华为数通MPLS-VPN实验配置

实验拓扑

图片[1]-华为数通MPLS-VPN实验配置-果城虾米

实验需求

  1. 实验模拟网络上有两个公司,公司A和公司B,需要实现同一公司可以通过ISP网络进行互访,不同公司不能互访,通过MPLS VPN实现这一需求。
  2. 完成基础IP地址配置,每台路由器上创建环回接口LP0,地址设置为X.X.X.X,X为路由器编号(例:R1地址为1.1.1.1),路由器物理接口地址按拓扑配置。
  3. R1 上创建loopback100:172.16.1.1。R7 上创建loopback100:172.16.2.1。R2 上创建loopback100:172.16.1.1。R6 上创建loopback100:172.16.2.1。这些环回接口用以模拟站点内网段。
  4. AS500 为公网,IGP协议使用OSPF协议,使网络互通。
  5. AS500 内,R3 与 R5 使用loopback 0 接口建立VPNV4 的邻居关系,不建立ipv4 邻居关系。
  6. 在AS500使能MPLS协议,使用LDP协议分配标签。
  7. 网络中只有同一公司可以互相访问。
  • 公司A
  1. R3创建VRF,名称为1,RD:1:1,出方向RT为1:7
  2. R5创建VRF,名称为7,RD:7:7,出方向RT为7:1
  3. 在PE和CE设备间建立BGP邻居关系,在PE设备间建立MP-BGP邻居关系以完成路由传递。
  4. 在设备上正确通告路由,实现同A公司可以互访。
  • 公司B
  1. R3创建VRF,名称为2,RD:2:2,出方向RT为2:6
  2. R5创建VRF,名称为6,RD:6:6,出方向RT为6:2
  3. 在PE和CE设备间建立OSPF邻居关系
  4. 在设备上正确通告路由,实现同B公司可以互访。

配置步骤

1.公网设备基础配置

(1)配置基础IP地址

//配置R3接口地址
#
 sysname R3
#
interface LoopBack0
 ip address 3.3.3.3 255.255.255.255
#
interface GigabitEthernet0/0/2
 ip address 34.1.1.3 255.255.255.0 
//配置R4接口地址
#
 sysname R4
#
interface GigabitEthernet0/0/0
 ip address 34.1.1.4 255.255.255.0 
#
interface GigabitEthernet0/0/1
 ip address 45.1.1.4 255.255.255.0 
#                                       
interface LoopBack0
 ip address 4.4.4.4 255.255.255.255 
//配置R5接口地址
#
 sysname R5
interface GigabitEthernet0/0/0
 ip address 45.1.1.5 255.255.255.0
#
interface LoopBack0
 ip address 5.5.5.5 255.255.255.255

(2)配置OSPF路由

//R3
ospf 1 router-id 3.3.3.3 
 area 0.0.0.0 
  network 3.3.3.3 0.0.0.0 
  network 34.1.1.3 0.0.0.0
//R4
ospf 1 router-id 4.4.4.4 
 area 0.0.0.0 
  network 4.4.4.4 0.0.0.0 
  network 34.1.1.4 0.0.0.0 
  network 45.1.1.4 0.0.0.0
//R5
ospf 1 router-id 5.5.5.5 
 area 0.0.0.0 
  network 5.5.5.5 0.0.0.0 
  network 45.1.1.5 0.0.0.0 

(3)配置BGP路由,R3-R5只建立VPNv4邻居,不建IPv4邻居

//R3
bgp 500
 peer 5.5.5.5 as-number 500 
 peer 5.5.5.5 connect-interface LoopBack0
 #
 ipv4-family unicast
  undo synchronization
  undo peer 5.5.5.5 enable
 #                                        
 ipv4-family vpnv4
  policy vpn-target
  peer 5.5.5.5 enable
//R5
bgp 500
 peer 3.3.3.3 as-number 500 
 peer 3.3.3.3 connect-interface LoopBack0
 #
 ipv4-family unicast
  undo synchronization
  undo peer 3.3.3.3 enable
 #                                        
 ipv4-family vpnv4
  policy vpn-target
  peer 3.3.3.3 enable

(4)创建MPLS隧道,开启MPLS LDP协议

//R3
mpls lsr-id 3.3.3.3
mpls
#
mpls ldp
#
interface GigabitEthernet0/0/2
 mpls
 mpls ldp
//R4
#
mpls lsr-id 4.4.4.4
mpls
#
mpls ldp
#
interface GigabitEthernet0/0/0
 mpls
 mpls ldp
#
interface GigabitEthernet0/0/1
 mpls
 mpls ldp
//R5
#
mpls lsr-id 5.5.5.5
mpls
#
mpls ldp
#
interface GigabitEthernet0/0/0      
 mpls
 mpls ldp

