CẤU HÌNH MPLS VPN CƠ BẢN

**chantroitinhoc** Mon Oct 10, 2011 7:42 pm

Bài LAB này chúng ta cấu hình MPLS VPN giữa hai site HQ và Branch của Customer thông qua Provide Network (SP1, SP2 và SP3). Trong đó, router SP1 và SP3 đóng vai trò là PE router, còn router SP2 đóng vai trò là P router và các router HQ và Branch là các CE router. Provider Network cấu hình định tuyến với OSPF area 0, còn các Customer Network cấu hình định tuyến với EIGRP AS 100.

Topology:

CẤU HÌNH MPLS VPN CƠ BẢN Mplsvp11

1. Thiết lập mô hình, cấu hình cơ bản trên các router và đặt địa chỉ IP như trong mô hình.
(Các bạn tự làm)

2. Cấu hình OSPF Area 0 trên các router của Provider:

SP1(config)# router ospf 1
SP1(config-router)# network 192.168.23.0 0.0.0.255 area 0
SP1(config-router)# network 2.2.2.0 0.0.0.255 area 0
SP1(config-router)# passive-interface f1/0

SP2(config)# router ospf 1
SP2(config-router)# network 192.168.23.0 0.0.0.255 area 0
SP2(config-router)# network 192.168.34.0 0.0.0.255 area 0
SP2(config-router)# network 3.3.3.0 0.0.0.255 area 0

SP3(config)# router ospf 1
SP3(config-router)# network 192.168.34.0 0.0.0.255 area 0
SP3(config-router)# network 4.4.4.0 0.0.0.255 area 0
SP3(config-router)# passive-interface f0/0

Sau khi cấu hình các bước trên xong bạn có thể kiểm tra ping từ SP1 đến SP3 dưới đây phải thành công:

SP1# ping 4.4.4.4 source loopback 0

Code:: ISP1#ping 4.4.4.4 source loopback 0 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 4.4.4.4, timeout is 2 seconds: Packet sent with a source address of 2.2.2.2 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 20/51/116 ms

3. Cấu hình MPLS trên các router SP1, SP2 và SP3 của nhà cung cấp dịch vụ:

SP1(config)# interface f0/0
SP1(config-if)# mpls ip

SP2(config)# interface f0/0
SP2(config-if)# mpls ip
SP2(config-if)# exit
SP2(config)# interface f1/0
SP2(config-if)# mpls ip

SP3(config)# interface f1/0
SP3(config-if)# mpls ip

Các bạn chú ý là không cấu hình MPLS trên các interface loopback trên các router và tại router SP1, SP3 không cấu hình MPLS trên interface nối đến các CE router.

Sau khi cấu hình xong MPLS trên các Provider router, chúng ta tiến hành kiểm tra thông tin cấu hình MPLS forwarding-table

SP2# show mpls forwarding-table

Code:: ISP2#show mpls forwarding-table Local Outgoing Prefix Bytes tag Outgoing Next Hop tag tag or VC or Tunnel Id switched interface 16 Untagged 2.2.2.2/32 570 Fa0/0 192.168.23.2 17 Untagged 4.4.4.4/32 570 Fa1/0 192.168.34.4

Sau khi bạn hiển thị thông tin mpls forwarding-table thì thấy các neighbor nhận ra host route 2.2.2.2/32 hoặc 4.4.4.4/32 thay vì 2.2.2.2/24 hay 4.4.4.4/24 như khi thiết lập ip cho interface loopback. Chúng ta cần cấu hình lại như sau để quá trình trao đổi thông tin giữa các router đúng yêu cầu:

SP1(config)# interface loopback 0
SP1(config-if)# ip ospf network point-to-point

SP2(config)# interface loopback 0
SP2(config-if)# ip ospf network point-to-point

SP3(config)# interface loopback 0
SP3(config-if)# ip ospf network point-to-point

Các bạn có thể kiểm tra lại kết quả để thấy thông tin đã được update:

