Xin chào ! Nếu đây là lần đầu tiên bạn đến với diễn đàn, xin vui lòng danh ra một phút bấm vào đây để đăng kí và tham gia thảo luận cùng VnPro.

Announcement

Collapse
No announcement yet.

Cần giúp về cấu hình MPLS VPN, thanks

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Cần giúp về cấu hình MPLS VPN, thanks

    Click image for larger version

Name:	MPLSVPN.jpg
Views:	1
Size:	389.6 KB
ID:	207388
    Em là sv năm cuối,
    Em đang làm đồ án Về MPLS VPN, các bác giúp em với.

    cisco IOS: 3745
    chạy bằng dynamip

    trong mạng core chạy OSPF/MPLS

    customer A: CE1A, CE2A
    vrf name: customer_A
    RIP
    RD: 100:110
    RT: 100:1000

    customer B: CE1B, CE2B
    vrf name: customer_B
    static route
    RD: 100:120
    RT: 100:2000

    cái lab của em nó lỗi thế này:
    -các PE và P đều ping thấy nhau,
    -các PE router không ping được các router ở customer site (CE)
    nhưng router ở customer (CE) site lại ping được PE router???????????

    -và dĩ nhiên là các site không ping thấy nhau :109::109::109::109::109:

    đây là cấu hình:
    PE1:
    memory-size iomem 5
    ip cef
    !
    !
    !
    !
    ip vrf customer_A
    rd 100:110
    route-target export 100:1000
    route-target import 100:1000
    !
    ip vrf customer_B
    rd 100:120
    route-target export 100:2000
    route-target import 100:2000
    !
    interface Loopback10
    ip address 10.10.10.10 255.255.255.0
    ip ospf 1 area 0
    !
    interface FastEthernet0/0
    ip vrf forwarding customer_A
    ip address 10.1.1.1 255.255.255.252
    duplex auto
    speed auto
    !
    interface FastEthernet0/1
    ip vrf forwarding customer_B
    ip address 10.2.2.1 255.255.255.252
    duplex auto
    speed auto
    !
    interface FastEthernet1/0
    ip address 192.168.12.1 255.255.255.0
    ip ospf 1 area 0
    speed auto
    full-duplex
    mpls ip
    no cdp log mismatch duplex
    !
    router ospf 1
    mpls ldp autoconfig area 0
    router-id 10.10.10.10
    log-adjacency-changes
    network 0.0.0.0 255.255.255.255 area 0
    !
    router rip
    version 2
    no auto-summary
    !
    address-family ipv4 vrf customer_A
    redistribute bgp 100 metric 1
    network 10.0.0.0
    no auto-summary
    version 2
    exit-address-family
    !
    router bgp 100
    no synchronization
    bgp router-id 10.10.10.10
    bgp log-neighbor-changes
    neighbor 10.20.20.20 remote-as 100
    neighbor 10.20.20.20 update-source Loopback10
    no auto-summary
    !
    address-family vpnv4
    neighbor 10.20.20.20 activate
    neighbor 10.20.20.20 send-community extended
    exit-address-family
    !
    address-family ipv4 vrf customer_B
    redistribute connected
    redistribute static
    no synchronization
    exit-address-family
    !
    address-family ipv4 vrf customer_A
    redistribute connected
    redistribute rip
    no synchronization
    exit-address-family
    !
    ip route 192.168.1.0 255.255.255.0 FastEthernet0/1 10.2.2.2
    ip route vrf customer_B 192.168.1.0 255.255.255.0 10.2.2.2
    !

