BGP MPLS VPN配置实例
相关主题
- 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
- 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
- 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。
#
interface GigabitEthernet0/0/1
ip address 192.168.30.1 255.255.255.0
#Βιβλιοθήκη Baidu
interface GigabitEthernet0/0/2
ip address 192.168.40.1 255.255.255.0
#
interface NULL0
policy vpn-target
peer 3.3.3.3 enable
#
ipv4-family vpn-instance VPNA
import-route direct
import-route static
#
ipv4-family vpn-instance VPNB
peer 10.1.14.4 as-number 65002
peer 7.7.7.7 route-policy LP export
peer 7.7.7.7 next-hop-local
peer 10.1.35.3 enable
peer 10.1.35.3 route-policy MED1 export
#
ip route-static 192.168.60.0 255.255.255.0 NULL0
isis enable 1
#
#
interface LoopBack0
ip address 5.5.5.5 255.255.255.255
isis enable 1
#
bgp 65002
peer 7.7.7.7 as-number 65002
peer 7.7.7.7 connect-interface LoopBack0
CE 2
sysname RT5
acl number 2000
rule 5 permit source 192.168.10.0 0.0.0.255
acl number 2002
rule 5 permit source 192.168.70.0 0.0.0.3
isis 1
is-level level-2
#
bgp 65001
peer 3.3.3.3 as-number 65001
peer 3.3.3.3 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
peer 3.3.3.3 enable
#
ipv4-family vpnv4
cost-style wide
network-entity 49.0050.0500.5005.00
interface GigabitEthernet0/0/0
ip address 10.1.35.5 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 10.1.57.5 255.255.255.0
peer 10.1.35.3 as-number 65001
#
ipv4-family unicast
undo synchronization
network 192.168.60.1 255.255.255.255
network 192.168.70.1 255.255.255.255
peer 7.7.7.7 enable
peer 10.1.36.6 as-number 65002
#
rip 1 vpn-instance VPNA
version 2
network 10.0.0.0
import-route bgp
CE 1
sysname RT4
acl number 2000
rule 5 permit source 192.168.10.0 0.0.0.255
#
interface GigabitEthernet0/0/0
ip address 202.100.85.1 255.255.255.0
nat server protocol tcp global 202.100.85.100 www inside 192.168.200.200 8080
nat outbound 2000 address-group 1
interface GigabitEthernet0/0/0
ip address 10.1.12.2 255.255.255.0
isis enable 1
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
ip address 10.1.23.2 255.255.255.0
isis enable 1
mpls
mpls ldp
#
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
isis enable 1
PE 1
sysname RT1
ip vpn-instance VPNA
ipv4-family
route-distinguisher 100:1
vpn-target 200:1 import-extcommunity
#
mpls lsr-id 1.1.1.1
mpls
#
mpls ldp
#
#
isis 1
is-level level-2
cost-style wide
network-entity 49.0010.0100.1001.00
#
interface GigabitEthernet0/0/2
#
isis 1
is-level level-2
cost-style wide
network-entity 49.0060.0600.6006.00
#
interface GigabitEthernet0/0/0
#
PE 2
sysname RT3
ip vpn-instance VPNA
ipv4-family
route-distinguisher 100:1
vpn-target 100:1 export-extcommunity
vpn-target 100:1 import-extcommunity
#
ip vpn-instance VPNB
#
interface GigabitEthernet0/0/1
ip binding vpn-instance VPNA
ip address 10.1.13.1 255.255.255.0
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
isis enable 1
ip address 10.1.23.3 255.255.255.0
isis enable 1
mpls
mpls ldp
#
interface GigabitEthernet0/0/2
ip binding vpn-instance VPNB
ip address 10.1.35.3 255.255.255.0
network 192.168.40.1 0.0.0.0
#
ip route-static 0.0.0.0 0.0.0.0 NULL0
ip route-static 0.0.0.0 0.0.0.0 202.100.85.1
bgp 65002
peer 10.1.14.1 as-number 65001
imp
BGPMPLSVPN配置实例
图为bgp mpls vpn实例,下面分别为P设备,PE设备,CE设备配置及网络拓扑结构。
sysname RT2
mpls lsr-id 2.2.2.2
mpls
mpls ldp
isis 1
is-level level-2
cost-style wide
network-entity 49.0020.0200.2002.00
#
interface GigabitEthernet1/0/0
ip binding vpn-instance VPNB
ip address 10.1.36.3 255.255.255.0
#
#
interface LoopBack0
ip address 3.3.3.3 255.255.255.255
isis enable 1
#
bgp 65001
