实验拓扑
实验需求
- 实验模拟网络上有两个公司,公司A和公司B,需要实现同一公司可以通过ISP网络进行互访,不同公司不能互访,通过MPLS VPN实现这一需求。
- 完成基础IP地址配置,每台路由器上创建环回接口LP0,地址设置为X.X.X.X,X为路由器编号(例:R1地址为1.1.1.1),路由器物理接口地址按拓扑配置。
- R1 上创建loopback100:172.16.1.1。R7 上创建loopback100:172.16.2.1。R2 上创建loopback100:172.16.1.1。R6 上创建loopback100:172.16.2.1。这些环回接口用以模拟站点内网段。
- AS500 为公网,IGP协议使用OSPF协议,使网络互通。
- AS500 内,R3 与 R5 使用loopback 0 接口建立VPNV4 的邻居关系,不建立ipv4 邻居关系。
- 在AS500使能MPLS协议,使用LDP协议分配标签。
- 网络中只有同一公司可以互相访问。
- 公司A
- R3创建VRF,名称为1,RD:1:1,出方向RT为1:7
- R5创建VRF,名称为7,RD:7:7,出方向RT为7:1
- 在PE和CE设备间建立BGP邻居关系,在PE设备间建立MP-BGP邻居关系以完成路由传递。
- 在设备上正确通告路由,实现同A公司可以互访。
- 公司B
- R3创建VRF,名称为2,RD:2:2,出方向RT为2:6
- R5创建VRF,名称为6,RD:6:6,出方向RT为6:2
- 在PE和CE设备间建立OSPF邻居关系
- 在设备上正确通告路由,实现同B公司可以互访。
配置步骤
1.公网设备基础配置
(1)配置基础IP地址
//配置R3接口地址
#
sysname R3
#
interface LoopBack0
ip address 3.3.3.3 255.255.255.255
#
interface GigabitEthernet0/0/2
ip address 34.1.1.3 255.255.255.0
//配置R4接口地址
#
sysname R4
#
interface GigabitEthernet0/0/0
ip address 34.1.1.4 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 45.1.1.4 255.255.255.0
#
interface LoopBack0
ip address 4.4.4.4 255.255.255.255
//配置R5接口地址
#
sysname R5
interface GigabitEthernet0/0/0
ip address 45.1.1.5 255.255.255.0
#
interface LoopBack0
ip address 5.5.5.5 255.255.255.255
(2)配置OSPF路由
//R3
ospf 1 router-id 3.3.3.3
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 34.1.1.3 0.0.0.0
//R4
ospf 1 router-id 4.4.4.4
area 0.0.0.0
network 4.4.4.4 0.0.0.0
network 34.1.1.4 0.0.0.0
network 45.1.1.4 0.0.0.0
//R5
ospf 1 router-id 5.5.5.5
area 0.0.0.0
network 5.5.5.5 0.0.0.0
network 45.1.1.5 0.0.0.0
(3)配置BGP路由,R3-R5只建立VPNv4邻居,不建IPv4邻居
//R3
bgp 500
peer 5.5.5.5 as-number 500
peer 5.5.5.5 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
undo peer 5.5.5.5 enable
#
ipv4-family vpnv4
policy vpn-target
peer 5.5.5.5 enable
//R5
bgp 500
peer 3.3.3.3 as-number 500
peer 3.3.3.3 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
undo peer 3.3.3.3 enable
#
ipv4-family vpnv4
policy vpn-target
peer 3.3.3.3 enable
(4)创建MPLS隧道,开启MPLS LDP协议
//R3
mpls lsr-id 3.3.3.3
mpls
#
mpls ldp
#
interface GigabitEthernet0/0/2
mpls
mpls ldp
//R4
#
mpls lsr-id 4.4.4.4
mpls
#
mpls ldp
#
interface GigabitEthernet0/0/0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
mpls
mpls ldp
//R5
#
mpls lsr-id 5.5.5.5
mpls
#
mpls ldp
#
interface GigabitEthernet0/0/0
mpls
mpls ldp
2.创建VPN-instance并配置相应接口
//R3
ip vpn-instance 1
ipv4-family
route-distinguisher 1:1
vpn-target 1:7 export-extcommunity
vpn-target 7:1 import-extcommunity
#
ip vpn-instance 2
ipv4-family
route-distinguisher 2:2
vpn-target 2:6 export-extcommunity
vpn-target 6:2 import-extcommunity
#
interface GigabitEthernet0/0/0
ip binding vpn-instance 1
ip address 192.168.13.3 255.255.255.0
#
interface GigabitEthernet0/0/1
