router bgp 1
bgp log-neighbor-changes
neighbor 1.1.1.1 remote-as 1
neighbor 1.1.1.1 update-source Loopback0
neighbor 2.2.2.2 remote-as 1
neighbor 2.2.2.2 update-source Loopback0
!
address-family ipv4
neighbor 1.1.1.1 activate
neighbor 2.2.2.2 activate
no auto-summary
no synchronization
exit-address-family
!
address-family vpnv4
neighbor 1.1.1.1 activate
neighbor 1.1.1.1 send-community extended
neighbor 2.2.2.2 activate
neighbor 2.2.2.2 send-community extended
exit-address-family
!
address-family ipv4 vrf out
redistribute ospf 200 match internal external 1 external 2
no auto-summary
no synchronization
exit-address-family
!
address-family ipv4 vrf in
no auto-summary
no synchronization
exit-address-family
!
R6
hostname r6
!
interface Loopback0
ip address 6.6.6.6 255.255.255.255
!
interface Loopback1
ip address 7.7.7.7 255.255.255.255
!
interface Ethernet0/0
no ip address
!
interface Ethernet0/0.26
encapsulation dot1Q 26
ip address 26.1.1.6 255.255.255.0
no snmp trap link-status
!
interface Ethernet0/0.27
encapsulation dot1Q 27
ip address 27.1.1.6 255.255.255.0
!
router ospf 200
router-id 6.6.6.6
log-adjacency-changes
redistribute ospf 100 subnets match internal external 1 external 2 /要加匹配选项,否则发布失败
redistribute ospf 10 subnets
network 6.6.6.0 0.0.0.255 area 0
network 27.1.1.0 0.0.0.255 area 0
!
router ospf 100
router-id 7.7.7.7
log-adjacency-changes
network 7.7.7.7 0.0.0.0 area 0
network 26.1.1.0 0.0.0.255 area 0
-------------------------------------------------------------------------------------------------------------
在R3上看,BGP VPNV4表如下
r3#sh ip b vp al
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 1:1
*>i4.4.4.4/32 1.1.1.1 11 100 0 ?
*>i5.5.5.5/32 2.2.2.2 11 100 0 ?
*>i14.1.1.0/24 1.1.1.1 0 100 0 ?
*>i25.1.1.0/24 2.2.2.2 0 100 0 ?
Route Distinguisher: 1:2 (default for vrf in)
*>i4.4.4.4/32 1.1.1.1 11 100 0 ?
*>i5.5.5.5/32 2.2.2.2 11 100 0 ?
*>i14.1.1.0/24 1.1.1.1 0 100 0 ?
*>i25.1.1.0/24 2.2.2.2 0 100 0 ?
Route Distinguisher: 1:3 (default for vrf out)
*> 4.4.4.4/32 27.1.1.6 21 32768 ?
*> 5.5.5.5/32 27.1.1.6 21 32768 ?
*> 6.6.6.6/32 27.1.1.6 11 32768 ?
*> 7.7.7.7/32 27.1.1.6 1 32768 ?
*> 14.1.1.0/24 27.1.1.6 11 32768 ?
*> 25.1.1.0/24 27.1.1.6 11 32768 ?
*> 26.1.1.0/24 27.1.1.6 10 32768 ?
*> 27.1.1.0/24 0.0.0.0 0 32768 ?
路由从r6的ospf 200重发布过来,r4查看本地ospf进程,发现不一样,ospf路由会以以LSA5发布进入RIB
r4#sh ip rou
5.0.0.0/32 is subnetted, 1 subnets
O E2 5.5.5.5 [110/21] via 14.1.1.1, 00:14:19, Ethernet0/0.14
6.0.0.0/32 is subnetted, 1 subnets
O E2 6.6.6.6 [110/11] via 14.1.1.1, 00:14:19, Ethernet0/0.14
7.0.0.0/32 is subnetted, 1 subnets
O E2 7.7.7.7 [110/1] via 14.1.1.1, 00:14:19, Ethernet0/0.14
25.0.0.0/24 is subnetted, 1 subnets
O E2 25.1.1.0 [110/11] via 14.1.1.1, 00:14:19, Ethernet0/0.14
27.0.0.0/24 is subnetted, 1 subnets
O E2 27.1.1.0 [110/1] via 14.1.1.1, 00:14:19, Ethernet0/0.14
26.0.0.0/24 is subnetted, 1 subnets
O E2 26.1.1.0 [110/10] via 14.1.1.1, 00:14:19, Ethernet0/0.14
r6#sh ip rou
4.0.0.0/32 is subnetted, 1 subnets
O IA 4.4.4.4 [110/21] via 26.1.1.3, 00:14:56, Ethernet0/0.26
5.0.0.0/32 is subnetted, 1 subnets
O IA 5.5.5.5 [110/21] via 26.1.1.3, 00:14:56, Ethernet0/0.26
25.0.0.0/24 is subnetted, 1 subnets
O IA 25.1.1.0 [110/11] via 26.1.1.3, 00:14:56, Ethernet0/0.26
14.0.0.0/24 is subnetted, 1 subnets
O IA 14.1.1.0 [110/11] via 26.1.1.3, 00:14:56, Ethernet0/0.26
测试 HUB---SPOKE是否生效
r4(config)#do ping 5.5.5.5
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 16/19/20 ms
r4#trace 5.5.5.5
Type escape sequence to abort.
Tracing the route to 5.5.5.5
1 14.1.1.1 4 msec 0 msec 0 msec
2 27.1.1.3 4 msec 4 msec 0 msec
3 27.1.1.6 4 msec 4 msec 4 msec
4 26.1.1.3 0 msec 0 msec 8 msec
5 25.1.1.2 4 msec 4 msec 4 msec
6 25.1.1.5 8 msec * 8 msec
//r4到r5的路由经过r6
hub-spoke运行正常,测试成功
PS:设计时要注意,是通过RT来控制各个sopke与hub之间的路由导入导出的控制.RD设计上也要注意一些问题,在这里就不再阐述!
有兴趣可以进行深层次的交流。