peer 1.1.1.1 as-number 65001
peer 1.1.1.1 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
peer 1.1.1.1 enable
#
ipv4-family vpnv4
ipv4-family
route-distinguisher 200:1
vpn-target 200:1 export-extcommunity
vpn-target 200:1 import-extcommunity
#
mpls lsr-id 3.3.3.3
mpls
#
mpls ldp
#
isis 1
is-level level-2
ip binding vpn-instance VPNB
ip address 10.1.14.1 255.255.255.0
#
interface GigabitEthernet0/0/0
ip address 10.1.12.1 255.255.255.0
isis enable 1
mpls
mpls ldp
ip route-static 192.168.70.0 255.255.255.0 NULL0
CE 3
sysname CE3
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.13.3 255.255.255.0
#
interface GigabitEthernet0/0/1
vpn-target 100:1 export-extcommunity
vpn-target 100:1 import-extcommunity
#
ip vpn-instance VPNB
ipv4-family
route-distinguisher 200:1
vpn-target 200:1 export-extcommunity
policy vpn-target
peer 1.1.1.1 enable
#
ipv4-family vpn-instance VPNA
import-route direct
import-route rip 1
#
ipv4-family vpn-instance VPNB
peer 10.1.35.5 as-number 65002
port link-type access
port default vlan 10
#
#
interface LoopBack0
ip address 192.168.0.1 255.255.255.255
#
ip route-static 0.0.0.0 0.0.0.0 10.1.13.1
CE 4
sysname RT6
cost-style wide
network-entity 49.0030.0300.3003.00
#
interface GigabitEthernet0/0/0
ip binding vpn-instance VPNA
ip address 10.1.37.3 255.255.255.0
#
interface GigabitEthernet0/0/1
#
interface LoopBack0
ip address 4.4.4.4 255.255.255.255
#
ospf 1
router-id 4.4.4.4
area 0.0.0.0
network 10.1.14.4 0.0.0.0
area 0.0.0.10
network 192.168.30.1 0.0.0.0
nat address-group 1 202.100.85.10 202.100.85.15
#
interface Serial1/0/0
undo ip address 10.1.14.4 255.255.255.0
interface GigabitEthernet4/0/0
ip address 10.1.14.4 255.255.255.0
import-route direct
import-route ospf 1
#
ospf 1 vpn-instance VPNB
import-route bgp
area 0.0.0.0
network 10.1.14.0 0.0.0.255
#
ip route-static vpn-instance VPNA 192.168.0.0 255.255.255.0 10.1.13.3
interface GigabitEthernet0/0/1
ip address 192.168.30.1 255.255.255.0
#Βιβλιοθήκη Baidu
interface GigabitEthernet0/0/2
ip address 192.168.40.1 255.255.255.0
#
interface NULL0
policy vpn-target
peer 3.3.3.3 enable
#
ipv4-family vpn-instance VPNA
import-route direct
import-route static
#
ipv4-family vpn-instance VPNB
peer 10.1.14.4 as-number 65002
peer 7.7.7.7 route-policy LP export
peer 7.7.7.7 next-hop-local
peer 10.1.35.3 enable
peer 10.1.35.3 route-policy MED1 export
#
ip route-static 192.168.60.0 255.255.255.0 NULL0
isis enable 1
#
#
interface LoopBack0
ip address 5.5.5.5 255.255.255.255
isis enable 1
#
bgp 65002
peer 7.7.7.7 as-number 65002
peer 7.7.7.7 connect-interface LoopBack0
CE 2
sysname RT5
acl number 2000
rule 5 permit source 192.168.10.0 0.0.0.255
acl number 2002
rule 5 permit source 192.168.70.0 0.0.0.3
isis 1
is-level level-2
#
bgp 65001
peer 3.3.3.3 as-number 65001
peer 3.3.3.3 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
peer 3.3.3.3 enable
#
ipv4-family vpnv4
cost-style wide
network-entity 49.0050.0500.5005.00
interface GigabitEthernet0/0/0
ip address 10.1.35.5 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 10.1.57.5 255.255.255.0
peer 10.1.35.3 as-number 65001
#
ipv4-family unicast
undo synchronization
network 192.168.60.1 255.255.255.255
network 192.168.70.1 255.255.255.255
peer 7.7.7.7 enable
peer 10.1.36.6 as-number 65002
#
rip 1 vpn-instance VPNA
version 2
network 10.0.0.0
import-route bgp
CE 1
sysname RT4
acl number 2000
rule 5 permit source 192.168.10.0 0.0.0.255
#
interface GigabitEthernet0/0/0
ip address 202.100.85.1 255.255.255.0
nat server protocol tcp global 202.100.85.100 www inside 192.168.200.200 8080