Code:: ISP2#show mpls forwarding-table Local Outgoing Prefix Bytes tag Outgoing Next Hop tag tag or VC or Tunnel Id switched interface 18 Pop tag 2.2.2.0/24 0 Fa0/0 192.168.23.2 19 Pop tag 4.4.4.0/24 0 Fa1/0 192.168.34.4

4. Cấu hình MPLS sử dụng loopback 0 làm router-id:

SP1(config)# mpls ldp router-id loopback 0

SP2(config)# mpls ldp router-id loopback 0

SP3(config)# mpls ldp router-id loopback 0

5. Cấu hình VRF "CUSTOMER" trên SP1, SP3 với Route Distinguisher 100:1 và Route Target both 1:100

SP1(config)# ip vrf CUSTOMER
SP1(config-vrf)# rd 100:1
SP1(config-vrf)# route-target both 1:100

SP1(config)# interface f1/0
SP1(config-if)# ip vrf forwarding CUSTOMER

SP3(config)# ip vrf CUSTOMER
SP3(config-vrf)# rd 100:1
SP3(config-vrf)# route-target both 1:100

SP3(config)# interface f0/0
SP3(config-if)# ip vrf forwarding CUSTOMER

Lúc này bạn không thể ping được 192.168.12.2 trên SP1 hay ping 192.168.45.4 trên SP3 bình thường như trước nữa mà bạn phải thêm tham số vrf.
SP1# ping vrf CUSTOMER 192.168.12.2

Code:: ISP1#ping vrf CUSTOMER 192.168.12.1 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.12.1, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 4/30/60 ms

6. Cấu hình EIGRP AS 100 trên router HQ và Branch:

HQ(config)# router eigrp 100
HQ(config-router)# network 192.168.12.0
HQ(config-router)# network 1.1.1.0
HQ(config-router)# no auto-summary

Branch(config)# router eigrp 100
Branch(config-router)# network 192.168.45.0
Branch(config-router)# network 5.5.5.0
Branch(config-router)# no auto-summary

7. Cấu hình EIGRP cho vrf CUSTOMER trên router ISP1 và ISP3:

ISP1(config)# router eigrp 1
ISP1(config-router)# address-family ipv4 vrf CUSTOMER
ISP1(config-router-af)# autonomous-system 100
ISP1(config-router-af)# network 192.168.12.0
ISP1(config-router-af)# no auto-summary

ISP3(config)# router eigrp 1
ISP3(config-router)# address-family ipv4 vrf CUSTOMER
ISP3(config-router-af)# autonomous-system 100
ISP3(config-router-af)# network 192.168.45.0
ISP3(config-router-af)# no auto-summary

Các bạn dùng lệnh show ip eigrp vrf CUSTOMER neighbors để kiểm tra neighbor của ISP3

Code:: ISP1#show ip eigrp vrf CUSTOMER neighbors IP-EIGRP neighbors for process 100 H Address Interface Hold Uptime SRTT RTO Q Seq (sec) (ms) Cnt Num 0 192.168.12.1 Fa1/0 14 00:04:36 87 522 0 4

Nếu các bạn dùng lệnh show ip route trên router R1 sẽ không thấy đường mạng 192.168.12.0

Code:: ISP1#show ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set 2.0.0.0/24 is subnetted, 1 subnets C 2.2.2.0 is directly connected, Loopback0 3.0.0.0/24 is subnetted, 1 subnets O 3.3.3.0 [110/2] via 192.168.23.3, 10:58:59, FastEthernet0/0 4.0.0.0/24 is subnetted, 1 subnets O 4.4.4.0 [110/3] via 192.168.23.3, 10:58:59, FastEthernet0/0 C 192.168.23.0/24 is directly connected, FastEthernet0/0 O 192.168.34.0/24 [110/2] via 192.168.23.3, 10:58:59, FastEthernet0/0

Các bạn dùng lệnh show ip route vrf CUSTOMER để xem thấy đường mạng 192.168.12.0

Code:: ISP1#show ip route vrf CUSTOMER Routing Table: CUSTOMER Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set C 192.168.12.0/24 is directly connected, FastEthernet1/0 1.0.0.0/24 is subnetted, 1 subnets D 1.1.1.0 [90/156160] via 192.168.12.1, 00:10:18, FastEthernet1/0

