MPLS-VPN 基本配置（Cisco设备）

Introduction

This document provides a sample configuration of a Multiprotocol Label Switching (MPLS) Virtual Private Network (VPN) over ATM when Border Gateway Protocol (BGP) or Routing Information Protocol (RIP) is present on the customer's site.

When used with MPLS, the VPN feature allows several sites to interconnect transparently through a service provider's network. One service provider network can support several different IP VPNs. Each of these appears to its users as a private network, separate from all other networks. Within a VPN, each site can send IP packets to any other site in the same VPN.

Each VPN is associated with one or more VPN routing or forwarding instances (VRFs). A VRF consists of an IP routing table, a derived Cisco express forwarding (CEF) table, and a set of interfaces that use this forwarding table.

The router maintains a separate routing and CEF table for each VRF. This prevents information being sent outside the VPN and allows the same subnet to be used in several VPNs without causing duplicate IP address problems.

The router using Multiprotocol BGP (MP-BGP) distributes the VPN routing information using the MP-BGP extended communities.

　　For more information regarding the propagation of updates through a VPN, see the following URLs:

　　VPN Route Target Communities

　　BGP Distribution of VPN Routing Information

　　MPLS Forwarding

　　Conventions

　　The letters below represent the different types of routers and switches used.

　　P : Provider's core router

　　PE : Provider's edge router

　　CE : Customer's edge router

　　C : Customer's router

　　This diagram shows a typical configuration illustrating the conventions outlined above.

　　Hardware and Software Versions

　　This configuration was developed and tested using the software and hardware versions shown below.

　　P and PE routers:

　　Software - Cisco IOS?Software Release 12.1(3)T. Release 12.0(5)T includes the MPLS VPN feature.

　　Hardware - Any Cisco router from the 3600 series or higher, such as the Cisco 3660 or 7206.

　　C and CE routers: You can use any router that can exchange routing information with its PE router.

　　Network Diagram

　　Configuration Procedures

　　Enabling ip cef

　　Make sure that ip cef is enabled. For improved performance, use ip cef distributed (where available). Complete the following steps on the PEs after MPLS has been set up (configuring tag-switching ip on the interfaces).

　　Create one VRF for each VPN connected using the ip vrf command. When doing this:

　　Specify the correct route distinguisher used for that VPN. This is used to extend the IP address so that you can identify which VPN it belongs to.

　　rd

　　Set up the import and export properties for the MP-BGP extended communities. These are used for filtering the import and export process.

　　route-target [export|import|both]

　　Configure the forwarding details for the respective interfaces using the following command.

　　ip vrf forwarding

　　Remember to set up the IP address after doing this.

　　Depending on the PE-CE routing protocol you are using, you can configure static routes or routing protocols (RIP, Open Shortest Path First [OSPF], or BGP) between PE and CE. Detailed configurations are available on the MPLS over ATM Support Page.

　　Configuring MP-BGP

　　Configure MP-BGP between the PE routers. There are several ways to configure BGP, such as using the route reflector or confederation methods. The method used here梔irect neighbor configuration梚s the simplest and the least scalable.

　　Declare the different neighbors.

　　Enter the address-family ipv4 vrf command for each VPN present at this PE router. Carry out one or more of the following steps, as necessary:

　　Redistribute the static routing, RIP, or OSPF information.

　　Redistribute connected routing information.

　　Activate BGP neighboring with the CE routers.

　　Enter the address-family vpnv4 mode, and complete the following steps:

　　Activate the neighbors.

　　Specify that extended community must be used. This is mandatory.

　　Configurations

　　Configuration commands specific to Customer_A are in red, to Customer_B in blue, and to both in fuchsia.

　　---------------------------------------------------------------------------------------

　　Pescara

　　---------------------------------------------------------------------------------------

　　Current configuration:

　　!

　　version 12.0

　　!

　　hostname Pescara

　　!

　　ip cef

　　!

　　ip vrf Customer_A

　　rd 100:110

　　route-target export 100:1000

　　route-target import 100:1000

　　!

　　ip vrf Customer_B

　　rd 100:120

　　route-target export 100:2000

　　route-target import 100:2000

　　!

　　clns routing

　　mpls traffic-eng tunnels

　　!

　　interface Loopback0

　　ip address 10.10.10.4 255.255.255.255

　　ip router isis

　　clns router isis

　　!

　　interface Loopback101

　　ip vrf forwarding Customer_A

　　ip address 200.0.4.1 255.255.255.0

　　no ip directed-broadcast

　　!

　　interface Loopback102

　　ip vrf forwarding Customer_B

　　ip address 200.0.4.1 255.255.255.0

　　no ip directed-broadcast

　　!

　　interface Serial0/1

　　no ip address

　　no ip directed-broadcast

　　encapsulation frame-relay

　　no fair-queue

　　!

　　interface Serial0/1.1 point-to-point

　　description link to Pauillac

　　bandwidth 512

　　ip address 10.1.1.14 255.255.255.252

　　no ip directed-broadcast

　　ip router isis

　　tag-switching ip

　　clns router isis

　　frame-relay interface-dlci 401

　　!

　　router isis

　　net 49.0001.0000.0000.0004.00

　　is-type level-1

　　!

　　router bgp 100

　　bgp log-neighbor-changes

　　neighbor 10.10.10.6 remote-as 100

　　neighbor 10.10.10.6 update-source Loopback0

　　!

　　address-family vpnv4

　　neighbor 10.10.10.6 activate

　　neighbor 10.10.10.6 send-community both

　　exit-address-family

　　!

　　address-family ipv4 vrf Customer_B

　　redistribute connected

　　no auto-summary

　　no synchronization

　　exit-address-family

　　!

　　address-family ipv4 vrf Customer_A

　　redistribute connected

　　no auto-summary

　　no synchronization

　　exit-address-family

　　!

　　ip classless

　　!

　　end

　　---------------------------------------------------------------------------------------

　　Pesaro

　　---------------------------------------------------------------------------------------

　　Current configuration:

　　!

　　version 12.1

　　!

　　hostname Pesaro

　　!

　　ip vrf Customer_A

　　rd 100:110

　　route-target export 100:1000

　　route-target import 100:1000

　　!

　　ip vrf Customer_B

　　rd 100:120

　　route-target export 100:2000

　　route-target import 100:2000

　　!

　　ip cef

　　clns routing

　　!

　　!

　　interface Loopback0

　　ip address 10.10.10.6