华为数通MPLS-VPN实验配置

实验拓扑

实验需求

1. 实验模拟网络上有两个公司，公司A和公司B，需要实现同一公司可以通过ISP网络进行互访，不同公司不能互访，通过MPLS VPN实现这一需求。
2. 完成基础IP地址配置，每台路由器上创建环回接口LP0，地址设置为X.X.X.X,X为路由器编号（例：R1地址为1.1.1.1），路由器物理接口地址按拓扑配置。
3. R1 上创建loopback100:172.16.1.1。R7 上创建loopback100:172.16.2.1。R2 上创建loopback100:172.16.1.1。R6 上创建loopback100:172.16.2.1。这些环回接口用以模拟站点内网段。
4. AS500 为公网，IGP协议使用OSPF协议，使网络互通。
5. AS500 内，R3 与 R5 使用loopback 0 接口建立VPNV4 的邻居关系，不建立ipv4 邻居关系。
6. 在AS500使能MPLS协议，使用LDP协议分配标签。
7. 网络中只有同一公司可以互相访问。

• 公司A

1. R3创建VRF，名称为1，RD：1:1，出方向RT为1:7
2. R5创建VRF，名称为7，RD：7:7，出方向RT为7:1
3. 在PE和CE设备间建立BGP邻居关系，在PE设备间建立MP-BGP邻居关系以完成路由传递。
4. 在设备上正确通告路由，实现同A公司可以互访。

• 公司B

1. R3创建VRF，名称为2，RD：2:2，出方向RT为2:6
2. R5创建VRF，名称为6，RD：6:6，出方向RT为6:2
3. 在PE和CE设备间建立OSPF邻居关系
4. 在设备上正确通告路由，实现同B公司可以互访。

配置步骤

1.公网设备基础配置

(1)配置基础IP地址

//配置R3接口地址
#
 sysname R3
#
interface LoopBack0
 ip address 3.3.3.3 255.255.255.255
#
interface GigabitEthernet0/0/2
 ip address 34.1.1.3 255.255.255.0 
//配置R4接口地址
#
 sysname R4
#
interface GigabitEthernet0/0/0
 ip address 34.1.1.4 255.255.255.0 
#
interface GigabitEthernet0/0/1
 ip address 45.1.1.4 255.255.255.0 
#                                       
interface LoopBack0
 ip address 4.4.4.4 255.255.255.255 
//配置R5接口地址
#
 sysname R5
interface GigabitEthernet0/0/0
 ip address 45.1.1.5 255.255.255.0
#
interface LoopBack0
 ip address 5.5.5.5 255.255.255.255

(2)配置OSPF路由

//R3
ospf 1 router-id 3.3.3.3 
 area 0.0.0.0 
  network 3.3.3.3 0.0.0.0 
  network 34.1.1.3 0.0.0.0
//R4
ospf 1 router-id 4.4.4.4 
 area 0.0.0.0 
  network 4.4.4.4 0.0.0.0 
  network 34.1.1.4 0.0.0.0 
  network 45.1.1.4 0.0.0.0
//R5
ospf 1 router-id 5.5.5.5 
 area 0.0.0.0 
  network 5.5.5.5 0.0.0.0 
  network 45.1.1.5 0.0.0.0 

(3)配置BGP路由,R3-R5只建立VPNv4邻居,不建IPv4邻居

//R3
bgp 500
 peer 5.5.5.5 as-number 500 
 peer 5.5.5.5 connect-interface LoopBack0
 #
 ipv4-family unicast
  undo synchronization
  undo peer 5.5.5.5 enable
 #                                        
 ipv4-family vpnv4
  policy vpn-target
  peer 5.5.5.5 enable
//R5
bgp 500
 peer 3.3.3.3 as-number 500 
 peer 3.3.3.3 connect-interface LoopBack0
 #
 ipv4-family unicast
  undo synchronization
  undo peer 3.3.3.3 enable
 #                                        
 ipv4-family vpnv4
  policy vpn-target
  peer 3.3.3.3 enable

(4)创建MPLS隧道,开启MPLS LDP协议

//R3
mpls lsr-id 3.3.3.3
mpls
#
mpls ldp
#
interface GigabitEthernet0/0/2
 mpls
 mpls ldp
//R4
#
mpls lsr-id 4.4.4.4
mpls
#
mpls ldp
#
interface GigabitEthernet0/0/0
 mpls
 mpls ldp
#
interface GigabitEthernet0/0/1
 mpls
 mpls ldp
//R5
#
mpls lsr-id 5.5.5.5
mpls
#
mpls ldp
#
interface GigabitEthernet0/0/0      
 mpls
 mpls ldp