8. Cấu hình BGP AS 1 giữa các router ISP1 và ISP3:

ISP1(config)# router bgp 1
ISP1(config-router)# neighbor 4.4.4.4 remote-as 1
ISP1(config-router)# neighbor 4.4.4.4 update-source looback 0
ISP1(config-router)# address-family vpnv4
ISP1(config-router-af)# neighbor 4.4.4.4 active
ISP1(config-router-af)# neighbor 4.4.4.4 send-community both

ISP3(config)# router bgp 1
ISP3(config-router)# neighbor 2.2.2.2 remote-as 1
ISP3(config-router)# neighbor 2.2.2.2 update-source looback 0
ISP3(config-router)# address-family vpnv4
ISP3(config-router-af)# neighbor 2.2.2.2 active
ISP3(config-router-af)# neighbor 2.2.2.2 send-communitiy extended

9. Redistribube EIGRP vào BGP:

ISP1(config)# router bgp 1
ISP1(config-router)# address-family ipv4 vrf CUSTOMER
ISP1(config-router-af)# redistribute eigrp 100

ISP3(config)# router bgp 1
ISP3(config-router)# address-family ipv4 vrf CUSTOMER
ISP3(config-router-af)# redistribute eigrp 100

10. Redistribute các thông tin từ BGP vào EIGRP sử dụng các tham số sau:
Bandwith: 1500 kbps
Delay: 4000
Reliability: 200
Load: 10
MTU: 1500

ISP1(config)# router eigrp 1
ISP1(config-router)# address-family ipv4 vrf CUSTOMER
ISP1(config-router-af)# redistribute bgp 1 metric 1500 4000 200 10 1500

ISP3(config)# router eigrp 1
ISP3(config-router)# address-family ipv4 vrf CUSTOMER
ISP3(config-router-af)# redistribute bgp 1 metric 1500 4000 200 10 1500

Bây giờ chúng ta kiểm tra bảng định tuyến thông qua vrf của router HQ ta thấy các đường mạng của Branch.

Code:: ISP1#show ip route vrf CUSTOMER Routing Table: CUSTOMER Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set C 192.168.12.0/24 is directly connected, FastEthernet1/0 1.0.0.0/24 is subnetted, 1 subnets D 1.1.1.0 [90/156160] via 192.168.12.1, 07:06:39, FastEthernet1/0 B 192.168.45.0/24 [200/0] via 4.4.4.4, 00:06:59 5.0.0.0/24 is subnetted, 1 subnets B 5.5.5.0 [200/156160] via 4.4.4.4, 00:06:59

Và ở tại router HQ ta xem bảng định tuyến đã thấy các đường mạng bên Branch.

Code:: HQ#show ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set C 192.168.12.0/24 is directly connected, FastEthernet0/0 1.0.0.0/24 is subnetted, 1 subnets C 1.1.1.0 is directly connected, Loopback0 D 192.168.45.0/24 [90/30720] via 192.168.12.2, 00:10:16, FastEthernet0/0 5.0.0.0/24 is subnetted, 1 subnets D 5.5.5.0 [90/158720] via 192.168.12.2, 00:10:16, FastEthernet0/0

Giờ chúng ta đứng tại HQ có thể ping tới Branch và ngược lại.

Code:: HQ#ping 5.5.5.5 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 32/71/108 ms HQ#ping 5.5.5.5 source loopback 0 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds: Packet sent with a source address of 1.1.1.1 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 20/65/176 ms

Code:: Branch#show ip route Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set D 192.168.12.0/24 [90/30720] via 192.168.45.4, 00:30:32, FastEthernet0/0 1.0.0.0/24 is subnetted, 1 subnets D 1.1.1.0 [90/158720] via 192.168.45.4, 00:30:32, FastEthernet0/0 C 192.168.45.0/24 is directly connected, FastEthernet0/0 5.0.0.0/24 is subnetted, 1 subnets C 5.5.5.0 is directly connected, Loopback0 Branch#ping 5.5.5.5 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms Branch#ping 5.5.5.5 source loopback 0 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds: Packet sent with a source address of 5.5.5.5 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms