mpls-vpn实验

标签：0.0 mpls PE1 PE2 实验 ip vpn ospf

实验需求

客户X及Y各自有2个站点，现需要通过MPLS VPN实现站点之间的互联，分别对应VPNX和VPNY。 互联接口、AS号及IP地址信息如图，客户X站点与PE之间采用OSPF交互路由信息，客户Y站点与PE之间采用BGP交互路由信息。

数据规划

配置项	描述
	PE1		PE2
VPN名称	VPNX	VPNY	VPNX	VPNY
RD	100:1	200:1	100:1	200:1
IRT	100:321	200:234	100:123	200:432
ERT	100:123	200:432	100:234	200:234
接口	GE0/0/0	GE0/0/1	GE0/0/1	GE0/0/2
MP-BGP	源接口：Loopback0		源接口：Loopback0

组网图

实验思路

MPLS VPN骨干网配置

• IGP配置，实现骨干网的IP连通性。

• MPLS与MPLS LDP配置，建立MPLS LSP公网隧道，传输VPN数据。

• MP-BGP配置（PE1与PE2），建立后续传递VPNv4路由的MP-BGP对等体关系。

VPN用户接入配置

• 创建VPN实例并配置参数（RT、RD）

• 将接口加入VPN实例 • 配置PE与CE之间的路由交换

IGP配置

PE1

<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]un  in en
Info: Information center is disabled.
[Huawei]sysn  PE1
[PE1]int   g0/0/2
[PE1-GigabitEthernet0/0/2]ip ad 10.0.12.1  24
[PE1-GigabitEthernet0/0/2]int loo0
[PE1-LoopBack0]ip ad 1.1.1.1  32
[PE1-LoopBack0]Q
[PE1]ospf  1  router-id 1.1.1.1  
[PE1-ospf-1]area 0
[PE1-ospf-1-area-0.0.0.0]net 10.0.12.1  0.0.0.0
[PE1-ospf-1-area-0.0.0.0]net 1.1.1.1  0.0.0.0
[PE1-ospf-1-area-0.0.0.0]q
[PE1-ospf-1]route-tag 
[PE1-ospf-1]q
[PE1]q
<PE1>sys
Enter system view, return user view with Ctrl+Z.

P

<Huawei>un ter mon
Info: Current terminal monitor is off.
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]un  in en
Info: Information center is disabled.
[Huawei]sysn  P
[P]int g0/0/0
[P-GigabitEthernet0/0/0]ip ad 10.0.12.2  24
[P-GigabitEthernet0/0/0]int loo0
[P-LoopBack0]ip  ad 2.2.2.2  32
[P-LoopBack0]int g0/0/1
[P-GigabitEthernet0/0/1]ip ad 10.1.23.2  24
[P-GigabitEthernet0/0/1]q
[P]ospf  1  router-id 2.2.2.2 
[P-ospf-1]area 0
[P-ospf-1-area-0.0.0.0]net 10.0.12.2  0.0.0.0
[P-ospf-1-area-0.0.0.0]net 2.2.2.2  0.0.0.0
[P-ospf-1-area-0.0.0.0]net 10.0.23.2  0.0.0.0
[P-ospf-1-area-0.0.0.0]q
[P-ospf-1]q

PE2

<Huawei>un ter mon
Info: Current terminal monitor is off.
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]un  in en
Info: Information center is disabled.
[Huawei]sysn  PE2
[PE2]int g0/0/0
[PE2-GigabitEthernet0/0/0]ip ad 10.0.23.3  24
[PE2-GigabitEthernet0/0/0]int loo0
[PE2-LoopBack0]ip ad 3.3.3.3  30
[PE2-LoopBack0]q
[PE2]ospf   1  router-id 3.3.3.3  
[PE2-ospf-1]area 0
[PE2-ospf-1-area-0.0.0.0]net 10.0.23.3  0.0.0.0
[PE2-ospf-1-area-0.0.0.0]net 3.3.3.3  0.0.0.0
[PE2-ospf-1-area-0.0.0.0]q
[PE2-ospf-1]q

MPLS与MPLS LDP配置

PE1

[PE1]mpls  lsr-id 1.1.1.1
[PE1]mpls
Info: Mpls starting, please wait... OK!
[PE1-mpls]q
[PE1]mpls  ldp
[PE1-mpls-ldp]q
[PE1]int  g0/0/2
[PE1-GigabitEthernet0/0/2]mpls  
[PE1-GigabitEthernet0/0/2]mpls ldp
[PE1-GigabitEthernet0/0/2]Q

P

[P]mpls  lsr-id 2.2.2.2
[P]mpls
Info: Mpls starting, please wait... OK!
[P-mpls]q
[P]mpls  ldp
[P-mpls-ldp]q
[P]int  g0/0/1
[P-GigabitEthernet0/0/1]mpls  
[P-GigabitEthernet0/0/1]mpls ldp
[P-GigabitEthernet0/0/1]q
[P]int  g0/0/0
[P-GigabitEthernet0/0/0]mpls  
[P-GigabitEthernet0/0/0]mpls ldp
[P-GigabitEthernet0/0/0]q

PE2

[PE2]mpls  lsr-id 3.3.3.3
[PE2]mpls
Info: Mpls starting, please wait... OK!
[PE2-mpls]q
[PE2]mpls  ldp
[PE2-mpls-ldp]q
[PE2]int  g0/0/0
[PE2-GigabitEthernet0/0/0]mpls  
[PE2-GigabitEthernet0/0/0]mpls ldp
[PE2-GigabitEthernet0/0/0]q

MP-BGP配置（PE1与PE2）

PE1

[PE1]bgp  123
[PE1-bgp]router-id 1.1.1.1
[PE1-bgp]peer 3.3.3.3 as-number 123
[PE1-bgp]peer 3.3.3.3 connect-interface LoopBack 0
[PE1-bgp]ipv4-family vpnv4 unicast
[PE1-bgp-af-vpnv4]peer 3.3.3.3 enable
[PE1-bgp-af-vpnv4]q
[PE1-bgp]q

PE2

[PE2]bgp  123
[PE2-bgp]router-id 3.3.3.3
[PE2-bgp]peer 1.1.1.1 as-number 123
[PE2-bgp]peer 1.1.1.1 connect-interface LoopBack 0
[PE2-bgp]ipv4-family vpnv4 unicast]
[PE2-bgp-af-vpnv4]peer 1.1.1.1 enable
[PE2-bgp-af-vpnv4]q
[PE2-bgp]q

创建VPN实例并配置参数（RT、RD）

PE1

[PE1]ip vpn-instance VPNX
[PE1-vpn-instance-VPNX]route-distinguisher 100:1
[PE1-vpn-instance-VPNX-af-ipv4]vpn-target 100:321 import-extcommunity
[PE1-vpn-instance-VPNX-af-ipv4]vpn-target 100:123 export-extcommunity
[PE1-vpn-instance-VPNX-af-ipv4]q
[PE1-vpn-instance-VPNX]q
[PE1]ip vpn-instance VPNY
[PE1-vpn-instance-VPNY]route-distinguisher 200:1
[PE1-vpn-instance-VPNY-af-ipv4]vpn-target 200:234 import-extcommunity
[PE1-vpn-instance-VPNY-af-ipv4]vpn-target 200:432 export-extcommunity
[PE1-vpn-instance-VPNY-af-ipv4]q
[PE1-vpn-instance-VPNY]q

PE2

[PE2]ip vpn-instance VPNX
[PE2-vpn-instance-VPNX]route-distinguisher 100:1
[PE2-vpn-instance-VPNX-af-ipv4]vpn-target 100:123 import-extcommunity
[PE2-vpn-instance-VPNX-af-ipv4]vpn-target 100:321 export-extcommunity
[PE2-vpn-instance-VPNX-af-ipv4]q
[PE2-vpn-instance-VPNX]q
[PE2]ip vpn-instance VPNY
[PE2-vpn-instance-VPNY]route-distinguisher 200:1
[PE2-vpn-instance-VPNY-af-ipv4]vpn-target 200:432 import-extcommunity
[PE2-vpn-instance-VPNY-af-ipv4]vpn-target 200:234 export-extcommunity
[PE2-vpn-instance-VPNY-af-ipv4]q
[PE2-vpn-instance-VPNY]q

将接口加入VPN实例

PE1

[PE1-GigabitEthernet0/0/0]ip binding vpn-instance VPNX
Info: All IPv4 related configurations on this interface are removed!
Info: All IPv6 related configurations on this interface are removed!
[PE1-GigabitEthernet0/0/0]q
[PE1]int g0/0/1
[PE1-GigabitEthernet0/0/1]ip binding vpn-instance VPNY
Info: All IPv4 related configurations on this interface are removed!
Info: All IPv6 related configurations on this interface are removed!
[PE1-GigabitEthernet0/0/1]q