    PE2:
    !
    ip vrf customer_A
    rd 100:110
    route-target export 100:1000
    route-target import 100:1000
    !
    ip vrf customer_B
    rd 100:120
    route-target export 100:2000
    route-target import 100:2000
    !
    interface Loopback20
    ip address 10.20.20.20 255.255.255.255
    ip ospf 1 area 0
    !
    interface FastEthernet0/0
    ip vrf forwarding customer_A
    ip address 10.3.3.1 255.255.255.252
    duplex auto
    speed auto
    !
    interface FastEthernet0/1
    ip vrf forwarding customer_B
    ip address 10.4.4.1 255.255.255.252
    duplex auto
    speed auto
    !
    interface FastEthernet1/0
    ip address 192.168.34.4 255.255.255.0
    ip ospf 1 area 0
    speed auto
    full-duplex
    mpls ip
    no cdp log mismatch duplex
    !
    router ospf 1
    router-id 10.20.20.20
    log-adjacency-changes
    network 0.0.0.0 255.255.255.255 area 0
    !
    router rip
    version 2
    no auto-summary
    !
    address-family ipv4 vrf customer_A
    redistribute bgp 100 metric 0
    network 10.0.0.0
    no auto-summary
    version 2
    exit-address-family
    !
    router bgp 100
    no synchronization
    bgp log-neighbor-changes
    neighbor 10.10.10.10 remote-as 100
    neighbor 10.10.10.10 update-source Loopback20
    no auto-summary
    !
    address-family vpnv4
    neighbor 10.10.10.10 activate
    neighbor 10.10.10.10 send-community extended
    exit-address-family
    !
    address-family ipv4 vrf customer_B
    redistribute connected
    redistribute static
    no synchronization
    exit-address-family
    !
    address-family ipv4 vrf customer_A
    redistribute connected
    redistribute rip
    no synchronization
    exit-address-family
    !
    ip route 192.168.2.0 255.255.255.0 FastEthernet0/1 10.4.4.2
    ip route vrf customer_B 192.168.2.0 255.255.255.0 10.4.4.2
    !

    P1:
    !
    interface FastEthernet0/0
    ip address 192.168.23.2 255.255.255.0
    duplex auto
    speed auto
    mpls ip
    !
    interface FastEthernet0/1
    ip address 192.168.12.2 255.255.255.0
    speed auto
    full-duplex
    mpls ip
    no cdp log mismatch duplex
    !
    router ospf 1
    log-adjacency-changes
    network 192.168.12.0 0.0.0.255 area 0
    network 192.168.23.0 0.0.0.255 area 0
    !

    P2:
    !
    interface FastEthernet0/0
    ip address 192.168.23.3 255.255.255.0
    duplex auto
    speed auto
    mpls ip
    !
    interface FastEthernet0/1
    ip address 192.168.34.3 255.255.255.0
    speed auto
    full-duplex
    mpls ip
    no cdp log mismatch duplex
    !
    router ospf 1
    log-adjacency-changes
    network 192.168.23.0 0.0.0.255 area 0
    network 192.168.34.0 0.0.0.255 area 0
    !

    CE1A:
    !
    interface Loopback11
    ip address 172.16.1.1 255.255.255.0
    !
    interface FastEthernet0/0
    ip address 10.1.1.2 255.255.255.252
    duplex auto
    speed auto
    !
    interface FastEthernet0/1
    no ip address
    shutdown
    duplex auto
    speed auto
    !
    router rip
    version 2
    redistribute static
    network 10.0.0.0
    network 172.16.0.0
    no auto-summary
    !

    CE2A:
    !
    interface Loopback12
    ip address 172.16.2.1 255.255.255.0
    !
    interface FastEthernet0/0
    ip address 10.3.3.2 255.255.255.252
    duplex auto
    speed auto
    !
    interface FastEthernet0/1
    no ip address
    shutdown
    duplex auto
    speed auto
    !
    router rip
    version 2
    redistribute static
    network 10.0.0.0
    network 172.16.0.0
    no auto-summary
    !

    CE1B:
    !
    interface Loopback21
    ip address 192.168.1.1 255.255.255.0
    !
    interface FastEthernet0/0
    no ip address
    shutdown
    duplex auto
    speed auto
    !
    interface FastEthernet0/1
    ip address 10.2.2.2 255.255.255.252
    duplex auto
    speed auto
    !
    ip route 0.0.0.0 0.0.0.0 10.2.2.1
    !

    CE2B:
    !
    interface Loopback22
    ip address 192.168.2.1 255.255.255.0
    !
    interface FastEthernet0/0
    no ip address
    shutdown
    duplex auto
    speed auto
    !
    interface FastEthernet0/1
    ip address 10.4.4.2 255.255.255.252
    duplex auto
    speed auto
    !
    ip route 0.0.0.0 0.0.0.0 10.4.4.1
    !
    !
    ip http server
    no ip http secure-server
    !
    -------------------------------