2.创建VPN-instance并配置相应接口

//R3
ip vpn-instance 1
 ipv4-family
  route-distinguisher 1:1
  vpn-target 1:7 export-extcommunity
  vpn-target 7:1 import-extcommunity
#
ip vpn-instance 2
 ipv4-family                              
  route-distinguisher 2:2
  vpn-target 2:6 export-extcommunity
  vpn-target 6:2 import-extcommunity
#
interface GigabitEthernet0/0/0
 ip binding vpn-instance 1                
 ip address 192.168.13.3 255.255.255.0 
#
interface GigabitEthernet0/0/1
 ip binding vpn-instance 2
 ip address 192.168.23.3 255.255.255.0 
#
//R5
#
ip vpn-instance 6
 ipv4-family
  route-distinguisher 6:6
  vpn-target 6:2 export-extcommunity
  vpn-target 2:6 import-extcommunity
#
ip vpn-instance 7
 ipv4-family                              
  route-distinguisher 7:7
  vpn-target 7:1 export-extcommunity
  vpn-target 1:7 import-extcommunity
#
interface GigabitEthernet0/0/1
 ip binding vpn-instance 7
 ip address 192.168.57.5 255.255.255.0 
#
interface GigabitEthernet0/0/2
 ip binding vpn-instance 6
 ip address 192.168.56.5 255.255.255.0 

3.创建OSPF进程,绑定VPN-instance

//R3
#
ospf 100 router-id 3.3.3.3 vpn-instance 1
 area 0.0.0.0 
  network 192.168.13.3 0.0.0.0 
#
ospf 200 router-id 3.3.3.3 vpn-instance 2
 area 0.0.0.0 
  network 192.168.23.3 0.0.0.0            
//R5
#
ospf 600 router-id 5.5.5.5 vpn-instance 6
 area 0.0.0.0 
  network 192.168.56.5 0.0.0.0 
#
ospf 700 router-id 5.5.5.5 vpn-instance 7
 area 0.0.0.0 
  network 192.168.57.5 0.0.0.0    

4.OSPF-BGP相互引入

//R3
#
ospf 100 router-id 3.3.3.3 vpn-instance 1
 import-route bgp
#
ospf 200 router-id 3.3.3.3 vpn-instance 2
 import-route bgp
#
bgp 500
 #
 ipv4-family vpn-instance 1 
  import-route ospf 100
 #
 ipv4-family vpn-instance 2 
  import-route ospf 200
//R5
#
ospf 600 router-id 5.5.5.5 vpn-instance 6
 import-route bgp
#
ospf 700 router-id 5.5.5.5 vpn-instance 7
 import-route bgp  
#
bgp 500
 #
 ipv4-family vpn-instance 6 
  import-route ospf 600
 #
 ipv4-family vpn-instance 7 
  import-route ospf 700

5.配置CE侧设备

(1)CE设备基础配置

//R1
#
 sysname R1
#
interface GigabitEthernet0/0/0
 ip address 192.168.13.1 255.255.255.0
#
interface LoopBack0
 ip address 1.1.1.1 255.255.255.255 
#
interface LoopBack100
 ip address 172.16.1.1 255.255.255.255
//R2
#
 sysname R2
#
interface GigabitEthernet0/0/0
 ip address 192.168.23.2 255.255.255.0 
#
interface LoopBack0
 ip address 2.2.2.2 255.255.255.255 
#
interface LoopBack100
 ip address 172.16.1.1 255.255.255.255
//R6
#
 sysname R6
#
interface GigabitEthernet0/0/0
 ip address 192.168.56.6 255.255.255.0 
#
interface LoopBack0
 ip address 6.6.6.6 255.255.255.255 
#
interface LoopBack100
 ip address 172.16.2.1 255.255.255.255
//R7
#
 sysname R7
#
interface GigabitEthernet0/0/0
 ip address 192.168.57.7 255.255.255.0 
#
interface LoopBack0
 ip address 7.7.7.7 255.255.255.255 
#
interface LoopBack100
 ip address 172.16.2.1 255.255.255.255 

(2)CE侧设备OSPF配置

//R1
#
ospf 1 router-id 1.1.1.1 
 area 0.0.0.0 
  network 172.16.1.1 0.0.0.0 
  network 192.168.13.1 0.0.0.0 
//R2 
#
ospf 1 router-id 2.2.2.2 
 area 0.0.0.0 
  network 172.16.1.1 0.0.0.0 
  network 192.168.23.2 0.0.0.0 
//R6
#
ospf 1 router-id 6.6.6.6 
 area 0.0.0.0 
  network 172.16.2.1 0.0.0.0 
  network 192.168.56.6 0.0.0.0 
//R7
#
ospf 1 router-id 7.7.7.7 
 area 0.0.0.0 
  network 172.16.2.1 0.0.0.0 
  network 192.168.57.7 0.0.0.0

eNSP拓扑文件