实验需求
客户X及Y各自有2个站点,现需要通过MPLS VPN实现站点之间的互联,分别对应VPNX和VPNY。 互联接口、AS号及IP地址信息如图,客户X站点与PE之间采用OSPF交互路由信息,客户Y站点与PE之间采用BGP交互路由信息。
数据规划
配置项 | 描述 | |||
PE1 | PE2 | |||
VPN名称 | VPNX | VPNY | VPNX | VPNY |
RD | 100:1 | 200:1 | 100:1 | 200:1 |
IRT | 100:321 | 200:234 | 100:123 | 200:432 |
ERT | 100:123 | 200:432 | 100:234 | 200:234 |
接口 | GE0/0/0 | GE0/0/1 | GE0/0/1 | GE0/0/2 |
MP-BGP | 源接口:Loopback0 | 源接口:Loopback0 |
组网图
实验思路
MPLS VPN骨干网配置
• IGP配置,实现骨干网的IP连通性。
• MPLS与MPLS LDP配置,建立MPLS LSP公网隧道,传输VPN数据。
• MP-BGP配置(PE1与PE2),建立后续传递VPNv4路由的MP-BGP对等体关系。
VPN用户接入配置
• 创建VPN实例并配置参数(RT、RD)
• 将接口加入VPN实例 • 配置PE与CE之间的路由交换
IGP配置
PE1
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]un in en
Info: Information center is disabled.
[Huawei]sysn PE1
[PE1]int g0/0/2
[PE1-GigabitEthernet0/0/2]ip ad 10.0.12.1 24
[PE1-GigabitEthernet0/0/2]int loo0
[PE1-LoopBack0]ip ad 1.1.1.1 32
[PE1-LoopBack0]Q
[PE1]ospf 1 router-id 1.1.1.1
[PE1-ospf-1]area 0
[PE1-ospf-1-area-0.0.0.0]net 10.0.12.1 0.0.0.0
[PE1-ospf-1-area-0.0.0.0]net 1.1.1.1 0.0.0.0
[PE1-ospf-1-area-0.0.0.0]q
[PE1-ospf-1]route-tag
[PE1-ospf-1]q
[PE1]q
<PE1>sys
Enter system view, return user view with Ctrl+Z.
P
<Huawei>un ter mon
Info: Current terminal monitor is off.
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]un in en
Info: Information center is disabled.
[Huawei]sysn P
[P]int g0/0/0
[P-GigabitEthernet0/0/0]ip ad 10.0.12.2 24
[P-GigabitEthernet0/0/0]int loo0
[P-LoopBack0]ip ad 2.2.2.2 32
[P-LoopBack0]int g0/0/1
[P-GigabitEthernet0/0/1]ip ad 10.1.23.2 24
[P-GigabitEthernet0/0/1]q
[P]ospf 1 router-id 2.2.2.2
[P-ospf-1]area 0
[P-ospf-1-area-0.0.0.0]net 10.0.12.2 0.0.0.0
[P-ospf-1-area-0.0.0.0]net 2.2.2.2 0.0.0.0
[P-ospf-1-area-0.0.0.0]net 10.0.23.2 0.0.0.0
[P-ospf-1-area-0.0.0.0]q
[P-ospf-1]q
PE2
<Huawei>un ter mon
Info: Current terminal monitor is off.
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]un in en
Info: Information center is disabled.
[Huawei]sysn PE2
[PE2]int g0/0/0
[PE2-GigabitEthernet0/0/0]ip ad 10.0.23.3 24
[PE2-GigabitEthernet0/0/0]int loo0
[PE2-LoopBack0]ip ad 3.3.3.3 30
[PE2-LoopBack0]q
[PE2]ospf 1 router-id 3.3.3.3
[PE2-ospf-1]area 0
[PE2-ospf-1-area-0.0.0.0]net 10.0.23.3 0.0.0.0
[PE2-ospf-1-area-0.0.0.0]net 3.3.3.3 0.0.0.0
[PE2-ospf-1-area-0.0.0.0]q
[PE2-ospf-1]q
MPLS与MPLS LDP配置
PE1
[PE1]mpls lsr-id 1.1.1.1
[PE1]mpls
Info: Mpls starting, please wait... OK!