    CE1A#sh ip route
    Gateway of last resort is not set

    172.16.0.0/24 is subnetted, 2 subnets
    C 172.16.1.0 is directly connected, Loopback11
    R 172.16.2.0 [120/1] via 10.1.1.1, 00:00:11, FastEthernet0/0
    10.0.0.0/30 is subnetted, 2 subnets
    R 10.3.3.0 [120/1] via 10.1.1.1, 00:00:11, FastEthernet0/0
    C 10.1.1.0 is directly connected, FastEthernet0/0

    ---------------------------------

    CE2A#sh ip route
    Gateway of last resort is not set

    172.16.0.0/24 is subnetted, 2 subnets
    R 172.16.1.0 [120/1] via 10.3.3.1, 00:00:20, FastEthernet0/0
    C 172.16.2.0 is directly connected, Loopback12
    10.0.0.0/30 is subnetted, 2 subnets
    C 10.3.3.0 is directly connected, FastEthernet0/0
    R 10.1.1.0 [120/1] via 10.3.3.1, 00:00:20, FastEthernet0/0

    --------------------------------

    CE1B#sh ip route
    Gateway of last resort is 10.2.2.1 to network 0.0.0.0

    10.0.0.0/30 is subnetted, 1 subnets
    C 10.2.2.0 is directly connected, FastEthernet0/1
    C 192.168.1.0/24 is directly connected, Loopback21
    S* 0.0.0.0/0 [1/0] via 10.2.2.1

    ---------------------------------

    CE2B#sh ip route
    Gateway of last resort is 10.4.4.1 to network 0.0.0.0

    10.0.0.0/30 is subnetted, 1 subnets
    C 10.4.4.0 is directly connected, FastEthernet0/1
    C 192.168.2.0/24 is directly connected, Loopback22
    S* 0.0.0.0/0 [1/0] via 10.4.4.1

    ----------------------------------

    PE1#sh ip route vrf customer_A
    Gateway of last resort is not set

    172.16.0.0/24 is subnetted, 2 subnets
    R 172.16.1.0 [120/1] via 10.1.1.2, 00:00:00, FastEthernet0/0
    B 172.16.2.0 [200/1] via 10.20.20.20, 00:55:58
    10.0.0.0/30 is subnetted, 2 subnets
    B 10.3.3.0 [200/0] via 10.20.20.20, 00:55:58
    C 10.1.1.0 is directly connected, FastEthernet0/0

    ----------------------------------

    PE2#sh ip route vrf customer_A
    Gateway of last resort is not set

    172.16.0.0/24 is subnetted, 2 subnets
    B 172.16.1.0 [200/1] via 10.10.10.10, 00:56:47
    R 172.16.2.0 [120/1] via 10.3.3.2, 00:00:14, FastEthernet0/0
    10.0.0.0/30 is subnetted, 2 subnets
    C 10.3.3.0 is directly connected, FastEthernet0/0
    B 10.1.1.0 [200/0] via 10.10.10.10, 00:56:47

    -----------------------------------
    PE2#sh ip route vrf customer_B


    Gateway of last resort is not set

    10.0.0.0/30 is subnetted, 2 subnets
    C 10.4.4.0 is directly connected, FastEthernet0/1
    B 10.2.2.0 [200/0] via 10.10.10.10, 00:59:15
    B 192.168.1.0/24 [200/0] via 10.10.10.10, 00:59:15
    S 192.168.2.0/24 [1/0] via 10.4.4.2

    -----------------------------------
    PE1#sh ip route vrf customer_B

    Gateway of last resort is not set

    10.0.0.0/30 is subnetted, 2 subnets
    B 10.4.4.0 [200/0] via 10.20.20.20, 01:00:07
    C 10.2.2.0 is directly connected, FastEthernet0/1
    S 192.168.1.0/24 [1/0] via 10.2.2.2
    B 192.168.2.0/24 [200/0] via 10.20.20.20, 01:00:07

    ------------------------------------

    MONG CÁC BÁC GIÚP đỡ :
    đây là các site em đã tham khảo:
    This document describes how to configure a Multiprotocol Label Switching (MPLS) VPN when additional protocols are on the Cisco client site.


    This document shows how to configure a basic Multiprotocol Label Switching (MPLS) network. Refer to the Configuration Examples and TechNotes on the MPLS Support Page for more information on how to configure advanced topics such as VPN or Traffic Engineering (TE).




    The purpose of this document is to demonstrate the sample configuration used to access the Internet from a Multiprotocol Label Switching (MPLS)-based VPN using a global routing table.