ip binding vpn-instance 2
ip address 192.168.23.3 255.255.255.0
#
//R5
#
ip vpn-instance 6
ipv4-family
route-distinguisher 6:6
vpn-target 6:2 export-extcommunity
vpn-target 2:6 import-extcommunity
#
ip vpn-instance 7
ipv4-family
route-distinguisher 7:7
vpn-target 7:1 export-extcommunity
vpn-target 1:7 import-extcommunity
#
interface GigabitEthernet0/0/1
ip binding vpn-instance 7
ip address 192.168.57.5 255.255.255.0
#
interface GigabitEthernet0/0/2
ip binding vpn-instance 6
ip address 192.168.56.5 255.255.255.0
3.创建OSPF进程,绑定VPN-instance
//R3
#
ospf 100 router-id 3.3.3.3 vpn-instance 1
area 0.0.0.0
network 192.168.13.3 0.0.0.0
#
ospf 200 router-id 3.3.3.3 vpn-instance 2
area 0.0.0.0
network 192.168.23.3 0.0.0.0
//R5
#
ospf 600 router-id 5.5.5.5 vpn-instance 6
area 0.0.0.0
network 192.168.56.5 0.0.0.0
#
ospf 700 router-id 5.5.5.5 vpn-instance 7
area 0.0.0.0
network 192.168.57.5 0.0.0.0
4.OSPF-BGP相互引入
//R3
#
ospf 100 router-id 3.3.3.3 vpn-instance 1
import-route bgp
#
ospf 200 router-id 3.3.3.3 vpn-instance 2
import-route bgp
#
bgp 500
#
ipv4-family vpn-instance 1
import-route ospf 100
#
ipv4-family vpn-instance 2
import-route ospf 200
//R5
#
ospf 600 router-id 5.5.5.5 vpn-instance 6
import-route bgp
#
ospf 700 router-id 5.5.5.5 vpn-instance 7
import-route bgp
#
bgp 500
#
ipv4-family vpn-instance 6
import-route ospf 600
#
ipv4-family vpn-instance 7
import-route ospf 700
5.配置CE侧设备
(1)CE设备基础配置
//R1
#
sysname R1
#
interface GigabitEthernet0/0/0
ip address 192.168.13.1 255.255.255.0
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
#
interface LoopBack100
ip address 172.16.1.1 255.255.255.255
//R2
#
sysname R2
#
interface GigabitEthernet0/0/0
ip address 192.168.23.2 255.255.255.0
#
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
#
interface LoopBack100
ip address 172.16.1.1 255.255.255.255
//R6
#
sysname R6
#
interface GigabitEthernet0/0/0
ip address 192.168.56.6 255.255.255.0
#
interface LoopBack0
ip address 6.6.6.6 255.255.255.255
#
interface LoopBack100
ip address 172.16.2.1 255.255.255.255
//R7
#
sysname R7
#
interface GigabitEthernet0/0/0
ip address 192.168.57.7 255.255.255.0
#
interface LoopBack0
ip address 7.7.7.7 255.255.255.255
#
interface LoopBack100
ip address 172.16.2.1 255.255.255.255
(2)CE侧设备OSPF配置
//R1
#
ospf 1 router-id 1.1.1.1
area 0.0.0.0
network 172.16.1.1 0.0.0.0
network 192.168.13.1 0.0.0.0
//R2
#
ospf 1 router-id 2.2.2.2
area 0.0.0.0
network 172.16.1.1 0.0.0.0
network 192.168.23.2 0.0.0.0
//R6
#
ospf 1 router-id 6.6.6.6
area 0.0.0.0
network 172.16.2.1 0.0.0.0
network 192.168.56.6 0.0.0.0
//R7
#
ospf 1 router-id 7.7.7.7
area 0.0.0.0
network 172.16.2.1 0.0.0.0
network 192.168.57.7 0.0.0.0
eNSP拓扑文件
MPLS-VPN.rar
rar文件
7.7K
© 版权声明
文章版权归作者所有,未经允许请勿转载。
THE END
暂无评论内容