CISCO6509與JUNIPER做MPLS VPN

psac · 2004-07-13, 10:18 AM

CISCO6509和JUNIPER做MPLS VPN
先說明一下,目的是要把6509上的VLAN1和VLAN10,透過自己建立的MPLS VPN與JUNIPER ROUTE上連接的3個VLAN連接,JUNIPER上與CISCO-2950做TRUNK,並擔當單網路卡的VLAN間路由,

6509
引擎用SUPER720 用WS-X6548-GE-TX上的G3/1和OLIVE1連接
IOS版本:s72033-psv-mz.122-17d.SXB.bin

6509--VRF
ip vrf red
rd 65000:1
route-target export 65000:1
route-target import 65000:1

G3/1的配置
interface GigabitEthernet3/1
ip address 172.16.4.1 255.255.255.0
mpls label protocol ldp
tag-switching ip

MPLS和BGP以及OSPF
interface Vlan1
ip vrf forwarding red
ip address 10.229.8.1 255.255.255.0
!
interface Vlan10
ip vrf forwarding red
ip address 10.229.1.1 255.255.255.0
!
router ospf 1
log-adjacency-changes
network 172.16.4.0 0.0.0.255 area 0
network 192.168.100.0 0.0.0.255 area 0
!
router ospf 25 vrf red
log-adjacency-changes
redistribute bgp 65000 subnets
network 10.229.1.0 0.0.0.255 area 0
network 10.229.8.0 0.0.0.255 area 0
!
router bgp 65000
no synchronization
bgp router-id 192.168.100.5
bgp log-neighbor-changes
neighbor 192.168.100.4 remote-as 65000
neighbor 192.168.100.4 update-source Loopback0
neighbor 192.168.100.4 next-hop-self
no auto-summary
!
address-family vpnv4
neighbor 192.168.100.4 activate
neighbor 192.168.100.4 send-community both
exit-address-family
!
address-family ipv4 vrf red
redistribute ospf 25 metric 50 match external 1 external 2
no auto-summary
no synchronization
exit-address-family

JUNIPER
VRF的配置
policy-options {
policy-statement MY_IMPORT {
term 1 {
from {
protocol bgp;
community VPN-RED;
}
then accept;
}
term 2 {
then reject;
}
}
policy-statement MY_EXPORT {
term 1 {
then {
community add VPN-RED;
accept;
}
}
term 2 {
then reject;
}
}
community VPN-RED members target:65000:01;
}
routing-instances {
red {
description red-vpn;
instance-type vrf;
interface fxp1.0;
interface fxp1.200;
interface fxp1.300;
route-distinguisher 65000:01;
vrf-import MY_IMPORT;
vrf-export MY_EXPORT;
routing-options {
auto-export;
}
protocols {
ospf {
area 0.0.0.0 {
interface fxp1.0;
interface fxp1.200;
interface fxp1.300;
}
}
}
}
}

FXP1的配置
fxp1 {
vlan-tagging;
unit 0 {
description red-vpn;
vlan-id 1;
family inet {
address 10.229.0.118/24;
}
family mpls;
}
unit 200 {
description red-vpn;
vlan-id 20;
family inet {
address 10.229.3.1/24;
}
family mpls;
}
unit 300 {
description red-vpn;
vlan-id 10;
family inet {
address 10.229.4.1/24;
}
family mpls;

c6509#show ip vrf red
Name Default RD Interfaces
red 65000:1 Vlan1
Vlan10
c6509#show ip rou
c6509#show ip route vrf red
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

10.0.0.0/24 is subnetted, 4 subnets
B 10.229.4.0 [200/0] via 192.168.100.4, 00:17:47
B 10.229.3.0 [200/0] via 192.168.100.4, 00:17:47
C 10.229.1.0 is directly connected, Vlan10
B 10.229.0.0 [200/0] via 192.168.100.4, 00:17:47