PE2

[PE2]int g0/0/1
[PE2-GigabitEthernet0/0/1]ip binding vpn-instance VPNX
Info: All IPv4 related configurations on this interface are removed!
Info: All IPv6 related configurations on this interface are removed!
[PE2-GigabitEthernet0/0/1]int g0/0/2
[PE2-GigabitEthernet0/0/2]ip binding vpn-instance VPNY
Info: All IPv4 related configurations on this interface are removed!
Info: All IPv6 related configurations on this interface are removed!
[PE2-GigabitEthernet0/0/2]q

配置PE与CE之间的路由交换

PE与CE互联互通

PE1

[PE1]int g0/0/0
[PE1-GigabitEthernet0/0/0]ip ad  192.168.100.2  24
[PE1-GigabitEthernet0/0/0]int g0/0/1
[PE1-GigabitEthernet0/0/1]ip  ad  192.168.100.2 24
[PE1-GigabitEthernet0/0/1]q

PE2

[PE2]int  g0/0/1
[PE2-GigabitEthernet0/0/1]ip ad 192.168.200.2  24
[PE2-GigabitEthernet0/0/1]int g0/0/2
[PE2-GigabitEthernet0/0/2]ip ad 192.168.200.2  24
[PE2-GigabitEthernet0/0/2]q
[PE2]

CE1

<Huawei>un ter mon
Info: Current terminal monitor is off.
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]un in en
Info: Information center is disabled.
[Huawei]sysn CE1
[CE1]int g0/0/0
[CE1-GigabitEthernet0/0/0]ip  ad 192.168.100.1   24
[CE1-GigabitEthernet0/0/0]int loo0
[CE1-LoopBack0]ip  ad 192.168.1.1  24
[CE1-LoopBack0]q
[CE1]ospf  2  router-id 4.4.4.4
[CE1-ospf-2]area 0
[CE1-ospf-2-area-0.0.0.0]net 192.168.100.1  0.0.0.0
[CE1-ospf-2-area-0.0.0.0]net 192.168.1.1  0.0.0.0
[CE1-ospf-2-area-0.0.0.0]q
[CE1-ospf-2]q

CE2

<Huawei>un ter mon
Info: Current terminal monitor is off.
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]un in en
Info: Information center is disabled.
[Huawei]sysn CE2
[CE2]int g0/0/0
[CE2-GigabitEthernet0/0/0]ip ad  192.168.100.1  24
[CE2-GigabitEthernet0/0/0]int loo0
[CE2-LoopBack0]ip ad 192.168.1.1  24
[CE2-LoopBack0]q
[CE2]BGP 100
[CE2-bgp]peer 192.168.100.2 as-number 123
[CE2-bgp]network 192.168.1.0 24

CE3

<Huawei>un ter mon
Info: Current terminal monitor is off.
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]un in en
Info: Information center is disabled.
[Huawei]sysn CE3
[CE3]int g0/0/0
[CE3-GigabitEthernet0/0/0]ip ad 192.168.200.1  24
[CE3-GigabitEthernet0/0/0]int  loo0
[CE3-LoopBack0]ip ad 192.168.2.1  24
[CE3-LoopBack0]q
[CE3]ospf  2  router-id 5.5.5.5
[CE3-ospf-2]area 0
[CE3-ospf-2-area-0.0.0.0]net 192.168.200.1  0.0.0.0
[CE3-ospf-2-area-0.0.0.0]net 192.168.2.1  0.0.0.0
[CE3-ospf-2-area-0.0.0.0]q
[CE3-ospf-2]q

CE4

<Huawei>un ter mon
Info: Current terminal monitor is off.
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]un in en
Info: Information center is disabled.
[Huawei]sysn CE4
[CE4]int g0/0/0 
[CE4-GigabitEthernet0/0/0]ip ad 192.168.200.1  24
[CE4-GigabitEthernet0/0/0]int loo0
[CE4-LoopBack0]ip ad 192.168.2.1  24
[CE4-LoopBack0]q
[CE4]BGP 200
[CE4-bgp]peer 192.168.200.2 as-number 123
[CE4-bgp]network 192.168.2.0 24

PE创建与实例绑定的OSPF进程

PE1

[PE1]ospf 2 vpn-instance VPNX
[PE1-ospf-2]area 0
[PE1-ospf-2-area-0.0.0.0]network 192.168.100.2 0.0.0.0
[PE1-ospf-2-area-0.0.0.0]q
[PE1-ospf-2]q

PE2

[PE2]ospf 2 vpn-instance VPNX
[PE2-ospf-2]area 0
[PE2-ospf-2-area-0.0.0.0]network 192.168.200.2 0.0.0.0
[PE2-ospf-2-area-0.0.0.0]q
[PE2-ospf-2]q

配置PE上VPN实例的EBGP对等体

PE1

[PE1]bgp 123
[PE1-bgp]ipv4-family vpn-instance VPNY
[PE1-bgp-VPNY]peer 192.168.100.1 as-number 100
[PE1-bgp-VPNY]Q
[PE1-bgp]Q

PE2

[PE2]bgp 123
[PE2-bgp]ipv4-family vpn-instance VPNY
[PE2-bgp-VPNY]peer 192.168.200.1 as-number 200
[PE2-bgp-VPNY]Q
[PE2-bgp]Q

配置OSPF进程与MP-BGP之间的路由双向引入

PE1

[PE1]ospf 2 vpn-instance VPNX
[PE1-ospf-2]import-route bgp
[PE1-ospf-2]q
[PE1]bgp 123
[PE1-bgp]ipv4-family vpn-instance VPNX
[PE1-bgp-VPNX]import-route ospf 2
[PE1-bgp-VPNX]Q
[PE1-bgp]Q

PE2

[PE2]ospf 2 vpn-instance VPNX
[PE2-ospf-2]import-route bgp
[PE2-ospf-2]q
[PE2]bgp 123
[PE2-bgp]ipv4-family vpn-instance VPNX
[PE2-bgp-VPNX]import-route ospf 2
[PE2-bgp-VPNX]Q
[PE2-bgp]Q

配置验证

可能是卡bug了，正常情况来说配置完上面那些就VPNX，VPNY的路由表都有了，但是我这边查看没有，需要在CE1的OSPF下重新一下192.168.1.0这条路由,配置如下

[CE1]ip ip-prefix zhilian  permit 192.168.1.0 24
[CE1]route-policy zhilian permit node 10
Info: New Sequence of this List.
[CE1-route-policy]if-match ip-prefix zhilian
[CE1-route-policy]q
[CE1]ospf 2
[CE1-ospf-2]import-route  direct route-policy zhilian

再次查看VPN路由表

此时VPNX、VPNY的路由表都生成了

CE3跟CE1做一样的操作，重新引入路由

ping测

查看标签表

抓包ping测（VPNY需要带源ping，不然ping不通）

至此实验完成。

总配置

PE1

//1、骨干网接口互联互通
int   g0/0/2
ip 10.0.12.1  24
int loo0
ip ad 1.1.1.1  32
q

//2、IGP
ospf 1  router-id 1.1.1.1  
area 0
net 10.0.12.1  0.0.0.0
net 1.1.1.1  0.0.0.0
q
q

//3、BGP
bgp  123
router-id 1.1.1.1
peer 3.3.3.3 as-number 123
peer 3.3.3.3 connect-interface LoopBack 0
ipv4-family vpnv4 unicast
peer 3.3.3.3 enable
q

//4、mpls
mpls  lsr-id 1.1.1.1
mpls
q
mpls  ldp
q
int  g0/0/2
mpls  
mpls ldp

//5、创建VPN实例并按照规划配置RD与RT参数
ip vpn-instance VPNX
route-distinguisher 100:1
vpn-target 100:321 import-extcommunity
vpn-target 100:123 export-extcommunity
q
q
ip vpn-instance VPNY
route-distinguisher 200:1
vpn-target 200:234 import-extcommunity
vpn-target 200:432 export-extcommunity
q
q

//6、将接口绑定到VPN实例
int g0/0/0
ip binding vpn-instance VPNX
int g0/0/1
ip binding vpn-instance VPNY

//7、与CE互联互通
//CE1
int g0/0/0
ip ad  192.168.100.2  24
q

//CE2
int g0/0/1
ip  ad  192.168.100.2 24
q

//8、创建与实例绑定的OSPF进程
ospf 2 vpn-instance VPNX
area 0
network 192.168.100.2 0.0.0.0
q

//9、配置PE1上VPN实例的EBGP对等体
bgp 123
ipv4-family vpn-instance VPNY
peer 192.168.100.1 as-number 100
q

//10、配置OSPF进程与MP-BGP之间的路由双向引入
ospf 2 vpn-instance VPNX
import-route bgp
q
bgp 123
ipv4-family vpn-instance VPNX
import-route ospf 2