  • #2
    ping từ PE1 thì kèm theo vrf.

    trên PE1 thử ping:
    ping vrf customer_A 172.16.1.1
    ping vrf customer_A 172.16.1.2

    Comment


    • #3
      PE1#ping vrf customer_A 172.16.1.1

      Type escape sequence to abort.
      Sending 5, 100-byte ICMP Echos to 172.16.1.1, timeout is 2 seconds:
      !!!!!
      Success rate is 100 percent (5/5), round-trip min/avg/max = 4/25/64 ms
      PE1#ping vrf customer_A 172.16.2.1

      Type escape sequence to abort.
      Sending 5, 100-byte ICMP Echos to 172.16.2.1, timeout is 2 seconds:
      .....
      Success rate is 0 percent (0/5)




      Anh có biết lý do tại sao không. có phải do cấu hình sai trên PE ko ???
      Last edited by Guest; 29-11-2010, 03:27 PM.

      Comment


      • #4
        trên PE1 thử lệnh này:
        ping vrf customer_A 172.16.1.2 source 10.1.1.1

        Comment


        • #5
          PE1#ping vrf customer_A 172.16.2.1 source 10.1.1.1

          Type escape sequence to abort.
          Sending 5, 100-byte ICMP Echos to 172.16.2.1, timeout is 2 seconds:
          Packet sent with a source address of 10.1.1.1
          .....
          Success rate is 0 percent (0/5)

          Comment


          • #6
            trên PE1 thử lệnh này:

            router ospf 1
            no mpls ldp autoconfig area 0

            rồi ping lại thử xem:
            ping vrf customer_A 172.16.2.1 source 10.1.1.1

            Comment


            • #7
              vẫn ko dc anh ơi
              em cho yahoo của em nhé
              yahoo: odidpipo

              Comment


              • #8
                cái này mình đã làm rùi
                bạn ping từ CE1A đến CE2A? nếu không được thì pm nhe'?

                Comment


                • #9
                  ở chổ PE1 ah', bạn cẩn thận khi dùng lệnh network 0.0.0.0 nhe'? (router ospf ) mình không nói sai, nếu bạn chưa hiểu về bản chất (cũng như sự nguy hiểm của nó: ví dụ như nat chẳng hạn ;) ) thì nên dùng network từng route một nhé.

                  Comment


                  • #10
                    Ok thanks Kenta nhé

                    Comment


                    • #11
                      Chào bạn,

                      Khi làm MPLS VPN thì tuần tự như sau:

                      1. Chạy IGP
                      2. Chạy giao thức gán nhãn (LDP chuẩn mở hoặc TDP của Cisco)
                      3. Chạy BGP
                      4. Chạy MP-BGP

                      Note quan trọng:
                      - router ID phải thấy và PING được.
                      - nhớ loopback đặt /32 luôn để tránh quảng bá nhãn không đúng.
                      - RT (import vrf router A) = RT (export vrf router B) => chỉ router A thấy được các routes của router B.
                      - PE ping bằng VRF để kiểm tra chứ không phải ping như bình thường.
                      Phạm Minh Tuấn

                      Email : phamminhtuan@vnpro.org
                      Yahoo : phamminhtuan_vnpro
                      -----------------------------------------------------------------------------------------------
                      Trung Tâm Tin Học VnPro
                      149/1D Ung Văn Khiêm P25 Q.Bình thạnh TPHCM
                      Tel : (08) 35124257 (5 lines)
                      Fax: (08) 35124314

                      Home page: http://www.vnpro.vn
                      Support Forum: http://www.vnpro.org
                      - Chuyên đào tạo quản trị mạng và hạ tầng Internet
                      - Phát hành sách chuyên môn
                      - Tư vấn và tuyển dụng nhân sự IT
                      - Tư vấn thiết kế và hỗ trợ kỹ thuật hệ thống mạng

                      Network channel: http://www.dancisco.com
                      Blog: http://www.vnpro.org/blog

                      Comment


                      • #12
                        Thanks Lab nay chay rui ! cam' on moi nguoi ^^

                        Comment


                        • #13
                          Đang gặp tình huống này mong các bạn chỉ giúp...sửa mãi không được!!!!!!!!!!!!!

                          Comment


                          • #14
                            ping ip(ce1) source loopback cua ce2
                            vd:ping 10.2.2.2 source loo 192.168.2.22

                            Comment

                            Working...
                            X