BGP MPLS VPN配置实例
实验二__MPLS VPN的实现
实验二 MPLS VPN的实现一、实验目的该实验通过MPLS VPN的数据配置,使学生掌握路由器相关接口的IP地址设置、路由协议的配置以及MPLS VPN的完整的创建过程, 从而加深对IP网络的IP编址、路由协议以及MPLS的相关理论的理解。
二、实验内容利用网络模拟器GNS3模拟Cisco的实验环境,搭建IP网络,完成CE、PE和P路由器上的数据配置, 使属于同一VPN的两个路由器能够互通。
三、实验设备1.硬件:PC机。
2.软件:①网络模拟器 GNS3-0.8.6-all-in-one②终端仿真程序 SecureCRT6.7③Cisco IOS文件 C3640-JK9O3S-M-12.4(7a).BIN四、实验步骤及要求1.按图1创建网络拓扑结构并把该拓扑结构记录在实验报告中。
图1 MPLS VPN实验的拓扑结构2.配置各个路由器相关接口的IP地址并记录在实验报告中。
3.配置骨干网络内路由协议。
4.配置骨干网络内MPLS协议。
5.配置普通BGP。
6.在PE上创建VRF。
7.创建MP-BGP。
8.配置用户端路由协议。
9.查看VRF路由、CE路由和客户端路由,并将R1、R4和R6的路由显示结果及分析记录在实验报告中。
10.测试用户间通信并跟踪路由,将结果记录在实验报告中。
五、实验报告实验报告的内容:包括实验名称;实验目的;实验内容(实验操作的步骤或实验过程,要求步骤完整);实验结果(实验结果分析,实验中遇到的问题及解决方法)。
实验报告的要求:实验报告以纸质文档形式递交。
实验报告要书写规范、文字简练、语句通顺、图表清晰。
六、实验思考题1.简述三层MPLS VPN的基本原理。
2.简述三层MPLS VPN中PE路由器的配置步骤。
3.MPLS VPN中P路由器转发的数据包有两层标签,说明这两层标签分别是由什么协议分配的。
4.简述MPLS VPN中RT和RD的作用。
eNSP实验:BGP-MPLS-VPN
eNSP实验:BGP-MPLS-VPNBGP MPLS VPN 配置实验目录1网络拓扑 (5)2配置文件 (5)2.1PE1的相关配置52.1.1在MPLS骨干网上配置IGP协议,实现骨干网PE和P的互通 (5)2.1.2在PE1上配置与PE2、P的IBGP62.1.3MPLS骨干网上配置MPLS基本能力和MPLS LDP,建立LDP LSP (7)2.1.4在PE设备上配置VPN实例,将CE接入PE (7)2.1.5在PE与CE之间建立EBGP对等体,引入VPN路由 (9)2.2P的相关配置102.2.1在MPLS骨干网上配置IGP协议,实现骨干网PE和P的互通 (10)2.2.2P上配置与PE1、PE2的IBGP112.2.3MPLS骨干网上配置MPLS基本能力和MPLS LDP,建立LDP LSP (12)2.2.4 (xxx)错误!未定义书签。
2.3PE2相关配置 142.3.1在MPLS骨干网上配置IGP协议,实现骨干网PE和P的互通 (14)2.3.2在PE2上配置与P、PE1的IBGP152.3.3MPLS骨干网上配置MPLS基本能力和MPLS LDP,建立LDP LSP (15)2.3.4在PE设备上配置VPN实例,将CE接入PE (16)2.3.5PE与CE之间建立EBGP对等体,引入VPN路由 (17)2.4CE1的相关配置 182.5CE2的相关配置 192.6CE3的相关配置192.7CE4的相关配置203实验结果: (20)3.1PE1 vpn 路由表203.2P路由表213.3Ping:相同VPN之间可以通,不同VPN之间不通, (23)1网络拓扑2配置文件2.1PE1的相关配置2.1.1在MPLS骨干网上配置IGP-OSPF协议,实现骨干网PE和P的互通#Sysna PE1ospf 1area 0.0.0.0network 10.0.0.0 0.0.0.3network 1.1.1.1 0.0.0.0 (igp-ospf)#interface LoopBack0ip address 1.1.1.1 255.255.255.255ospf enable 1 area 0.0.0.0 端口使能ospf)network 10.0.0.0 255.255.255.252peer 2.2.2.2 enable Array peer 3.3.3.3 enable (宣告网络)#2.1.3MPLS骨干网上配置MPLS基本能力和MPLS LDP,建立LDP LSP#mpls lsr-id 1.1.1.1 mplslsp-trigger allmpls ldp(使能mpls)#interface Ethernet0/0/0mplsmpls ldp(端口使能mpls)#2.1.4在PE设备上配置VPN实例,将CE接入PEip vpn-instance VPN1创建并进入VPN实例视图ipv4-familyroute-distinguisher 100:1 为vpn-instance创建RDvpn-target 111:1 export-extcommunity 为vpn-instance创建vpn-target扩展团体vpn-target 111:1 import-extcommunity (配置VPN1)#ip vpn-instance VPN2ipv4-familyroute-distinguisher 200:1vpn-target 222:1 export-extcommunityvpn-target 222:1 import-extcommunity (配置VPN2)#interface Ethernet0/0/1ip binding vpn-instance VPN1 将接口与vpn-instance关联ip address 10.0.0.13 255.255.255.252 (端口绑定VPN)interface GigabitEthernet0/0/0ip binding vpn-instance VPN2ip address 10.0.0.9 255.255.255.252 (端口绑定VPN)#2.1.5在PE与CE之间建立EBGP对等体,引入VPN路由#bgp 65115ipv4-family vpnv4进入MBGP的VPNv4地址族视图policy vpn-targetpeer 2.2.2.2 enable激活MBGP对等体peer 3.3.3.3 enable(建立邻居关系)#ipv4-family vpn-instance VPN1进入BGP的VPN地址族视图import-route directimport-route static (配置 vpn路由)ipv4-family vpn-instance VPN2import-route directimport-route static (配置 vpn路由)#ip route-static vpn-instance VPN1 0.0.0.00.0.0.0 10.0.0.14ip route-static vpn-instance VPN2 0.0.0.00.0.0.0 10.0.0.10 (配置vpn静态路由:PE和CE间通过静态路由链接的配置)#2.2P的相关配置2.2.1在MPLS骨干网上配置IGP协议,实现骨干网PE和P的互通#sysna Pospf 1area 0.0.0.0network 10.0.0.0 0.0.0.3network 10.0.0.4 0.0.0.3network 2.2.2.2 0.0.0.0 (igp-ospf)#interface LoopBack0ip address 2.2.2.2 255.255.255.255ospf enable 1 area 0.0.0.0 (端口使能ospf)interface Ethernet0/0/0ip address 10.0.0.2 255.255.255.252ospf enable 1 area 0.0.0.0 (端口使能ospf)interface Ethernet0/0/1ip address 10.0.0.5 255.255.255.252ospf enable 1 area 0.0.0.0 (端口使能ospf)#2.2.2P上配置与PE1、PE2的IBGP#bgp 65115router-id 2.2.2.2peer 1.1.1.1 as-number 65115peer 1.1.1.1 connect-interfaceEthernet0/0/0peer 3.3.3.3 as-number 65115peer 3.3.3.3 connect-interfaceEthernet0/0/1 (配置bgp)#ipv4-family unicastundo synchronizationnetwork 2.2.2.2 255.255.255.255network 10.0.0.0 255.255.255.252network 10.0.0.4 255.255.255.252peer 1.1.1.1 enablepeer 3.3.3.3 enable (宣告网络)#2.2.3MPLS骨干网上配置MPLS基本能力和MPLS LDP,建立LDP LSP#mpls lsr-id 2.2.2.2mplslsp-trigger allmpls ldp(使能mpls)#interface Ethernet0/0/0mplsmpls ldp (端口使能mpls)#interface Ethernet0/0/1mplsmpls ldp (端口使能mpls)#2.2.4建立P与PE1、PE2的邻居关系#bgp 65115ipv4-family vpnv4policy vpn-targetpeer 1.1.1.1 enablepeer 3.3.3.3 enable (建立邻居关系)#2.3PE2相关配置和PE1类似2.3.1在MPLS骨干网上配置IGP协议,实现骨干网PE和P的互通#Sysna PE2ospf 1area 0.0.0.0network 10.0.0.4 0.0.0.3network 3.3.3.3 0.0.0.0 (igp-ospf)#interface LoopBack0ip address 3.3.3.3 255.255.255.255ospf enable 1 area 0.0.0.0 端口使能ospf)interface Ethernet0/0/0ip address 10.0.0.6 255.255.255.252ospf enable 1 area 0.0.0.0 (端口使能ospf)#2.3.2在PE2上配置与P、PE1的IBGP#bgp 65115router-id 3.3.3.3peer 1.1.1.1 as-number 