nat outbound 2000 address-group 1
interface GigabitEthernet0/0/0
ip address 10.1.12.2 255.255.255.0
isis enable 1
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
ip address 10.1.23.2 255.255.255.0
isis enable 1
mpls
mpls ldp
#
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
isis enable 1
PE 1
sysname RT1
ip vpn-instance VPNA
ipv4-family
route-distinguisher 100:1
vpn-target 200:1 import-extcommunity
#
mpls lsr-id 1.1.1.1
mpls
#
mpls ldp
#
#
isis 1
is-level level-2
cost-style wide
network-entity 49.0010.0100.1001.00
#
interface GigabitEthernet0/0/2
#
isis 1
is-level level-2
cost-style wide
network-entity 49.0060.0600.6006.00
#
interface GigabitEthernet0/0/0
#
PE 2
sysname RT3
ip vpn-instance VPNA
ipv4-family
route-distinguisher 100:1
vpn-target 100:1 export-extcommunity
vpn-target 100:1 import-extcommunity
#
ip vpn-instance VPNB
#
interface GigabitEthernet0/0/1
ip binding vpn-instance VPNA
ip address 10.1.13.1 255.255.255.0
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
isis enable 1
ip address 10.1.23.3 255.255.255.0
isis enable 1
mpls
mpls ldp
#
interface GigabitEthernet0/0/2
ip binding vpn-instance VPNB
ip address 10.1.35.3 255.255.255.0
network 192.168.40.1 0.0.0.0
#
ip route-static 0.0.0.0 0.0.0.0 NULL0
ip route-static 0.0.0.0 0.0.0.0 202.100.85.1
bgp 65002
peer 10.1.14.1 as-number 65001
imp
BGPMPLSVPN配置实例
图为bgp mpls vpn实例,下面分别为P设备,PE设备,CE设备配置及网络拓扑结构。
sysname RT2
mpls lsr-id 2.2.2.2
mpls
mpls ldp
isis 1
is-level level-2
cost-style wide
network-entity 49.0020.0200.2002.00
#
interface GigabitEthernet1/0/0
ip binding vpn-instance VPNB
ip address 10.1.36.3 255.255.255.0
#
#
interface LoopBack0
ip address 3.3.3.3 255.255.255.255
isis enable 1
#
bgp 65001
peer 1.1.1.1 as-number 65001
peer 1.1.1.1 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
peer 1.1.1.1 enable
#
ipv4-family vpnv4
ipv4-family
route-distinguisher 200:1
vpn-target 200:1 export-extcommunity
vpn-target 200:1 import-extcommunity
#
mpls lsr-id 3.3.3.3
mpls
#
mpls ldp
#
isis 1
is-level level-2
ip binding vpn-instance VPNB
ip address 10.1.14.1 255.255.255.0
#
interface GigabitEthernet0/0/0
ip address 10.1.12.1 255.255.255.0
isis enable 1
mpls
mpls ldp
ip route-static 192.168.70.0 255.255.255.0 NULL0
CE 3
sysname CE3
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.13.3 255.255.255.0
#
interface GigabitEthernet0/0/1
vpn-target 100:1 export-extcommunity
vpn-target 100:1 import-extcommunity
#
ip vpn-instance VPNB
ipv4-family
route-distinguisher 200:1
vpn-target 200:1 export-extcommunity
policy vpn-target
peer 1.1.1.1 enable
#
ipv4-family vpn-instance VPNA
import-route direct
import-route rip 1
#
ipv4-family vpn-instance VPNB
peer 10.1.35.5 as-number 65002
port link-type access
port default vlan 10
#
#
interface LoopBack0
ip address 192.168.0.1 255.255.255.255
#
ip route-static 0.0.0.0 0.0.0.0 10.1.13.1
CE 4
sysname RT6
cost-style wide
network-entity 49.0030.0300.3003.00
#
interface GigabitEthernet0/0/0
ip binding vpn-instance VPNA
ip address 10.1.37.3 255.255.255.0
#
interface GigabitEthernet0/0/1
#
interface LoopBack0
ip address 4.4.4.4 255.255.255.255
#
ospf 1
router-id 4.4.4.4
area 0.0.0.0
network 10.1.14.4 0.0.0.0
area 0.0.0.10
network 192.168.30.1 0.0.0.0
nat address-group 1 202.100.85.10 202.100.85.15
#
interface Serial1/0/0
undo ip address 10.1.14.4 255.255.255.0
interface GigabitEthernet4/0/0
ip address 10.1.14.4 255.255.255.0
import-route direct
import-route ospf 1
#
ospf 1 vpn-instance VPNB
import-route bgp
area 0.0.0.0
network 10.1.14.0 0.0.0.255
#
ip route-static vpn-instance VPNA 192.168.0.0 255.255.255.0 10.1.13.3