拓扑如下:
说明:大体上跟Option-C方案一很相似,但是只会传递两层标签。配置如下
配置如下:只放PE和ASBR配置,其他设备配置过去简单
PE1:
#
sysname AR2-PE1
#
ip vpn-instance PE1
ipv4-family
route-distinguisher 2:2
vpn-target 100:100 export-extcommunity
vpn-target 100:100 import-extcommunity
#
mpls lsr-id 2.2.2.2
mpls
#
mpls ldp
#
#
interface GigabitEthernet0/0/0
ip binding vpn-instance PE1
ip address 10.0.12.2 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 10.0.23.2 255.255.255.0
mpls
mpls ldp
#
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
#
bgp 100
peer 7.7.7.7 as-number 200
peer 7.7.7.7 ebgp-max-hop 10
peer 7.7.7.7 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
peer 7.7.7.7 enable
#
ipv4-family vpnv4
policy vpn-target
peer 7.7.7.7 enable
#
ipv4-family vpn-instance PE1
import-route static
#
ospf 1 router-id 2.2.2.2
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 10.0.23.2 0.0.0.0
#
ip route-static vpn-instance PE1 1.1.1.1 255.255.255.255 10.0.12.1
#
ARBR1:
#
sysname AR4-ASBR1
#
mpls lsr-id 4.4.4.4
mpls
lsp-trigger bgp-label-route
#
mpls ldp
#
#
acl number 2000
rule 5 permit source 7.7.7.7 0
#
interface GigabitEthernet0/0/0
ip address 10.0.34.4 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
ip address 10.0.45.4 255.255.255.0
mpls
#
interface LoopBack0
ip address 4.4.4.4 255.255.255.255
#
bgp 100
peer 10.0.45.5 as-number 200
#
ipv4-family unicast
undo synchronization
network 2.2.2.2 255.255.255.255
peer 10.0.45.5 enable
peer 10.0.45.5 route-policy 1 export
peer 10.0.45.5 label-route-capability
#
ospf 1 router-id 4.4.4.4
import-route bgp route-policy PE
area 0.0.0.0
network 4.4.4.4 0.0.0.0
network 10.0.34.4 0.0.0.0
#
route-policy PE permit node 10
if-match acl 2000
#
route-policy PE permit node 20
#
route-policy 1 permit node 10
apply mpls-label
#
PE2:
#
sysname AR7-PE2
#
ip vpn-instance PE2
ipv4-family
route-distinguisher 7:7
vpn-target 100:100 export-extcommunity
vpn-target 100:100 import-extcommunity
#
mpls lsr-id 7.7.7.7
mpls
#
mpls ldp
#
interface GigabitEthernet0/0/0
ip address 10.0.67.7 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
ip binding vpn-instance PE2
ip address 10.0.78.7 255.255.255.0
#
interface LoopBack0
ip address 7.7.7.7 255.255.255.255
#
bgp 200
peer 2.2.2.2 as-number 100
peer 2.2.2.2 ebgp-max-hop 10
peer 2.2.2.2 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
peer 2.2.2.2 enable
#
ipv4-family vpnv4
policy vpn-target
peer 2.2.2.2 enable
#
ipv4-family vpn-instance PE2
import-route static
#
ospf 1 router-id 7.7.7.7
area 0.0.0.0
network 7.7.7.7 0.0.0.0
network 10.0.67.7 0.0.0.0
#
ip route-static vpn-instance PE2 8.8.8.8 255.255.255.255 10.0.78.8
#
ASBR2:
#
sysname AR5-ASBR2
#
mpls lsr-id 5.5.5.5
mpls
lsp-trigger bgp-label-route
#
mpls ldp
#
#
acl number 2000
rule 5 permit source 2.2.2.2 0
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 10.0.45.5 255.255.255.0
mpls
#
interface GigabitEthernet0/0/1
ip address 10.0.56.5 255.255.255.0
mpls
mpls ldp
#
interface LoopBack0
ip address 5.5.5.5 255.255.255.255
#
bgp 200
peer 10.0.45.4 as-number 100
#
ipv4-family unicast
undo synchronization
network 7.7.7.7 255.255.255.255
peer 10.0.45.4 enable
peer 10.0.45.4 route-policy 1 export
peer 10.0.45.4 label-route-capability
#
ospf 1 router-id 5.5.5.5
import-route bgp route-policy PE
area 0.0.0.0
network 5.5.5.5 0.0.0.0
network 10.0.56.5 0.0.0.0
#
route-policy 1 permit node 10
apply mpls-label
#
route-policy PE permit node 10
if-match acl 2000
#
route-policy PE permit node 20
#
如何验证配置成功
使用CE端的Loopback接口进行互相通讯
option-c 2方案确实是两层标签,但是C1方案会出现3层标签的情况