65115peer 1.1.1.1 connect-interface LoopBack0(配置bgp)ipv4-family unicastundo synchronizationnetwork 3.3.3.3 255.255.255.255network 10.0.0.4 255.255.255.252peer 2.2.2.2 enablepeer 1.1.1.1 enable (宣告网络)#2.3.3MPLS骨干网上配置MPLS基本能力和MPLS LDP,建立LDP LSP#mpls lsr-id 3.3.3.3mplslsp-trigger allmpls ldp(使能mpls)#interface Ethernet0/0/0mplsmpls ldp(端口使能mpls)#2.3.4在PE设备上配置VPN实例,将CE接入PE#ip vpn-instance VPN1ipv4-familyroute-distinguisher 100:1vpn-target 111:1 export-extcommunityvpn-target 111:1 import-extcommunity# (配置VPN1)ip vpn-instance VPN2ipv4-familyroute-distinguisher 200:1vpn-target 222:1 export-extcommunityvpn-target 222:1 import-extcommunity(配置VPN2)#interface Ethernet0/0/1ip binding vpn-instance VPN1ip address 10.0.0.17 255.255.255.252 (端口绑定VPN)interface GigabitEthernet0/0/0ip binding vpn-instance VPN2ip address 10.0.0.21 255.255.255.252 (端口绑定VPN)#2.3.5PE与CE之间建立EBGP对等体,引入VPN路由bgp 65115ipv4-family vpnv4policy vpn-targetpeer 2.2.2.2 enablepeer 1.1.1.1 enable(建立邻居关系)#ipv4-family vpn-instance VPN1import-route directimport-route static (配置 vpn路由)ipv4-family vpn-instance VPN2import-route directimport-route static (配置 vpn路由)#ip route-static vpn-instance VPN1 0.0.0.0 0.0.0.0 10.0.0.18ip route-static vpn-instance VPN2 0.0.0.0 0.0.0.0 10.0.0.22#(配置vpn静态路由)2.4CE1的相关配置#Sysn CE1interface Ethernet0/0/0ip address 10.0.0.10 255.255.255.252ip route-static 0.0.0.0 0.0.0.0 10.0.0.9(配置静态路由)#save2.5CE2的相关配置#Sysn CE2interface Ethernet0/0/0ip address 10.0.0.14 255.255.255.252 ip route-static 0.0.0.0 0.0.0.0 10.0.0.13 #2.6CE3的相关配置#Sysn CE3interface Ethernet 0/0/0ip address 10.0.0.18 255.255.255.252 ip route-static 0.0.0.0 0.0.0.0 10.0.0.17 #2.7CE4的相关配置#SysSysn CE4interface Ethernet 0/0/0ip address 10.0.0.22 255.255.255.252 ip route-static 0.0.0.0 0.0.0.0 10.0.0.21 #3实验结果:3.1PE1 vpn 路由表[PE1]disp ip rout[PE1]disp ip routing-tableRoute Flags: R - relay, D - download to fib------------------------------------------------------------------------------Routing Tables: PublicDestinations : 8 Routes : 8Destination/Mask Proto Pre Cost Flags NextHop Interface1.1.1.1/32 Direct 0 0 D 127.0.0.1 LoopBack02.2.2.2/32 OSPF 10 1 D 10.0.0.2 Ethernet0/0/03.3.3.3/32 OSPF 10 2 D 10.0.0.2 Ethernet0/0/010.0.0.0/30 Direct 0 0 D 10.0.0.1 Ethernet0/0/010.0.0.1/32 Direct 0 0 D 127.0.0.1 Ethernet0/0/010.0.0.4/30 OSPF 10 2 D 10.0.0.2 Ethernet0/0/0127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0[PE1]disp ip routing-table vp[PE1]disp ip routing-table vpn-instance ?STRING<1-31> VPN instance name[PE1]disp ip routing-table vpn-instance VPN1Route Flags: R - relay, D - download to fib------------------------------------------------------------------------------Routing Tables: VPN1Destinations : 4 Routes : 4Destination/Mask Proto Pre Cost Flags NextHop Interface0.0.0.0/0 Static 60 0 RD 10.0.0.14 Ethernet0/0/110.0.0.12/30 Direct 0 0 D 10.0.0.13 Ethernet0/0/110.0.0.13/32 Direct 0 0 D 127.0.0.1 Ethernet0/0/110.0.0.16/30 IBGP 255 0 RD 3.3.3.3 Ethernet0/0/0[PE1][PE1]disp ip routing-table vpn-instance VPN2Route Flags: R - relay, D - download to fib------------------------------------------------------------------------------Routing Tables: VPN2Destinations : 4 Routes : 4Destination/Mask Proto Pre Cost Flags NextHop Interface0.0.0.0/0 Static 60 0 RD 10.0.0.10GigabitEthernet0/0/010.0.0.8/30 Direct 0 0 D 10.0.0.9GigabitEthernet0/0/010.0.0.9/32 Direct 0 0 D 127.0.0.1GigabitEthernet0/0/010.0.0.20/30 IBGP 255 0 RD 3.3.3.3 Ethernet0/0/0 [PE1]3.2P路由表<P>disp ip routingRoute Flags: R - relay, D - download to fib------------------------------------------------------------------------------ Routing Tables: PublicDestinations : 9 Routes : 9Destination/Mask Proto Pre Cost Flags NextHop Interface1.1.1.1/32 OSPF 10 1 D 10.0.0.1 Ethernet0/0/02.2.2.2/32 Direct 0 0 D 127.0.0.1 LoopBack03.3.3.3/32 OSPF 10 1 D 10.0.0.6 Ethernet0/0/110.0.0.0/30 Direct 0 0 D 10.0.0.2 Ethernet0/0/010.0.0.2/32 Direct 0 0 D 127.0.0.1 Ethernet0/0/010.0.0.4/30 Direct 0 0 D 10.0.0.5 Ethernet0/0/110.0.0.5/32 Direct 0 0 D 127.0.0.1 Ethernet0/0/1127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0PE2 Vpn 路由表<PE2>dis ip routRoute Flags: R - relay, D - download to fib------------------------------------------------------------------------------ Routing Tables: PublicDestinations : 8 Routes : 8Destination/Mask Proto Pre Cost Flags NextHop Interface1.1.1.1/32 OSPF 10 2 D 10.0.0.5 Ethernet0/0/02.2.2.2/32 OSPF 10 1 D 10.0.0.5 Ethernet0/0/03.3.3.3/32 Direct 0 0 D 127.0.0.1 LoopBack010.0.0.0/30 OSPF 10 2 D 10.0.0.5 Ethernet0/0/010.0.0.4/30 Direct 0 0 D 10.0.0.6 Ethernet0/0/010.0.0.6/32 Direct 0 0 D 127.0.0.1 