P

//1、骨干网接口互联互通
int g0/0/0
ip ad 10.0.12.2  24
int loo0
2.2.2.2  32
int g0/0/1
ip ad 10.0.23.2  24
q

//2、IGP
ospf  1  router-id 2.2.2.2 
area 0
net 10.0.12.2  0.0.0.0
net 2.2.2.2  0.0.0.0
net 10.0.23.2  0.0.0.0
q
q

//4、mpls
mpls  lsr-id 2.2.2.2
mpls
q
mpls  ldp
q
int  g0/0/1
mpls  
mpls ldp
q
int  g0/0/0
mpls  
mpls ldp
q

PE2

//1、骨干网接口互联互通
int g0/0/0
ip ad 10.0.23.3  24
int loo0
ip ad 3.3.3.3  24

//2、IGP
ospf 1  router-id 3.3.3.3  
area 0
net 10.0.23.3  0.0.0.0
net 3.3.3.3  0.0.0.0

//3、BGP
bgp  123
router-id 3.3.3.3
peer 1.1.1.1 as-number 123
peer 1.1.1.1 connect-interface LoopBack 0
ipv4-family vpnv4 unicast
peer 1.1.1.1 enable

//4、mpls
mpls  lsr-id 3.3.3.3
mpls
q
mpls  ldp
q
int  g0/0/0
mpls  
mpls ldp
q

//5、创建VPN实例并按照规划配置RD与RT参数
ip vpn-instance VPNX
route-distinguisher 100:1
vpn-target 100:123 import-extcommunity
vpn-target 100:321 export-extcommunity
q
q

ip vpn-instance VPNY
route-distinguisher 200:1
vpn-target 200:432 import-extcommunity
vpn-target 200:234 export-extcommunity
q
q

//6、将接口绑定到VPN实例。
int g0/0/1
ip binding vpn-instance VPNX
int g0/0/2
ip binding vpn-instance VPNY

//7、与CE接口互联(先绑定后加IP，不然先加IP会出现地址冲突)
//CE3
int  g0/0/1
ip ad 192.168.200.2  24
//CE4
int g0/0/2
ip ad 192.168.200.2  24


//8、创建与实例绑定的OSPF进程
ospf 2 vpn-instance VPNX
area 0
network 192.168.200.2 0.0.0.0
q

//9、配置PE2上VPN实例的EBGP对等体
bgp 123
ipv4-family vpn-instance VPNY
peer 192.168.200.1 as-number 200

//10、配置OSPF进程与MP-BGP之间的路由双向引入
ospf 2 vpn-instance VPNX
import-route bgp
q
bgp 123
ipv4-family vpn-instance VPNX
import-route ospf 2

CE1

//接口IP
int g0/0/0
ip  ad 192.168.100.1   24
int loo0
ip  ad 192.168.1.1  24
q

//OSPF
ospf  2 router-id 4.4.4.4

//import-route direct    route-policy zhilian  //如果192.168.1.0引入失败再使用此命令

area 0
net 192.168.100.1  0.0.0.0
net 192.168.1.1  0.0.0.0

//路由策略
ip ip-prefix  zhilian  permit 192.168.1.0  24
route-policy  zhilian  permit node 10
if-match  ip-prefix  zhilian

CE2

int g0/0/0
ip ad 192.168.100.1  24
int loo0
ip ad 192.168.1.1  24
q
BGP 100
peer 192.168.100.2 as-number 123
network 192.168.1.0 24

CE3

//接口IP
int g0/0/0
ip ad 192.168.200.1  24
int  loo0
ip  ad  192.168.2.1  24
q

//OSPF
ospf  2 router-id 5.5.5.5
//import-route direct    route-policy zhilian  //如果192.168.2.0引入失败再使用此命令
area 0
net 192.168.200.1  0.0.0.0
net 192.168.2.1  0.0.0.0

//路由策略
ip ip-prefix  zhilian  permit 192.168.1.0  24
route-policy  zhilian  permit node 10
if-match  ip-prefix  zhilian

CE4

int g0/0/0 
ip ad 192.168.200.1  24
int loo0
ip ad 192.168.2.1  24
q
BGP 200
peer 192.168.200.2 as-number 123
network 192.168.2.0 24

标签：0.0,mpls,PE1,PE2,实验,ip,vpn,ospf
From： https://blog.csdn.net/m0_62452465/article/details/141092780