One 、MPLS The architecture of virtual private network

MPLS Virtual private network mainly consists of CE、PE and P,3 Part of it is made up of ：

• CE： User network edge router device , Connect directly to the service provider network ;
• PE： Service provider edge router device , With users CE Direct connection , be responsible for VPN Service access , Handle VPN-IPv4 route ;
• P： Service provider core router equipment , Responsible for fast forwarding data , Not with CE Direct connection .

Throughout MPLS VPN in ,P、PE Equipment needs support MPLS Basic functions of ,CE The device does not have to support MPLS.

MPLS Virtual private network has data isolation 、 Optimize the allocation of network resources 、 Automatically and quickly repair network faults and other functions , It has high availability and high reliability , The cost of implementation is also low .

Two 、 experiment

The topology

Topology Introduction

• R1、R2、R3 Jointly simulate an operator network ,R1 and R3 yes PE,R2 yes P.
• Router CE1 and CE2 Simulate two enterprise branch sites , adopt R1 Access to virtual private network .
• CE3 Simulate the enterprise headquarters site , adopt R3 Access to virtual private network .
• This experiment aims at CE1、CE2、CE3 Respectively adopted OSPF、 Static routing 、BGP Three routing protocols access PE.

Configuration ideas

Experimental configuration

R1：
sys
interface GigabitEthernet0/0/2
 ip address 12.1.1.1 255.255.255.0 
interface LoopBack0
 ip address 1.1.1.1 255.255.255.255
 
 // To configure ospf route 
ospf 1 router-id 1.1.1.1 
 area 0.0.0.0 
  network 1.1.1.1 0.0.0.0 
  network 12.1.1.0 0.0.0.255 
 
 // Turn on mpls and ldp function 
mpls lsr-id 1.1.1.1
mpls
mpls ldp
interface GigabitEthernet0/0/2
mpls
mpls ldp

// establish VPN example , Different instances are used to access different branches CE
ip vpn-instance VPN1
  route-distinguisher 100:1
  vpn-target 100:1 export-extcommunity
  vpn-target 100:3 import-extcommunity

ip vpn-instance VPN2
  route-distinguisher 100:2
  vpn-target 100:2 export-extcommunity
  vpn-target 100:3 import-extcommunity

// Bind the instance to the interface 
interface GigabitEthernet0/0/0
 ip binding vpn-instance VPN1
 ip address 10.1.1.2 255.255.255.0 

interface GigabitEthernet0/0/1
 ip binding vpn-instance VPN2
 ip address 20.1.1.2 255.255.255.0 
 
 // adopt ospf Access CE1 Routing information for 
ospf 2 vpn-instance VPN1
 area 0.0.0.0 
  network 10.1.1.0 0.0.0.255 

// Access through static route CE2 Routing information for 
ip route-static vpn-instance VPN2 20.20.20.20 255.255.255.255 20.1.1.1

// And R3 establish BGP neighbor , obtain R3 Routing information for 
bgp 100
 peer 3.3.3.3 as-number 100 
 peer 3.3.3.3 connect-interface LoopBack0

ipv4 vpnv4
peer 3.3.3.3 en

// In the instance VPN1 Zhongba ospf2 Route introduction of bgp100
bgp 100
ipv4 vpn-instance VPN1 
  import-route ospf 2
 
// In the instance VPN2 Direct connection and static routing are introduced into bgp100
 ipv4 vpn-instance VPN2 
  import-route direct
  import-route static

// stay ospf2 Introduction in bgp route 
ospf 2
import bgp

R2：
interface GigabitEthernet0/0/0
 ip address 12.1.1.2 255.255.255.0 
interface GigabitEthernet0/0/1
 ip address 23.1.1.2 255.255.255.0 
interface LoopBack0
 ip address 2.2.2.2 255.255.255.255 
ospf 1 router-id 2.2.2.2 
 area 0.0.0.0 
  network 2.2.2.2 0.0.0.0 
  network 12.1.1.0 0.0.0.255 
  network 23.1.1.0 0.0.0.255 
  
mpls lsr-id 2.2.2.2
mpls
mpls ldp
interface GigabitEthernet0/0/0
mpls
mpls ldp
interface GigabitEthernet0/0/1
mpls
mpls ldp

R3：
interface GigabitEthernet0/0/0
 ip address 23.1.1.3 255.255.255.0 
interface LoopBack0
 ip address 3.3.3.3 255.255.255.255 
ospf 1 router-id 3.3.3.3 
 area 0.0.0.0 
  network 3.3.3.3 0.0.0.0 
  network 23.1.1.0 0.0.0.255 
mpls lsr-id 3.3.3.3
mpls
mpls ldp
interface GigabitEthernet0/0/0
mpls
mpls ldp

// Create examples VPN3
ip vpn-instance VPN3
  route-distinguisher 100:3
  vpn-target 100:3 export-extcommunity
  vpn-target 100:1 100:2 import-extcommunity

interface GigabitEthernet0/0/1
 ip binding vpn-instance VPN3
 ip address 30.1.1.2 255.255.255.0 

// adopt bgp Access Agreement CE3
bgp 100
 ipv4 vpn-instance VPN3 
  peer 30.1.1.1 as-number 200 

// And R1 establish bgp neighbor , Get R1 Routing information for 
bgp 100
 peer 1.1.1.1 as-number 100 
 peer 1.1.1.1 connect-interface LoopBack0
 ipv4 vpnv4
 peer 1.1.1.1 en

CE1：
interface GigabitEthernet0/0/0
 ip address 10.1.1.1 255.255.255.0 

interface LoopBack0
 ip address 10.10.10.10 255.255.255.255 

ospf 1 router-id 10.10.10.10 
 area 0.0.0.0 
  network 10.1.1.0 0.0.0.255 
  network 10.10.10.10 0.0.0.0 

CE2：
interface GigabitEthernet0/0/0
 ip address 20.1.1.1 255.255.255.0 

interface LoopBack0
 ip address 20.20.20.20 255.255.255.255 

ip route-static 0.0.0.0 0.0.0.0 20.1.1.2

CE3：
interface GigabitEthernet0/0/0
 ip address 30.1.1.1 255.255.255.0 

interface LoopBack0
 ip address 30.30.30.30 255.255.255.255 

bgp 200
 peer 30.1.1.2 as-number 100 
  network 30.30.30.30 255.255.255.255 

Experimental verification

• see CE1 The routing table for , You can see that the route to... Already exists in the routing table CE3 Routing information for .
  

• see CE2 The routing table for , because CE2 The static default route is configured , So leading to CE3 All traffic is routed by default .
  

• use CE2 test ping Site CE3 Of IP, It can communicate normally .
  

• Catch CE2 Of ping package , You can see that there are two layers in the packet MPLS label .

• see CE3 The routing table for , There is already a path to CE1 and CE2 The routing .

• CE3 test pingCE1.