Ethernet0/0/0127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0<PE2>dis ip rou<PE2>dis ip routing-table vpn-instance VPN1Route Flags: R - relay, D - download to fib------------------------------------------------------------------------------ Routing Tables: VPN1Destinations : 3 Routes : 3Destination/Mask Proto Pre Cost Flags NextHop Interface10.0.0.12/30 IBGP 255 0 RD 1.1.1.1 Ethernet0/0/010.0.0.16/30 Direct 0 0 D 10.0.0.17 Ethernet0/0/110.0.0.17/32 Direct 0 0 D 127.0.0.1 Ethernet0/0/1<PE2>dis ip routing-table vpn-instance VPN2Route Flags: R - relay, D - download to fib------------------------------------------------------------------------------ Routing Tables: VPN2Destinations : 4 Routes : 4Destination/Mask Proto Pre Cost Flags NextHop Interface0.0.0.0/0 Static 60 0 RD 10.0.0.22 GigabitEthernet0/0/0 10.0.0.8/30 IBGP 255 0 RD 1.1.1.1 Ethernet0/0/010.0.0.20/30 Direct 0 0 D 10.0.0.21 GigabitEthernet0/0/0 10.0.0.21/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0<PE2><P>3.3Ping:相同VPN之间可以通,不同VPN之间不通,CE2-CE4不通<CE2>ping 10.0.0.22PING 10.0.0.22: 56 data bytes, press CTRL_C to breakRequest time outRequest time outRequest time outRequest time outRequest time out--- 10.0.0.22 ping statistics ---5 packet(s) transmitted0 packet(s) received100.00% packet lossCE2-CE3能通<CE2>ping 10.0.0.18PING 10.0.0.18: 56 data bytes, press CTRL_C to breakReply from 10.0.0.18: bytes=56 Sequence=1 ttl=253 time=390 ms Reply from 10.0.0.18: bytes=56 Sequence=2 ttl=253 time=140 ms Reply from 10.0.0.18: bytes=56 Sequence=3 ttl=253 time=140 ms Reply from 10.0.0.18: bytes=56 Sequence=4 ttl=253 time=140 ms Reply from 10.0.0.18: bytes=56 Sequence=5 ttl=253 time=120 ms--- 10.0.0.18 ping statistics ---5 packet(s) transmitted5 packet(s) received0.00% packet lossround-trip min/avg/max = 120/186/390 ms <CE2>。
bgp,vpn实例
去年12月的时候做了一个项目,中间碰到一个问题,今天写出来跟大家分享一下。
项目概况是这样的,国家电网的一市局,市局里放了两台NE20E-8的路由器,做为全市的核心路由器,每台NE20E-8用一个CPOS口通过传输设备复用出多个2M线路,下接多个变电所,变电所路由器为cisco的2811路由器。
cisco 2811路由器与两台NE20E-8组成一个链路双归网络,cisco 2811、两台NE20E-8路由器均为PE设备,两台NE20E-8做为全市的路由反射器,变电所的cisco2811路由器只与两台NE20E-8路由器建立BGP邻居关系。
全市存在两个VPN(MPLS/VPN),分别以VRF A和VRF B表示,两台NE20E-8使用upe 方式向cisco2811下发缺省路由引导上行流量,在cisco 2811中重分布直连路由。
以下为网络示意图:以下为三台设备的配置文件NE20E-8A:dis cu#sysname HZLA-NE20E-8A#router id 33.10.191.11#diffserv domain#ip vpn-instance realtimeroute-distinguisher 2007:1vpn-target 30033:11 export-extcommunityvpn-target 30033:1 30033:11 30033:13 import-extcommunity #ip vpn-instance nrtroute-distinguisher 2007:2vpn-target 30033:12 export-extcommunityvpn-target 30033:2 30033:12 30033:14 import-extcommunity #mpls lsr-id 33.10.191.11mpls#mpls ldp#controller Cpos3/0/0e1 6 channel-set 0 timeslot-list 1-31#interface Aux0async mode flowlink-protocol ppp#interface Ethernet1/0/0#interface Ethernet1/0/1#interface Ethernet1/0/2#interface Ethernet1/0/3#interface Ethernet1/0/4description LINK_TO_HZ-NE20-8Aip address 33.10.190.6 255.255.255.252mplsmpls ldp#interface Ethernet1/0/5#interface Ethernet1/0/6#interface Ethernet1/0/7#interface Ethernet2/0/0#interface Ethernet2/0/1#interface Ethernet2/0/2description LINK_TO_HZLA-NE20-8Bip address 33.10.190.61 255.255.255.252 mplsmpls ldp#interface Ethernet2/0/3#interface Ethernet2/0/4#interface Ethernet2/0/5#interface Ethernet2/0/6#interface Ethernet2/0/6.100vlan-type dot1q 100description LINK_TO_HZLA-S3328TP-RT ip binding vpn-instance realtimeip address 33.10.190.209 255.255.255.252 #interface Ethernet2/0/6.200vlan-type dot1q 200description realtimeip binding vpn-instance realtimeip address 10.33.177.94 255.255.255.224 vrrp vrid 200 virtual-ip 10.33.177.94#interface Ethernet2/0/7#interface Ethernet4/0/0#interface Ethernet4/0/1#interface Ethernet4/0/2#interface Ethernet4/0/3#interface Ethernet4/0/4#interface Ethernet4/0/5#interface Ethernet4/0/6#interface Ethernet4/0/6.300#interface Ethernet4/0/6.400description nrt#interface Ethernet4/0/7#interface Serial3/0/0/6:0link-protocol pppdescription xiushuiip address 33.10.177.217 255.255.255.252 mplsmpls ldp#interface GigabitEthernet0/0/1#interface GigabitEthernet0/0/2#interface NULL0#interface LoopBack0ip address 33.10.191.11 255.255.255.255 #bgp 30033group 500 internalpeer 500 connect-interface LoopBack0 peer 33.10.191.131 as-number 30033 peer 33.10.191.131 group 500group 300 internalpeer 300 connect-interface LoopBack0 peer 33.10.191.1 as-number 30033peer 33.10.191.1 group 300peer 33.10.191.12 as-number 30033peer 33.10.191.12 group 300#ipv4-family unicastundo synchronizationreflector cluster-id 100.100.100.100peer 300 enablepeer 33.10.191.1 enablepeer 33.10.191.1 group 300peer 33.10.191.12 enablepeer 33.10.191.12 group 300peer 500 enablepeer 500 reflect-clientpeer 33.10.191.131 enablepeer 33.10.191.131 group 500#ipv4-family vpnv4reflector cluster-id 100.100.100.100policy vpn-targetpeer 300 enablepeer 33.10.191.1 enablepeer 33.10.191.1 group 300peer 33.10.191.12 enablepeer 33.10.191.12 group 300peer 500 enablepeer 500 reflect-clientpeer 500 upepeer 500 default-originate vpn-instance realtimepeer 500 default-originate vpn-instance nrtpeer 33.10.191.131 enablepeer 33.10.191.131 group 500#ipv4-family vpn-instance realtimeimport-route directimport-route static#ipv4-family vpn-instance nrtimport-route directimport-route static#aaalocal-user admin password cipher .]