xxzx@olive4# run show route forwarding-table vpn red
Routing table: red.inet
Internet:
Destination Type RtRef Next hop Type Index NhRef Netif
default perm 0 dscd 14 2
10.229.0.0/24 intf 0 rslv 52 1 fxp1.0
10.229.0.0/32 dest 0 10.229.0.0 recv 50 1 fxp1.0
10.229.0.118/32 intf 0 10.229.0.118 locl 51 2
10.229.0.118/32 dest 0 10.229.0.118 locl 51 2
10.229.0.255/32 dest 0 10.229.0.255 bcst 49 1 fxp1.0
10.229.3.0/24 intf 0 rslv 56 1 fxp1.200
10.229.3.0/32 dest 0 10.229.3.0 recv 54 1 fxp1.200
10.229.3.1/32 intf 0 10.229.3.1 locl 55 2
10.229.3.1/32 dest 0 10.229.3.1 locl 55 2
10.229.3.99/32 dest 0 0:10:60:75:4c:a4 ucst 63 1 fxp1.200
10.229.3.255/32 dest 0 10.229.3.255 bcst 53 1 fxp1.200
10.229.4.0/24 intf 0 rslv 60 1 fxp1.300
10.229.4.0/32 dest 0 10.229.4.0 recv 58 1 fxp1.300
10.229.4.1/32 intf 0 10.229.4.1 locl 59 2
10.229.4.1/32 dest 0 10.229.4.1 locl 59 2
10.229.4.255/32 dest 0 10.229.4.255 bcst 57 1 fxp1.300
224.0.0.0/4 perm 1 mdsc 15 3
224.0.0.1/32 perm 0 224.0.0.1 mcst 11 7
224.0.0.5/32 user 1 224.0.0.5 mcst 11 7
255.255.255.255/32 perm 0 bcst 12 3
P ROUTE用得都是6.0
PE ROUTE用得5.4北美版
CISCO6509用得SUP720