2.创建VPN-instance并配置相应接口

//R3
ip vpn-instance 1
 ipv4-family
  route-distinguisher 1:1
  vpn-target 1:7 export-extcommunity
  vpn-target 7:1 import-extcommunity
#
ip vpn-instance 2
 ipv4-family                              
  route-distinguisher 2:2
  vpn-target 2:6 export-extcommunity
  vpn-target 6:2 import-extcommunity
#
interface GigabitEthernet0/0/0
 ip binding vpn-instance 1                
 ip address 192.168.13.3 255.255.255.0 
#
interface GigabitEthernet0/0/1
 ip binding vpn-instance 2
 ip address 192.168.23.3 255.255.255.0 
#
//R5
#
ip vpn-instance 6
 ipv4-family
  route-distinguisher 6:6
  vpn-target 6:2 export-extcommunity
  vpn-target 2:6 import-extcommunity
#
ip vpn-instance 7
 ipv4-family                              
  route-distinguisher 7:7
  vpn-target 7:1 export-extcommunity
  vpn-target 1:7 import-extcommunity
#
interface GigabitEthernet0/0/1
 ip binding vpn-instance 7
 ip address 192.168.57.5 255.255.255.0 
#
interface GigabitEthernet0/0/2
 ip binding vpn-instance 6
 ip address 192.168.56.5 255.255.255.0 

3.创建OSPF进程,绑定VPN-instance

//R3
#
ospf 100 router-id 3.3.3.3 vpn-instance 1
 area 0.0.0.0 
  network 192.168.13.3 0.0.0.0 
#
ospf 200 router-id 3.3.3.3 vpn-instance 2
 area 0.0.0.0 
  network 192.168.23.3 0.0.0.0            
//R5
#
ospf 600 router-id 5.5.5.5 vpn-instance 6
 area 0.0.0.0 
  network 192.168.56.5 0.0.0.0 
#
ospf 700 router-id 5.5.5.5 vpn-instance 7
 area 0.0.0.0 
  network 192.168.57.5 0.0.0.0    

4.OSPF-BGP相互引入

//R3
#
ospf 100 router-id 3.3.3.3 vpn-instance 1
 import-route bgp
#
ospf 200 router-id 3.3.3.3 vpn-instance 2
 import-route bgp
#
bgp 500
 #
 ipv4-family vpn-instance 1 
  import-route ospf 100
 #
 ipv4-family vpn-instance 2 
  import-route ospf 200
//R5
#
ospf 600 router-id 5.5.5.5 vpn-instance 6
 import-route bgp
#
ospf 700 router-id 5.5.5.5 vpn-instance 7
 import-route bgp  
#
bgp 500
 #
 ipv4-family vpn-instance 6 
  import-route ospf 600
 #
 ipv4-family vpn-instance 7 
  import-route ospf 700

5.配置CE侧设备

(1)CE设备基础配置

//R1
#
 sysname R1
#
interface GigabitEthernet0/0/0
 ip address 192.168.13.1 255.255.255.0
#
interface LoopBack0
 ip address 1.1.1.1 255.255.255.255 
#
interface LoopBack100
 ip address 172.16.1.1 255.255.255.255
//R2
#
 sysname R2
#
interface GigabitEthernet0/0/0
 ip address 192.168.23.2 255.255.255.0 
#
interface LoopBack0
 ip address 2.2.2.2 255.255.255.255 
#
interface LoopBack100
 ip address 172.16.1.1 255.255.255.255
//R6
#
 sysname R6
#
interface GigabitEthernet0/0/0
 ip address 192.168.56.6 255.255.255.0 
#
interface LoopBack0
 ip address 6.6.6.6 255.255.255.255 
#
interface LoopBack100
 ip address 172.16.2.1 255.255.255.255
//R7
#
 sysname R7
#
interface GigabitEthernet0/0/0
 ip address 192.168.57.7 255.255.255.0 
#
interface LoopBack0
 ip address 7.7.7.7 255.255.255.255 
#
interface LoopBack100
 ip address 172.16.2.1 255.255.255.255 

(2)CE侧设备OSPF配置

//R1
#
ospf 1 router-id 1.1.1.1 
 area 0.0.0.0 
  network 172.16.1.1 0.0.0.0 
  network 192.168.13.1 0.0.0.0 
//R2 
#
ospf 1 router-id 2.2.2.2 
 area 0.0.0.0 
  network 172.16.1.1 0.0.0.0 
  network 192.168.23.2 0.0.0.0 
//R6
#
ospf 1 router-id 6.6.6.6 
 area 0.0.0.0 
  network 172.16.2.1 0.0.0.0 
  network 192.168.56.6 0.0.0.0 
//R7
#
ospf 1 router-id 7.7.7.7 
 area 0.0.0.0 
  network 172.16.2.1 0.0.0.0 
  network 192.168.57.7 0.0.0.0

eNSP拓扑文件

MPLS-VPN.rar
rar文件
7.7K
© 版权声明
THE END
喜欢就支持一下吧
点赞8 分享
评论 抢沙发
头像
欢迎您留下宝贵的见解!
提交
头像

昵称

取消
昵称表情代码图片

    暂无评论内容