@USE=B,53Q=^Q`MAF4<1!! local-user admin service-type telnetlocal-user admin level 15authentication-scheme default#authorization-scheme default#accounting-scheme default#domain default##ospf 1area 0.0.0.21network 33.10.191.11 0.0.0.0network 33.10.190.4 0.0.0.3network 33.10.190.60 0.0.0.3network 33.10.177.216 0.0.0.3#nqa-jitter tag-version 1#snmp-agentsnmp-agent local-engineid 000007DB7F00000100004E8Bsnmp-agent community write Zpepbdc@sjwsnmp-agent community read huaWei8zjepsnmp-agent sys-info version allsnmp-agent target-host trap address udp-domain 10.33.223.178 params securityname huaWei8zjepsnmp-agent target-host trap address udp-domain 10.33.223.179 params securityname huaWei8zjepsnmp-agent trap enable standardsnmp-agent trap source LoopBack0#user-interface con 0user-interface aux 0user-interface vty 0 4authentication-mode aaa#returnNE20—B:dis cu#sysname HZLA-NE20E-8B#router id 33.10.191.12#diffserv domain#ip vpn-instance realtimeroute-distinguisher 2008:1vpn-target 30033:11 export-extcommunityvpn-target 30033:1 30033:11 30033:13 import-extcommunity#ip vpn-instance nrtroute-distinguisher 2008:2vpn-target 30033:12 export-extcommunityvpn-target 30033:2 30033:12 30033:14 import-extcommunitympls lsr-id 33.10.191.12mpls#mpls ldp#controller Cpos3/0/0e1 6 channel-set 0 timeslot-list 1-31#interface Aux0async mode flowlink-protocol ppp#interface Ethernet1/0/0#interface Ethernet1/0/1#interface Ethernet1/0/2#interface Ethernet1/0/3#interface Ethernet1/0/4#interface Ethernet1/0/5#interface Ethernet1/0/6#interface Ethernet1/0/7#interface Ethernet2/0/0#interface Ethernet2/0/1#interface Ethernet2/0/2description LINK_TO_HZLA-NE20-8A ip address 33.10.190.62 255.255.255.252 mplsmpls ldp#interface Ethernet2/0/3#interface Ethernet2/0/4#interface Ethernet2/0/5interface Ethernet2/0/6#interface Ethernet2/0/6.300vlan-type dot1q 300description LINK_TO_HZLA-S3328TP-NRT ip binding vpn-instance nrtip address 33.10.190.217 255.255.255.252#interface Ethernet2/0/6.400vlan-type dot1q 400description nrtip binding vpn-instance nrtip address 10.33.177.126 255.255.255.224 vrrp vrid 40 virtual-ip 10.33.177.126#interface Ethernet2/0/7#interface Ethernet4/0/0#interface Ethernet4/0/1#interface Ethernet4/0/2#interface Ethernet4/0/3#interface Ethernet4/0/4description LINK_TO_HZFY-NE20-8Aip address 33.10.190.58 255.255.255.252 mplsmpls ldp#interface Ethernet4/0/5#interface Ethernet4/0/6#interface Ethernet4/0/6.100#interface Ethernet4/0/6.200description realtime#interface Ethernet4/0/7#interface Serial3/0/0/6:0link-protocol pppdescription xiushuiip address 33.10.226.217 255.255.255.252 mplsmpls ldp#interface GigabitEthernet0/0/1#interface GigabitEthernet0/0/2#interface NULL0#interface LoopBack0ip address 33.10.191.12 255.255.255.255 #bgp 30033group 500 internalpeer 500 connect-interface LoopBack0 peer 33.10.191.131 as-number 30033 peer 33.10.191.131 group 500group 300 internalpeer 300 connect-interface LoopBack0 peer 33.10.191.11 as-number 30033peer 33.10.191.11 group 300peer 33.10.191.9 as-number 30033peer 33.10.191.9 group 300#ipv4-family unicastundo synchronizationreflector cluster-id 100.100.100.100peer 300 enablepeer 33.10.191.11 enablepeer 33.10.191.11 group 300peer 33.10.191.9 enablepeer 33.10.191.9 group 300peer 500 enablepeer 33.10.191.131 enablepeer 33.10.191.131 group 500#ipv4-family vpnv4reflector cluster-id 100.100.100.100 policy vpn-targetpeer 300 enablepeer 33.10.191.11 enablepeer 33.10.191.11 group 300peer 33.10.191.9 enablepeer 33.10.191.9 group 300peer 500 enablepeer 500 reflect-clientpeer 500 upepeer 500 default-originate vpn-instance realtimepeer 500 default-originate vpn-instance nrtpeer 33.10.191.131 enablepeer 33.10.191.131 group 500#ipv4-family vpn-instance realtimeimport-route directimport-route static#ipv4-family vpn-instance nrtimport-route directimport-route static#aaalocal-user admin password cipher .]