[PE1-mpls]q
[PE1]mpls ldp
[PE1-mpls-ldp]q
[PE1]int g0/0/2
[PE1-GigabitEthernet0/0/2]mpls
[PE1-GigabitEthernet0/0/2]mpls ldp
[PE1-GigabitEthernet0/0/2]Q
P
[P]mpls lsr-id 2.2.2.2
[P]mpls
Info: Mpls starting, please wait... OK!
[P-mpls]q
[P]mpls ldp
[P-mpls-ldp]q
[P]int g0/0/1
[P-GigabitEthernet0/0/1]mpls
[P-GigabitEthernet0/0/1]mpls ldp
[P-GigabitEthernet0/0/1]q
[P]int g0/0/0
[P-GigabitEthernet0/0/0]mpls
[P-GigabitEthernet0/0/0]mpls ldp
[P-GigabitEthernet0/0/0]q
PE2
[PE2]mpls lsr-id 3.3.3.3
[PE2]mpls
Info: Mpls starting, please wait... OK!
[PE2-mpls]q
[PE2]mpls ldp
[PE2-mpls-ldp]q
[PE2]int g0/0/0
[PE2-GigabitEthernet0/0/0]mpls
[PE2-GigabitEthernet0/0/0]mpls ldp
[PE2-GigabitEthernet0/0/0]q
MP-BGP配置(PE1与PE2)
PE1
[PE1]bgp 123
[PE1-bgp]router-id 1.1.1.1
[PE1-bgp]peer 3.3.3.3 as-number 123
[PE1-bgp]peer 3.3.3.3 connect-interface LoopBack 0
[PE1-bgp]ipv4-family vpnv4 unicast
[PE1-bgp-af-vpnv4]peer 3.3.3.3 enable
[PE1-bgp-af-vpnv4]q
[PE1-bgp]q
PE2
[PE2]bgp 123
[PE2-bgp]router-id 3.3.3.3
[PE2-bgp]peer 1.1.1.1 as-number 123
[PE2-bgp]peer 1.1.1.1 connect-interface LoopBack 0
[PE2-bgp]ipv4-family vpnv4 unicast]
[PE2-bgp-af-vpnv4]peer 1.1.1.1 enable
[PE2-bgp-af-vpnv4]q
[PE2-bgp]q
创建VPN实例并配置参数(RT、RD)
PE1
[PE1]ip vpn-instance VPNX
[PE1-vpn-instance-VPNX]route-distinguisher 100:1
[PE1-vpn-instance-VPNX-af-ipv4]vpn-target 100:321 import-extcommunity
[PE1-vpn-instance-VPNX-af-ipv4]vpn-target 100:123 export-extcommunity
[PE1-vpn-instance-VPNX-af-ipv4]q
[PE1-vpn-instance-VPNX]q
[PE1]ip vpn-instance VPNY
[PE1-vpn-instance-VPNY]route-distinguisher 200:1
[PE1-vpn-instance-VPNY-af-ipv4]vpn-target 200:234 import-extcommunity
[PE1-vpn-instance-VPNY-af-ipv4]vpn-target 200:432 export-extcommunity
[PE1-vpn-instance-VPNY-af-ipv4]q
[PE1-vpn-instance-VPNY]q
PE2
[PE2]ip vpn-instance VPNX
[PE2-vpn-instance-VPNX]route-distinguisher 100:1
[PE2-vpn-instance-VPNX-af-ipv4]vpn-target 100:123 import-extcommunity
[PE2-vpn-instance-VPNX-af-ipv4]vpn-target 100:321 export-extcommunity
[PE2-vpn-instance-VPNX-af-ipv4]q
[PE2-vpn-instance-VPNX]q
[PE2]ip vpn-instance VPNY
[PE2-vpn-instance-VPNY]route-distinguisher 200:1
[PE2-vpn-instance-VPNY-af-ipv4]vpn-target 200:432 import-extcommunity
[PE2-vpn-instance-VPNY-af-ipv4]vpn-target 200:234 export-extcommunity
[PE2-vpn-instance-VPNY-af-ipv4]q
[PE2-vpn-instance-VPNY]q
将接口加入VPN实例
PE1
[PE1-GigabitEthernet0/0/0]ip binding vpn-instance VPNX
Info: All IPv4 related configurations on this interface are removed!
Info: All IPv6 related configurations on this interface are removed!
[PE1-GigabitEthernet0/0/0]q
[PE1]int g0/0/1
[PE1-GigabitEthernet0/0/1]ip binding vpn-instance VPNY
Info: All IPv4 related configurations on this interface are removed!
Info: All IPv6 related configurations on this interface are removed!
[PE1-GigabitEthernet0/0/1]q
PE2
[PE2]int g0/0/1
[PE2-GigabitEthernet0/0/1]ip binding vpn-instance VPNX
Info: All IPv4 related configurations on this interface are removed!
Info: All IPv6 related configurations on this interface are removed!
[PE2-GigabitEthernet0/0/1]int g0/0/2
[PE2-GigabitEthernet0/0/2]ip binding vpn-instance VPNY
Info: All IPv4 related configurations on this interface are removed!
Info: All IPv6 related configurations on this interface are removed!
[PE2-GigabitEthernet0/0/2]q
配置PE与CE之间的路由交换
PE与CE互联互通
PE1
[PE1]int g0/0/0
[PE1-GigabitEthernet0/0/0]ip ad 192.168.100.2 24
[PE1-GigabitEthernet0/0/0]int g0/0/1
[PE1-GigabitEthernet0/0/1]ip ad 192.168.100.2 24
[PE1-GigabitEthernet0/0/1]q
PE2
[PE2]int g0/0/1
[PE2-GigabitEthernet0/0/1]ip ad 192.168.200.2 24
[PE2-GigabitEthernet0/0/1]int g0/0/2
[PE2-GigabitEthernet0/0/2]ip ad 192.168.200.2 24
[PE2-GigabitEthernet0/0/2]q
[PE2]
CE1
<Huawei>un ter mon
Info: Current terminal monitor is off.
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]un in en
Info: Information center is disabled.
[Huawei]sysn CE1
[CE1]int g0/0/0
[CE1-GigabitEthernet0/0/0]ip ad 192.168.100.1 24
[CE1-GigabitEthernet0/0/0]int loo0
[CE1-LoopBack0]ip ad 192.168.1.1 24
[CE1-LoopBack0]q
[CE1]ospf 2 router-id 4.4.4.4
[CE1-ospf-2]area 0
[CE1-ospf-2-area-0.0.0.0]net 192.168.100.1 0.0.0.0
[CE1-ospf-2-area-0.0.0.0]net 192.168.1.1 0.0.0.0
[CE1-ospf-2-area-0.0.0.0]q
[CE1-ospf-2]q
CE2
<Huawei>un ter mon
Info: Current terminal monitor is off.
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]un in en
Info: Information center is disabled.
[Huawei]sysn CE2
[CE2]int g0/0/0
[CE2-GigabitEthernet0/0/0]ip ad 192.168.100.1 24
[CE2-GigabitEthernet0/0/0]int loo0
[CE2-LoopBack0]ip ad 192.168.1.1 24
[CE2-LoopBack0]q
[CE2]BGP 100
[CE2-bgp]peer 192.168.100.2 as-number 123
[CE2-bgp]network 192.168.1.0 24
CE3
<Huawei>un ter mon
Info: Current terminal monitor is off.
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]un in en
Info: Information center is disabled.
[Huawei]sysn CE3
[CE3]int g0/0/0
[CE3-GigabitEthernet0/0/0]ip ad 192.168.200.1 24
[CE3-GigabitEthernet0/0/0]int loo0
[CE3-LoopBack0]ip ad 192.168.2.1 24
[CE3-LoopBack0]q
[CE3]ospf 2 router-id 5.5.5.5
[CE3-ospf-2]area 0
[CE3-ospf-2-area-0.0.0.0]net 192.168.200.1 0.0.0.0
[CE3-ospf-2-area-0.0.0.0]net 192.168.2.1 0.0.0.0
[CE3-ospf-2-area-0.0.0.0]q
[CE3-ospf-2]q
CE4
<Huawei>un ter mon
Info: Current terminal monitor is off.
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]un in en
Info: Information center is disabled.