2004-07-13, 10:18 AM	#1
psac 榮譽會員榮譽勳章勳章總數19 UID - 3662 在線等級: 註冊日期: 2002-12-07 住址: 木柵市立動物園文章: 17381 精華: 2 現金: 5253 金幣資產: 33853 金幣	CISCO6509與JUNIPER做MPLS VPN CISCO6509和JUNIPER做MPLS VPN 先說明一下,目的是要把6509上的VLAN1和VLAN10,透過自己建立的MPLS VPN與JUNIPER ROUTE上連接的3個VLAN連接,JUNIPER上與CISCO-2950做TRUNK,並擔當單網路卡的VLAN間路由, 6509 引擎用SUPER720 用WS-X6548-GE-TX上的G3/1和OLIVE1連接 IOS版本:s72033-psv-mz.122-17d.SXB.bin 6509--VRF ip vrf red rd 65000:1 route-target export 65000:1 route-target import 65000:1 G3/1的配置 interface GigabitEthernet3/1 ip address 172.16.4.1 255.255.255.0 mpls label protocol ldp tag-switching ip MPLS和BGP以及OSPF interface Vlan1 ip vrf forwarding red ip address 10.229.8.1 255.255.255.0 ! interface Vlan10 ip vrf forwarding red ip address 10.229.1.1 255.255.255.0 ! router ospf 1 log-adjacency-changes network 172.16.4.0 0.0.0.255 area 0 network 192.168.100.0 0.0.0.255 area 0 ! router ospf 25 vrf red log-adjacency-changes redistribute bgp 65000 subnets network 10.229.1.0 0.0.0.255 area 0 network 10.229.8.0 0.0.0.255 area 0 ! router bgp 65000 no synchronization bgp router-id 192.168.100.5 bgp log-neighbor-changes neighbor 192.168.100.4 remote-as 65000 neighbor 192.168.100.4 update-source Loopback0 neighbor 192.168.100.4 next-hop-self no auto-summary ! address-family vpnv4 neighbor 192.168.100.4 activate neighbor 192.168.100.4 send-community both exit-address-family ! address-family ipv4 vrf red redistribute ospf 25 metric 50 match external 1 external 2 no auto-summary no synchronization exit-address-family JUNIPER VRF的配置 policy-options { policy-statement MY_IMPORT { term 1 { from { protocol bgp; community VPN-RED; } then accept; } term 2 { then reject; } } policy-statement MY_EXPORT { term 1 { then { community add VPN-RED; accept; } } term 2 { then reject; } } community VPN-RED members target:65000:01; } routing-instances { red { description red-vpn; instance-type vrf; interface fxp1.0; interface fxp1.200; interface fxp1.300; route-distinguisher 65000:01; vrf-import MY_IMPORT; vrf-export MY_EXPORT; routing-options { auto-export; } protocols { ospf { area 0.0.0.0 { interface fxp1.0; interface fxp1.200; interface fxp1.300; } } } } } FXP1的配置 fxp1 { vlan-tagging; unit 0 { description red-vpn; vlan-id 1; family inet { address 10.229.0.118/24; } family mpls; } unit 200 { description red-vpn; vlan-id 20; family inet { address 10.229.3.1/24; } family mpls; } unit 300 { description red-vpn; vlan-id 10; family inet { address 10.229.4.1/24; } family mpls; c6509#show ip vrf red Name Default RD Interfaces red 65000:1 Vlan1 Vlan10 c6509#show ip rou c6509#show ip route vrf red Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route Gateway of last resort is not set 10.0.0.0/24 is subnetted, 4 subnets B 10.229.4.0 [200/0] via 192.168.100.4, 00:17:47 B 10.229.3.0 [200/0] via 192.168.100.4, 00:17:47 C 10.229.1.0 is directly connected, Vlan10 B 10.229.0.0 [200/0] via 192.168.100.4, 00:17:47 xxzx@olive4# run show route forwarding-table vpn red Routing table: red.inet Internet: Destination Type RtRef Next hop Type Index NhRef Netif default perm 0 dscd 14 2 10.229.0.0/24 intf 0 rslv 52 1 fxp1.0 10.229.0.0/32 dest 0 10.229.0.0 recv 50 1 fxp1.0 10.229.0.118/32 intf 0 10.229.0.118 locl 51 2 10.229.0.118/32 dest 0 10.229.0.118 locl 51 2 10.229.0.255/32 dest 0 10.229.0.255 bcst 49 1 fxp1.0 10.229.3.0/24 intf 0 rslv 56 1 fxp1.200 10.229.3.0/32 dest 0 10.229.3.0 recv 54 1 fxp1.200 10.229.3.1/32 intf 0 10.229.3.1 locl 55 2 10.229.3.1/32 dest 0 10.229.3.1 locl 55 2 10.229.3.99/32 dest 0 0:10:60:75:4c:a4 ucst 63 1 fxp1.200 10.229.3.255/32 dest 0 10.229.3.255 bcst 53 1 fxp1.200 10.229.4.0/24 intf 0 rslv 60 1 fxp1.300 10.229.4.0/32 dest 0 10.229.4.0 recv 58 1 fxp1.300 10.229.4.1/32 intf 0 10.229.4.1 locl 59 2 10.229.4.1/32 dest 0 10.229.4.1 locl 59 2 10.229.4.255/32 dest 0 10.229.4.255 bcst 57 1 fxp1.300 224.0.0.0/4 perm 1 mdsc 15 3 224.0.0.1/32 perm 0 224.0.0.1 mcst 11 7 224.0.0.5/32 user 1 224.0.0.5 mcst 11 7 255.255.255.255/32 perm 0 bcst 12 3 P ROUTE用得都是6.0 PE ROUTE用得5.4北美版 CISCO6509用得SUP720

	送花文章: 3, 收花文章: 1631 篇, 收花: 3205 次

相似的主題
主題	主題作者	討論區	回覆	最後發表
軟體 - 如何在 Windows XP 中組態虛擬專用網路 (VPN) 連	psac	作業系統操作技術文件	0	2006-07-18 05:20 PM
系統 - 使用KWF工具打造與眾不同的VPN服務器	psac	網路軟硬體架設技術文件	0	2006-06-28 04:29 AM
遠端訪問/VPN 伺服器的故障解決方案	psac	網路軟硬體架設技術文件	1	2004-01-06 09:36 AM
遠端訪問/VPN 伺服器的故障解決方案	psac	網路軟硬體架設技術文件	0	2003-12-13 06:54 PM
網路基本知識	Tiger228	網路軟硬體架設技術文件	58	2003-07-17 02:04 PM

Google 提供的廣告