@USE=B,53Q=^Q`MAF4<1!! local-user admin service-type telnetlocal-user admin level 15authentication-scheme default#authorization-scheme default#accounting-scheme default#domain default##ospf 1import-route directarea 0.0.0.21network 33.10.191.12 0.0.0.0network 33.10.190.60 0.0.0.3network 33.10.190.56 0.0.0.3network 33.10.226.216 0.0.0.3#nqa-jitter tag-version 1#snmp-agentsnmp-agent local-engineid 000007DB7F00000100004E8Bsnmp-agent community write Zpepbdc@sjwsnmp-agent community read huaWei8zjepsnmp-agent sys-info version allsnmp-agent target-host trap address udp-domain 10.33.223.178 params securityname huaWei8zjepsnmp-agent target-host trap address udp-domain 10.33.223.179 params securityname huaWei8zjepsnmp-agent trap enable standardsnmp-agent trap source LoopBack0#user-interface con 0user-interface aux 0user-interface vty 0 4authentication-mode aaa#returncisco 2811LAXIUSHUI-R2811-1#sho runBuilding configuration...Current configuration : 3511 bytes!version 12.4no service padservice timestamps debug datetime msecservice timestamps log datetime msecservice password-encryption!hostname LAXIUSHUI-R2811-1!boot-start-markerboot-end-marker!card type e1 0 1logging message-counter syslogenable secret 5 $1$0LKz$71.irTxS.bL56D.GD74lD/!no aaa new-modelclock timezone CST 8no network-clock-participate wic 1!dot11 syslogno ip source-routeno ip gratuitous-arps!!ip cefip vrf nrtrd 2406:2route-target export 30033:14route-target import 30033:2route-target import 30033:12!ip vrf realtimerd 2406:1route-target export 30033:13route-target import 30033:1route-target import 30033:11!!!no ipv6 cef!multilink bundle-name authenticated !!!!!!!!!!!!!!!!!!!!!!!voice-card 0!!!!!archivelog confighidekeys!!!!!controller E1 0/1/0framing NO-CRC4clock source internalchannel-group 0 timeslots 1-31!controller E1 0/1/1framing NO-CRC4clock source internalchannel-group 0 timeslots 1-31!!!!!interface Loopback0ip address 33.10.191.131 255.255.255.255 !interface FastEthernet0/0ip address 192.168.1.1 255.255.255.0 duplex autospeed auto!interface FastEthernet0/1no ip addressshutdownduplex autospeed auto!interface FastEthernet0/0/0description ***TO LAXIUSHUI-C2918-01 G0/24*** switchport mode trunk!interface FastEthernet0/0/1description ***TO LAXIUSHUI-C2918-02 G0/24*** switchport mode trunk!interface FastEthernet0/0/2!interface FastEthernet0/0/3!interface Serial0/1/0:0description ***TO LINAN-NE20-A ....***ip address 33.10.177.218 255.255.255.252 encapsulation pppmpls ip!interface Serial0/1/1:0description ***TO LINAN-NE20-B ....***ip address 33.10.226.218 255.255.255.252 encapsulation pppmpls ip!interface Vlan1no ip address!interface Vlan10ip vrf forwarding realtimeip address 33.10.234.97 255.255.255.248!interface Vlan20ip vrf forwarding nrtip address 33.10.234.105 255.255.255.248!interface Vlan30description management-realtimeip vrf forwarding realtimeip address 33.10.185.218 255.255.255.252ip access-group 100 in!interface Vlan40description management-nrtip vrf forwarding nrtip address 33.10.189.218 255.255.255.252!router ospf 1router-id 33.10.191.131log-adjacency-changesnetwork 33.10.177.216 0.0.0.3 area 21 network 33.10.191.131 0.0.0.0 area 21 network 33.10.226.216 0.0.0.3 area 21 !router bgp 30033bgp router-id 33.10.191.131no bgp default ipv4-unicastbgp log-neighbor-changesneighbor 500 peer-groupneighbor 500 remote-as 30033 neighbor 500 update-source Loopback0 neighbor 33.10.191.11 peer-group 500 neighbor 33.10.191.12 peer-group 500 !address-family ipv4neighbor 33.10.191.11 activate neighbor 33.10.191.12 activateno auto-summaryno synchronizationexit-address-family!address-family vpnv4neighbor 500 send-community extended neighbor 33.10.191.11 activate neighbor 33.10.191.12 activateexit-address-family!address-family ipv4 vrf realtime redistribute connectedredistribute staticno synchronizationexit-address-family!address-family ipv4 vrf nrt redistribute connectedredistribute staticno synchronizationexit-address-family!ip forward-protocol ndno ip http serverno ip http secure-server!!!!!!!!!control-plane!!!!!!!!!!line con 0line aux 0line vty 0 4exec-timeout 5 0password 7 1511021F07257A767Blogin!scheduler allocate 20000 1000end正常情况下,按照上面的配置,网络是不会有问题的,但当天做完后,发现网络不通,经检查,发现cisco 2811中每个vrf中均上存在一条缺省路由,为bgp路由是指向NE20-A 的(优选router-ID小的),这条路由是正常的。
BGP-MPLS-VPN配置示例及思路
一、配置思路1、公网隧道配置本结点LSR ID1mpls lsr‐id *.*.*.*使能mpls 与 mpls ldp1系统模式下:2 mpls3 mpls ldp4接口模式下:5 interface ethernet 0/0/16 mpls7 mpls ldp【注】以上仅针对P、PE设备。