[Huawei]sysn CE4
[CE4]int g0/0/0
[CE4-GigabitEthernet0/0/0]ip ad 192.168.200.1 24
[CE4-GigabitEthernet0/0/0]int loo0
[CE4-LoopBack0]ip ad 192.168.2.1 24
[CE4-LoopBack0]q
[CE4]BGP 200
[CE4-bgp]peer 192.168.200.2 as-number 123
[CE4-bgp]network 192.168.2.0 24
PE创建与实例绑定的OSPF进程
PE1
[PE1]ospf 2 vpn-instance VPNX
[PE1-ospf-2]area 0
[PE1-ospf-2-area-0.0.0.0]network 192.168.100.2 0.0.0.0
[PE1-ospf-2-area-0.0.0.0]q
[PE1-ospf-2]q
PE2
[PE2]ospf 2 vpn-instance VPNX
[PE2-ospf-2]area 0
[PE2-ospf-2-area-0.0.0.0]network 192.168.200.2 0.0.0.0
[PE2-ospf-2-area-0.0.0.0]q
[PE2-ospf-2]q
配置PE上VPN实例的EBGP对等体
PE1
[PE1]bgp 123
[PE1-bgp]ipv4-family vpn-instance VPNY
[PE1-bgp-VPNY]peer 192.168.100.1 as-number 100
[PE1-bgp-VPNY]Q
[PE1-bgp]Q
PE2
[PE2]bgp 123
[PE2-bgp]ipv4-family vpn-instance VPNY
[PE2-bgp-VPNY]peer 192.168.200.1 as-number 200
[PE2-bgp-VPNY]Q
[PE2-bgp]Q
配置OSPF进程与MP-BGP之间的路由双向引入
PE1
[PE1]ospf 2 vpn-instance VPNX
[PE1-ospf-2]import-route bgp
[PE1-ospf-2]q
[PE1]bgp 123
[PE1-bgp]ipv4-family vpn-instance VPNX
[PE1-bgp-VPNX]import-route ospf 2
[PE1-bgp-VPNX]Q
[PE1-bgp]Q
PE2
[PE2]ospf 2 vpn-instance VPNX
[PE2-ospf-2]import-route bgp
[PE2-ospf-2]q
[PE2]bgp 123
[PE2-bgp]ipv4-family vpn-instance VPNX
[PE2-bgp-VPNX]import-route ospf 2
[PE2-bgp-VPNX]Q
[PE2-bgp]Q
配置验证
可能是卡bug了,正常情况来说配置完上面那些就VPNX,VPNY的路由表都有了,但是我这边查看没有,需要在CE1的OSPF下重新一下192.168.1.0这条路由,配置如下
[CE1]ip ip-prefix zhilian permit 192.168.1.0 24
[CE1]route-policy zhilian permit node 10
Info: New Sequence of this List.
[CE1-route-policy]if-match ip-prefix zhilian
[CE1-route-policy]q
[CE1]ospf 2
[CE1-ospf-2]import-route direct route-policy zhilian
再次查看VPN路由表
此时VPNX、VPNY的路由表都生成了
CE3跟CE1做一样的操作,重新引入路由
ping测
查看标签表
抓包ping测(VPNY需要带源ping,不然ping不通)
至此实验完成。
总配置
PE1
//1、骨干网接口互联互通
int g0/0/2
ip 10.0.12.1 24
int loo0
ip ad 1.1.1.1 32
q
//2、IGP
ospf 1 router-id 1.1.1.1
area 0
net 10.0.12.1 0.0.0.0
net 1.1.1.1 0.0.0.0
q
q
//3、BGP
bgp 123
router-id 1.1.1.1
peer 3.3.3.3 as-number 123
peer 3.3.3.3 connect-interface LoopBack 0
ipv4-family vpnv4 unicast
peer 3.3.3.3 enable
q
//4、mpls
mpls lsr-id 1.1.1.1
mpls
q
mpls ldp
q
int g0/0/2
mpls
mpls ldp
//5、创建VPN实例并按照规划配置RD与RT参数
ip vpn-instance VPNX
route-distinguisher 100:1
vpn-target 100:321 import-extcommunity
vpn-target 100:123 export-extcommunity
q
q
ip vpn-instance VPNY
route-distinguisher 200:1
vpn-target 200:234 import-extcommunity
vpn-target 200:432 export-extcommunity
q
q
//6、将接口绑定到VPN实例
int g0/0/0
ip binding vpn-instance VPNX
int g0/0/1
ip binding vpn-instance VPNY
//7、与CE互联互通
//CE1
int g0/0/0
ip ad 192.168.100.2 24
q
//CE2
int g0/0/1
ip ad 192.168.100.2 24
q
//8、创建与实例绑定的OSPF进程
ospf 2 vpn-instance VPNX
area 0
network 192.168.100.2 0.0.0.0
q
//9、配置PE1上VPN实例的EBGP对等体
bgp 123
ipv4-family vpn-instance VPNY