2、本地VPN创建VPN实例;配置RD、RT;绑定接口与VPN实例;将PE和CE之间的路由实例 与 VPN绑定;3、MP-BGP配置PE间的普通BGP邻居和MP-BGP邻居;将本地VPN路由和mp-bgp之间的路由相互引入二、配置示例组网需求:完成各VPN内部用户互通;地址规划:如下表设备名称P1PE2PE3CE4CE5……loopback / router id/ lsr-id 1.1.1.1 / 32 1.1.1.1 / 32 1.1.1.1 / 32 4.4.4.4 / 32 5.5.5.5 / 32……互联地址段从左到右设备数字组合数(如PE2与P1:10.0.21.0 / 24)……互联地址设备数字对应各自地址(如PE2:10.0.21.2 / 24)……其他详见下图……1、公网隧道配置P与PE的IGP路由(ospf);配置P与PE的LSR ID,并使能系统及接口下的mpls和mpls ldp功能;2、本地VPN创建VPN实例;配置RD、RT;1ip vpn‐instance company‐12 route‐distinguisher 100:13 vpn‐target 100:1 export‐extcommunity4 vpn‐target 100:1 import‐extcommunity56ip vpn‐instance company‐27 route‐distinguisher 100:28 vpn‐target 100:2 export‐extcommunity9 vpn‐target 100:2 import‐extcommunity10 //PE1与PE2该配置相同绑定私网接口与VPN实例;在PE上, 与对应用户(CE设备)相连接口与VPN进行绑定(CE设备无感知,接口只需普通地址配置);1 //以PE2为例,其他接口及PE相同2interface GigabitEthernet0/0/03 ip binding vpn‐instance company‐24 ip address 10.0.82.2 255.255.255.0将PE和CE之间的路由实例 与 VPN绑定;1 //PE22ospf 11 vpn‐instance company‐13 area 0.0.0.04 network 10.0.42.0 0.0.0.2555 //CE46ospf 117 area 0.0.0.08 network 10.0.42.0 0.0.0.2559 network 10.0.64.0 0.0.0.2553、MP-BGP配置PE间的普通BGP邻居(只能传递普通IPv4路由);1bgp 100 //PE2配置2 peer 3.3.3.3 as‐number 1003 peer 3.3.3.3 connect‐interface LoopBack045bgp 100 //PE3配置6 peer 2.2.2.2 as‐number 1007 peer 2.2.2.2 connect‐interface LoopBack0配置PE间的MP-BGP邻居(能传递BGP mpls VPN的私网路由,即VPNv4路由);建立MP-BGP邻居前提是PE间已经建立了普通的BGP邻居;1BGP 100 //PE2配置2 ipv4‐family vpnv43 peer 3.3.3.3 enable45BGP 100 //PE3配置6 ipv4‐family vpnv47 peer 2.2.2.2 enable配置本地VPN路由和mp-bgp之间的路由相互引入;建立MP-BGP邻居前提是PE间已经建立了普通的BGP邻居;1 bgp 100 //BGP中引入直连和IGP2 ipv4‐family vpn‐instance company‐13 import‐route direct4 import‐route ospf 115 ipv4‐family vpn‐instance company‐225 ip address 10.0.21.1 255.255.255.026 mpls27 mpls ldp28#29interface Ethernet0/0/130 ip address 10.0.13.1 255.255.255.031 mpls32 mpls ldp33#34interface Serial0/0/035 link‐protocol ppp36#37interface Serial0/0/138 link‐protocol ppp39#40interface Serial0/0/241 link‐protocol ppp42#43interface Serial0/0/344 link‐protocol ppp45#46interface GigabitEthernet0/0/047#48interface GigabitEthernet0/0/149#50interface GigabitEthernet0/0/251#52interface GigabitEthernet0/0/353#54wlan55#56interface NULL057#58interface LoopBack059 ip address 1.1.1.1 255.255.255.255 60#61ospf 162 area 0.0.0.027 accounting‐scheme default28 domain default29 domain default_admin30 local‐user admin password cipher F<Z4DJzy<+jKUGU‐KkpB7bo#31 local‐user admin service‐type http32#33firewall zone Local34 priority 1635#36interface Ethernet0/0/037 ip binding vpn‐instance company‐138 ip address 10.0.42.2 255.255.255.039#40interface Ethernet0/0/141 ip address 10.0.21.2 255.255.255.042 mpls43 mpls ldp44#45interface Serial0/0/046 link‐protocol ppp47#48interface Serial0/0/149 link‐protocol ppp50#51interface Serial0/0/252 link‐protocol ppp53#54interface Serial0/0/355 link‐protocol ppp56#57interface GigabitEthernet0/0/058 ip binding vpn‐instance company‐259 ip address 10.0.82.2 255.255.255.060#61interface GigabitEthernet0/0/162#63interface GigabitEthernet0/0/264#65interface GigabitEthernet0/0/366#67wlan68#69interface NULL070#71interface LoopBack072 ip address 2.2.2.2 255.255.255.25573#74bgp 10075 peer 3.3.3.3 as‐number 10076 peer 3.3.3.3 connect‐interface LoopBack077 #78 ipv4‐family unicast79 undo synchronization80 peer 3.3.3.3 enable81 #82 ipv4‐family vpnv483 policy vpn‐target84 peer 3.3.3.3 enable85 #86 ipv4‐family vpn‐instance company‐187 import‐route direct88 import‐route ospf 1189 #90 ipv4‐family vpn‐instance company‐291 import‐route direct92 import‐route ospf 1293#94ospf 195 area 0.0.0.096 network 10.0.21.0 0.0.0.25597 network 2.2.2.2 0.0.0.098#99ospf 11 vpn‐instance company‐1100 import‐route bgp101 area 0.0.0.0102 network 10.0.42.0 0.0.0.25525 authentication‐scheme default26 authorization‐scheme default27 accounting‐scheme default28 domain default29 domain default_admin30 local‐user admin password cipher F5S!+T‐YL&:z9:%F`[a=vbt#31 local‐user admin service‐type http32#33firewall zone Local34 priority 1635#36interface Ethernet0/0/037 ip address 10.0.13.3 255.255.255.038 mpls39 mpls ldp40#41interface Ethernet0/0/142 ip binding vpn‐instance company‐143 ip address 10.0.35.3 255.255.255.044#45interface Serial0/0/046 link‐protocol ppp47#48interface Serial0/0/149 link‐protocol ppp50#51interface Serial0/0/252 link‐protocol ppp53#54interface Serial0/0/355 link‐protocol ppp56#57interface GigabitEthernet0/0/058 ip binding vpn‐instance company‐259 ip address 10.0.39.3 255.255.255.060#61interface GigabitEthernet0/0/162#63interface GigabitEthernet0/0/264#65interface GigabitEthernet0/0/366#67wlan68#69interface NULL070#71interface LoopBack072 ip address 3.3.3.3 255.255.255.25573#74bgp 10075 peer 2.2.2.2 as‐number 10076 peer 2.2.2.2 connect‐interface LoopBack077 #78 ipv4‐family unicast79 undo synchronization80 peer 2.2.2.2 enable81 #82 ipv4‐family vpnv483 policy vpn‐target84 peer 2.2.2.2 enable85 #86 ipv4‐family vpn‐instance company‐187 import‐route direct88 import‐route ospf 1389 #90 ipv4‐family vpn‐instance company‐291 import‐route direct92 import‐route ospf 1493#94ospf 195 area 0.0.0.096 network 10.0.13.0 0.0.0.25597 network 3.3.3.3 0.0.0.098#99ospf 13 vpn‐instance company‐15 authentication‐scheme default6 authorization‐scheme default7 accounting‐scheme default8 domain default9 domain default_admin10 local‐user admin password cipher a9uRU{EO!7ECB7Ie7'/)Gbd#11 local‐user admin service‐type http12#13firewall zone Local14 priority 1615#16interface Ethernet0/0/017 ip address 10.0.35.5 255.255.255.018#19interface Ethernet0/0/120 ip address 10.0.57.5 255.255.255.021#22interface Serial0/0/023 link‐protocol ppp24#25interface Serial0/0/126 link‐protocol ppp27#28interface Serial0/0/229 link‐protocol ppp30#31interface Serial0/0/332 link‐protocol ppp33#34interface GigabitEthernet0/0/035#36interface GigabitEthernet0/0/137#38interface GigabitEthernet0/0/239#40interface GigabitEthernet0/0/32sysname Huawei3#4aaa5 authentication‐scheme default6 authorization‐scheme default7 accounting‐scheme default8 domain default9 domain default_admin10 local‐user admin password cipher {07;SSP`4Kpe}@HMNPn@fba#11 local‐user admin service‐type http12#13firewall zone Local14 priority 1615#16interface Ethernet0/0/017 ip address 10.0.39.9 255.255.255.018#19interface Ethernet0/0/120 ip address 10.0.90.9 255.255.255.021#22interface Serial0/0/023 link‐protocol ppp24#25interface Serial0/0/126 link‐protocol ppp27#28interface Serial0/0/229 link‐protocol ppp30#31interface Serial0/0/332 link‐protocol ppp33#34interface GigabitEthernet0/0/035#36interface GigabitEthernet0/0/137#38interface GigabitEthernet0/0/240interface GigabitEthernet0/0/341#42wlan43#44interface NULL045#46ospf 1447 area 0.0.0.048 network 10.0.39.0 0.0.0.25549 network 10.0.90.0 0.0.0.25550#51user‐interface con 052user‐interface vty 0 453user‐interface vty 16 2054#55return~ END ~。
BGP-MPLS-VPN配置与故障排查
PE1:
interface Ethernet0/1 ip binding vpn-instance vpn1 ip address 192.168.1.1 255.255.255.252
# interface Ethernet0/2 ip binding vpn-instance vpn2 ip address 172.32.1.1 255.255.255.252
网络环境和需求
VPN1 CE1
用户1: 192.168.254.1/24
用户2: 172.32.254.1/24
VPN1 CE3
Loopback0:1.1.1.1/32
Loopback0:1.1.1.2/32
PE1
E0/1 E0/0
Loopback0:1.1.1.3/32 PE2
.2
E1/0
.6
E0/1
配置接口与VPN实例绑定 interface interface-type interface-number ip binding vpn-instance vpn-instance-name
配置PE与CE之间的路由实例与VPN绑定,以OSPF为例: ospf [ process-id | router-id router-id | vpn-instance vpn-instance-name ]
BGP MPLS VPN的配置思路与对BGP MPLS VPN技 术原理的理解一致,分为以下三个步骤:
配置公网隧道 配置本地VPN 配置MP-BGP
5
目录
BGP MPLS VPN配置思路 BGP MPLS VPN配置命令 BGP MPLS VPN配置示例 BGP MPLS VPN故障排查
华为路由器MPLSVPN配置示例
图1 配置BGP/MPLS IP VPN组网图组网需求如图1所示:•CE1连接公司总部研发区、CE3连接分支机构研发区,CE1和CE3属于vpna;•CE2连接公司总部非研发区、CE4连接分支机构非研发区,CE2和CE4属于vpnb。
公司要求通过部署BGP/MPLS IP VPN,实现总部和分支机构的安全互通,同时要求研发区和非研发区间数据隔离。
配置思路采用如下的思路配置BGP/MPLS IP VPN:1.P、PE之间配置OSPF,实现骨干网的IP连通性。
2.PE、P上配置MPLS基本能力和MPLS LDP,建立MPLS LSP公网隧道,传输VPN数据。
3.PE1和PE2上配置VPN实例,其中,vpna使用的VPN-target属性为111:1,vpnb使用的VPN-target属性为222:2,以实现相同VPN间互通,不同VPN间隔离。
同时,与CE相连的接口和相应的VPN实例绑定,以接入VPN用户。
4.PE1和PE2之间配置MP-IBGP,交换VPN路由信息。
5.CE与PE之间配置EBGP,交换VPN路由信息。
操作步骤1.在MPLS骨干网上配置OSPF协议,实现骨干网PE和P的互通# 配置PE1。
<Huawei> system-view[Huawei] sysname PE1[PE1] interface loopback 1[PE1-LoopBack1] ip address 1.1.1.9 32[PE1-LoopBack1] quit[PE1] interface gigabitethernet 3/0/0[PE1-GigabitEthernet3/0/0] ip address 172.1.1.1 24[PE1-GigabitEthernet3/0/0] quit[PE1] ospf 1[PE1-ospf-1] area 0[PE1-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255[PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0[PE1-ospf-1-area-0.0.0.0] quit[PE1-ospf-1] quit# 配置P。
mplsbgpvpn技术方案
可扩展性
支持大规模的站点和用户,具备良好的可扩 展性。
02
BGP VPN技术介绍
mplsbgpvpn技术方案
汇报人: 2024-01-08
目录
• MPLS VPN技术介绍 • BGP VPN技术介绍 • MPLS与BGP VPN比较 • MPLSBGPVPN融合方案 • MPLSBGPVPN技术方案应
用案例
01
MPLS VPN技术介绍
MPLS VPN定义
MPLS VPN是一种基于多协议标签交 换(MPLS)技术的虚拟专用网络( VPN)解决方案。
它通过在骨干网络上建立标签交换路 径(LSP),实现对数据包的快速、 高效转发,同时提供类似于传统VPN 的私密性和安全性。
MPLS VPN工作原理
MPLS VPN采用MPLS技术, 通过建立LSP实现数据包的快
速转发。
在MPLS VPN中,客户站点 与运营商骨干网络之间通过 PE(Provider Edge)路由器 连接,PE路由器之间通过P( Provider)路由器连接,形 成一个逻辑上的VPN骨干网
。
PE路由器根据客户站点需求 ,为其分配相应的标签和路 由,实现数据包的快速转发 。
MPLS VPN优势与特点
高可靠性
MPLS VPN采用快速收敛和保护倒换技术, 确保数据传输的可靠性和稳定性。
安全性
通过加密和访问控制列表(ACL)等安全措 施,确保数据传输的安全性和私密性。
灵活性
支持多种接入方式,如以太网、ATM等,满 足不同客户的需求。
BGP MPLS IP VPN 配置实例
BGP/MPLS IP VPN 配置实例配置实例前我们先来回顾一下BGP MPLS的几个先关概念隧道技术与MPLS• 隧道:一个虚拟的点对点的连接。
它提供了一条虚拟通路,使经过特殊封装的数据报能够在这个通路上传输。
在隧道的两端分别对数据报进行封装及解封装。
如GRE封装,隧道上的路由器根据报文外层的公网IP头进行数据转发。