peer 192.168.100.1 as-number 100
q
//10、配置OSPF进程与MP-BGP之间的路由双向引入
ospf 2 vpn-instance VPNX
import-route bgp
q
bgp 123
ipv4-family vpn-instance VPNX
import-route ospf 2
P
//1、骨干网接口互联互通
int g0/0/0
ip ad 10.0.12.2 24
int loo0
2.2.2.2 32
int g0/0/1
ip ad 10.0.23.2 24
q
//2、IGP
ospf 1 router-id 2.2.2.2
area 0
net 10.0.12.2 0.0.0.0
net 2.2.2.2 0.0.0.0
net 10.0.23.2 0.0.0.0
q
q
//4、mpls
mpls lsr-id 2.2.2.2
mpls
q
mpls ldp
q
int g0/0/1
mpls
mpls ldp
q
int g0/0/0
mpls
mpls ldp
q
PE2
//1、骨干网接口互联互通
int g0/0/0
ip ad 10.0.23.3 24
int loo0
ip ad 3.3.3.3 24
//2、IGP
ospf 1 router-id 3.3.3.3
area 0
net 10.0.23.3 0.0.0.0
net 3.3.3.3 0.0.0.0
//3、BGP
bgp 123
router-id 3.3.3.3
peer 1.1.1.1 as-number 123
peer 1.1.1.1 connect-interface LoopBack 0
ipv4-family vpnv4 unicast
peer 1.1.1.1 enable
//4、mpls
mpls lsr-id 3.3.3.3
mpls
q
mpls ldp
q
int g0/0/0
mpls
mpls ldp
q
//5、创建VPN实例并按照规划配置RD与RT参数
ip vpn-instance VPNX
route-distinguisher 100:1
vpn-target 100:123 import-extcommunity
vpn-target 100:321 export-extcommunity
q
q
ip vpn-instance VPNY
route-distinguisher 200:1
vpn-target 200:432 import-extcommunity
vpn-target 200:234 export-extcommunity
q
q
//6、将接口绑定到VPN实例。
int g0/0/1
ip binding vpn-instance VPNX
int g0/0/2
ip binding vpn-instance VPNY
//7、与CE接口互联(先绑定后加IP,不然先加IP会出现地址冲突)
//CE3
int g0/0/1
ip ad 192.168.200.2 24
//CE4
int g0/0/2
ip ad 192.168.200.2 24
//8、创建与实例绑定的OSPF进程
ospf 2 vpn-instance VPNX
area 0
network 192.168.200.2 0.0.0.0
q
//9、配置PE2上VPN实例的EBGP对等体
bgp 123
ipv4-family vpn-instance VPNY
peer 192.168.200.1 as-number 200
//10、配置OSPF进程与MP-BGP之间的路由双向引入
ospf 2 vpn-instance VPNX
import-route bgp
q
bgp 123
ipv4-family vpn-instance VPNX
import-route ospf 2
CE1
//接口IP
int g0/0/0
ip ad 192.168.100.1 24
int loo0
ip ad 192.168.1.1 24
q
//OSPF
ospf 2 router-id 4.4.4.4
//import-route direct route-policy zhilian //如果192.168.1.0引入失败再使用此命令
area 0
net 192.168.100.1 0.0.0.0
net 192.168.1.1 0.0.0.0
//路由策略
ip ip-prefix zhilian permit 192.168.1.0 24
route-policy zhilian permit node 10
if-match ip-prefix zhilian
CE2
int g0/0/0
ip ad 192.168.100.1 24
int loo0
ip ad 192.168.1.1 24
q
BGP 100
peer 192.168.100.2 as-number 123
network 192.168.1.0 24
CE3
//接口IP
int g0/0/0
ip ad 192.168.200.1 24
int loo0
ip ad 192.168.2.1 24
q
//OSPF
ospf 2 router-id 5.5.5.5
//import-route direct route-policy zhilian //如果192.168.2.0引入失败再使用此命令
area 0
net 192.168.200.1 0.0.0.0
net 192.168.2.1 0.0.0.0
//路由策略
ip ip-prefix zhilian permit 192.168.1.0 24
route-policy zhilian permit node 10
if-match ip-prefix zhilian
CE4
int g0/0/0
ip ad 192.168.200.1 24
int loo0
ip ad 192.168.2.1 24
q
BGP 200
peer 192.168.200.2 as-number 123
network 192.168.2.0 24
标签:0.0,mpls,PE1,PE2,实验,ip,vpn,ospf
From: https://blog.csdn.net/m0_62452465/article/details/141092780