如图所示,各设备的作用:•CE(Customer Edge):用户网络边缘设备,有接口直接与服务提供商SP (Service Provider)网络相连。
CE可以是SVN或交换机,也可以是一台主机。
通常情况下,CE“感知”不到VPN的存在,也不需要支持MPLS。
•PE(Provider Edge):服务提供商边缘设备,是服务提供商网络的边缘设备,与CE直接相连。
在MPLS网络中,对VPN的所有处理都发生在PE上。
•P(Provider):服务提供商网络中的骨干设备,不与CE直接相连。
P设备只需要具备基本MPLS转发能力,不维护VPN信息。
用户设备所在的区域,称为一个站点(Site),站点是指相互之间具备IP连通性的一组IP系统,并且这组IP系统的IP连通性不需通过运营商网络实现。
传统的VPN技术存在一些固有的缺陷,导致客户组网时的很多需求无法得到满足,并且实施比较复杂,MPLS VPN的出现解决了传统VPN技术的固有缺陷——地址空间的重叠问题。
• MPLS是天然的隧道,隧道上的路由器可以根据报文的MPLS头进行报文转发。
VRF(Virtual Routing and Forwarding):虚拟路由及转发,它是一种VPN 路由和转发实例。
• 一台PE 路由器,由于可能同时连接了多个VPN 用户,这些用户(的路由)彼此之间需要相互隔离,那么这时候就用到了VRF,PE 路由器上每一个VPN 都有一个VRF。
PE 路由器除了维护全局IP 路由表之外,还为每个VRF 维护一张独立的IP 路由表,这张路由表称为VRF 路由表。
- 1、下载文档前请自行甄别文档内容的完整性,平台不提供额外的编辑、内容补充、找答案等附加服务。
- 2、"仅部分预览"的文档,不可在线预览部分如存在完整性等问题,可反馈申请退款(可完整预览的文档不适用该条件!)。
- 3、如文档侵犯您的权益,请联系客服反馈,我们会尽快为您处理(人工客服工作时间:9:00-18:30)。
interface GigabitEthernet1/0/0
ip binding vpn-instance VPNB
ip address 10.1.36.3 255.255.255.0
#
#
interface LoopBack0
ip address 3.3.3.3 255.255.255.255
isis enable 1
ip binding vpn-instance VPNB
ip address 10.1.14.1 255.255.255.0
#
interface GigabitEthernet0/0/0
ip address 10.1.12.1 255.255.255.0
isis enable 1
mpls
mpls ldp
#
isis 1
is-level level-2
cost-style wide
network-entity 49.0060.0600.6006.00
#
interface GigabitEthernet0/0/0
vpn-target 100:1 export-extcommunity
vpn-target 100:1 import-extcommunity
#
ip vpn-instance VPNB
ipv4-family
route-distinguisher 200:1
vpn-target 200:1 export-extcommunity
CE 2
sysname RT5
acl number 2000
rule 5 permit source 192.168.10.0 0.0.0.255
acl number 2002
rule 5 permit source 192.168.70.0 0.0.0.3
isis 1
is-level level-2
#
interface LoopBack0
ip address 4.4.4.4 255.255.255.255
#
ospf 1
router-id 4.4.4.4
area 0.0.0.0
network 10.1.14.4 0.0.0.0
area 0.0.0.10
network 192.168.30.1 0.0.0.0
#
interface GigabitEthernet0/0/0
ip address 202.100.85.1 255.255.255.0
nat server protocol tcp global 202.100.85.100 www inside 192.168.200.200 8080
nat outbound 2000 address-group 1
cost-style wide
network-entity 49.0050.0500.5005.00
interface GigabitEthernet0/0/0
ip address 10.1.35.5 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 10.1.57.5 255.255.255.0
#பைடு நூலகம்
bgp 65001
peer 1.1.1.1 as-number 65001
peer 1.1.1.1 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
peer 1.1.1.1 enable
#
ipv4-family vpnv4
vpn-target 200:1 import-extcommunity
#
mpls lsr-id 1.1.1.1
mpls
#
mpls ldp
#
#
isis 1
is-level level-2
cost-style wide
network-entity 49.0010.0100.1001.00
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/1
ip binding vpn-instance VPNA
ip address 10.1.13.1 255.255.255.0
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
isis enable 1
#
PE 2
sysname RT3
ip vpn-instance VPNA
ipv4-family
route-distinguisher 100:1
vpn-target 100:1 export-extcommunity
vpn-target 100:1 import-extcommunity
#
ip vpn-instance VPNB
import-route direct
import-route ospf 1
#
ospf 1 vpn-instance VPNB
import-route bgp
area 0.0.0.0
network 10.1.14.0 0.0.0.255
#
ip route-static vpn-instance VPNA 192.168.0.0 255.255.255.0 10.1.13.3
port link-type access
port default vlan 10
#
#
interface LoopBack0
ip address 192.168.0.1 255.255.255.255
#
ip route-static 0.0.0.0 0.0.0.0 10.1.13.1
CE 4
sysname RT6
policy vpn-target
peer 1.1.1.1 enable
#
ipv4-family vpn-instance VPNA
import-route direct
import-route rip 1
#
ipv4-family vpn-instance VPNB
peer 10.1.35.5 as-number 65002
nat address-group 1 202.100.85.10 202.100.85.15
#
interface Serial1/0/0
undo ip address 10.1.14.4 255.255.255.0
interface GigabitEthernet4/0/0
ip address 10.1.14.4 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 192.168.30.1 255.255.255.0
#
interface GigabitEthernet0/0/2
ip address 192.168.40.1 255.255.255.0
#
interface NULL0
#
bgp 65001
peer 3.3.3.3 as-number 65001
peer 3.3.3.3 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
peer 3.3.3.3 enable
#
ipv4-family vpnv4
ip address 10.1.23.3 255.255.255.0
isis enable 1
mpls
mpls ldp
#
interface GigabitEthernet0/0/2
ip binding vpn-instance VPNB
ip address 10.1.35.3 255.255.255.0
interface GigabitEthernet0/0/0
ip address 10.1.12.2 255.255.255.0
isis enable 1
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
ip address 10.1.23.2 255.255.255.0
cost-style wide
network-entity 49.0030.0300.3003.00
#
interface GigabitEthernet0/0/0
ip binding vpn-instance VPNA
ip address 10.1.37.3 255.255.255.0
#
interface GigabitEthernet0/0/1
BGPMPLSVPN配置实例
图为bgp mpls vpn实例,下面分别为P设备,PE设备,CE设备配置及网络拓扑结构。
sysname RT2
mpls lsr-id 2.2.2.2
mpls
mpls ldp
isis 1
is-level level-2
cost-style wide
network-entity 49.0020.0200.2002.00
isis enable 1
mpls
mpls ldp
#
interface LoopBack0
ip address 2.2.2.2 255.255.255.255