一.实验要求
1.R1与R5MPLS VPN
2.R6和R7MPLS VPN
3.R7可以访问R2/3/4的环回
二.实验拓扑
三.实验过程
1.配置R234的IP地址以及路由
R2:
<Huawei>sys [Huawei]sys r2 [r2]int g0/0/1 [r2-GigabitEthernet0/0/1]ip add 23.1.1.1 24 [r2-GigabitEthernet0/0/1]int loo0 [r2-LoopBack0]ip add 2.2.2.2 24 [r2-LoopBack0]q [r2]ospf 1 router-id 2.2.2.2 [r2-ospf-1]area 0 [r2-ospf-1-area-0.0.0.0]network 2.2.2.2 0.0.0.0 [r2-ospf-1-area-0.0.0.0]network 23.1.1.0 255.255.255.0R3:
<Huawei>sys [Huawei]sys r3 [r3]int g0/0/0 [r3-GigabitEthernet0/0/0]ip add 23.1.1.2 24 [r3-GigabitEthernet0/0/0]int g0/0/1 [r3-GigabitEthernet0/0/1]ip add 34.1.1.1 24 [r3-GigabitEthernet0/0/1]int loo0 [r3-LoopBack0]ip add 3.3.3.3 24 [r3-LoopBack0]q [r3]ospf 1 router-id 3.3.3.3 [r3-ospf-1]area 0 [r3-ospf-1-area-0.0.0.0]network 3.3.3.3 0.0.0.0 [r3-ospf-1-area-0.0.0.0]network 23.1.1.0 255.255.255.0R4:
<Huawei>sys [Huawei]sys r4 [r4]int g0/0/0 [r4-GigabitEthernet0/0/0]ip add 34.1.1.2 24 [r4-GigabitEthernet0/0/0]int loo0 [r4-LoopBack0]ip add 4.4.4.4 24 [r4-LoopBack0]q [r4]ospf 1 router-id 4.4.4.4 [r4-ospf-1]area 0 [r4-ospf-1-area-0.0.0.0]network 4.4.4.4 0.0.0.0 [r4-ospf-1-area-0.0.0.0]network 34.1.1.0 255.255.255.02.配置MPLS域
R2:
[r2]mpls lsr-id 2.2.2.2 //必须先定义mpls的router-id,要为本地设备的真实ip地址,且邻居可达,因为该地址将用于建立TCP会话,建议使用环回地址 [r2]mpls //开启mpls协议 [r2-mpls]mpls ldp //激活LDP协议 [r2-mpls-ldp]q [r2]int g0/0/1 [r2-GigabitEthernet0/0/1]mpls [r2-GigabitEthernet0/0/1]mpls ldpR3:
[r3]mpls lsr-id 3.3.3.3 [r3]mpls [r3-mpls]mpls ldp [r3-mpls-ldp]q [r3]int g0/0/0 [r3-GigabitEthernet0/0/0]mpls [r3-GigabitEthernet0/0/0]mpls ldp [r3-GigabitEthernet0/0/0]int g0/0/1 [r3-GigabitEthernet0/0/1]mpls [r3-GigabitEthernet0/0/1]mpls ldpR4:
[r4]mpls lsr-id 4.4.4.4 [r4]mpls [r4-mpls]mpls ldp [r4-mpls-ldp]q [r4]int g0/0/0 [r4-GigabitEthernet0/0/0]mpls [r4-GigabitEthernet0/0/0]mpls ldp3.配置MPLS.VPN
R2:
[r2]ip vpn-instance b1 //创建名为b1的vrf空间 [r2-vpn-instance-b1]ipv4-family //进入IPV4的配置模式下 [r2-vpn-instance-b1-af-ipv4]route-distinguisher 1:1 //RD值 [r2-vpn-instance-b1-af-ipv4]vpn-target 1:1 //RT值 必须对端的PE端一致 [r2-vpn-instance-b1-af-ipv4]q [r2-vpn-instance-b1]q [r2]int g0/0/0 //进入链接CE端的接口 [r2-GigabitEthernet0/0/0]ip binding vpn-instance b1 //关联到vrf空间 [r2-GigabitEthernet0/0/0]ip add 172.16.2.2 24 //配置私有ip地址R1:
[r1]int g0/0/0 [r1-GigabitEthernet0/0/0]ip add 172.16.2.1 24 [r1-GigabitEthernet0/0/0]int loo0 [r1-LoopBack0]ip add 192.168.1.1 24R4:
[r4]ip vpn-instance b2 [r4-vpn-instance-b2]ipv4-family [r4-vpn-instance-b2-af-ipv4]route-distinguisher 1:1 [r4-vpn-instance-b2-af-ipv4]vpn-target 1:1 [r4-vpn-instance-b2-af-ipv4]q [r4-vpn-instance-b2]q [r4]int g0/0/1 [r4-GigabitEthernet0/0/1]ip binding vpn-instance b2 [r4-GigabitEthernet0/0/1]ip add 172.16.3.1 2R5:
[r5]int g0/0/0 [r5-GigabitEthernet0/0/0]ip add 172.16.3.2 24 [r5-GigabitEthernet0/0/0]int loo0 [r5-LoopBack0]ip add 192.168.4.1 244.建立MP-BPG邻居关系
R2:
[r2]bgp 2 [r2-bgp]router-id 2.2.2.2 //和对端建立正常BGP邻居关系,可用于传递正常的公网路由 [r2-bgp]peer 3.3.3.3 as-number 2 [r2-bgp]peer 3.3.3.3 connect-interface l0 [r2-bgp]peer 3.3.3.3 next-hop-local [r2-bgp]peer 4.4.4.4 as-number 2 [r2-bgp]peer 4.4.4.4 next-hop-local [r2-bgp]peer 4.4.4.4 connect-interface LoopBack 0 在IPV4的家族模式中,与对端建立一个VPNV4的关系,用于传递VPNV4路由 [r2-bgp]ipv4-family vpnv4 [r2-bgp-af-vpnv4]peer 4.4.4.4 enableR3:
[r3-bgp]peer 2.2.2.2 as-number 2 [r3-bgp]peer 2.2.2.2 next-hop-local [r3-bgp]peer 2.2.2.2 connect-interface LoopBack 0 [r3-bgp]peer 4.4.4.4 as-number 2 [r3-bgp]peer 4.4.4.4 connect-interface LoopBack 0 [r3-bgp]peer 4.4.4.4 next-hop-localR4:
[r4]bgp 2 [r4-bgp]router-id 4.4.4.4 [r4-bgp]peer 2.2.2.2 as-number 2 [r4-bgp]peer 2.2.2.2 next-hop-local [r4-bgp]ipv4-family vpnv4 [r4-bgp-af-vpnv4]peer 2.2.2.2 enable [r4-bgp]peer 3.3.3.3 as-number 2 [r4-bgp]peer 3.3.3.3 next-hop-local [r4-bgp]peer 3.3.3.3 connect-interface lo05.交互路由
R2:
[r2]ip route-static vpn-instance b1 192.168.1.0 24 192.168.2.1 [r2]bgp 2 [r2-bgp]ipv4-family vpnv4 [r2-bgp-af-vpnv4]q 将本地vrf空间内的静态和直连路由重发布到BGP协议传递到对端的PE [r2-bgp]ipv4 vpn-instance b1 [r2-bgp-b1]import-route static [r2-bgp-b1]import-route directR1:
[r1]ip route-static 192.168.4.0 255.255.255.0 172.16.2.2 //CE端只需写静态R4:
[r4]ip route-static vpn-instance b2 192.168.4.0 24 172.16.3.2 [r4]bgp 2 [r4-bgp]ipv4 vpn-instance b2 [r4-bgp-b2]import-route static [r4-bgp-b2]import-route directR5:
[r5]ip route-static 192.168.1.0 255.255.255.0 172.16.3.1R6:
[r6]int g0/0/0 [r6-GigabitEthernet0/0/0]ip add 172.16.2.1 24 [r6-GigabitEthernet0/0/0]int loo0 [r6-LoopBack0]ip add 192.168.1.1 24R2:
[r2]ip vpn-instance a1 [r2-vpn-instance-a1]ipv4-family [r2-vpn-instance-a1-af-ipv4]route-distinguisher 2:2 [r2-vpn-instance-a1-af-ipv4]vpn-target 2:2 [r2-vpn-instance-a1-af-ipv4]q [r2-vpn-instance-a1]q [r2]int g0/0/2 [r2-GigabitEthernet0/0/2]ip binding vpn-instance a1 [r2-GigabitEthernet0/0/2]ip add 172.16.2.2 246.配置rip
R6:
[r6]rip [r6-rip-1]version 2 [r6-rip-1]network 192.168.1.0 [r6-rip-1]network 172.16.0.0R2:
[r2]rip vp [r2]rip vpn-instance a1 [r2]rip vpn-instance a1 [r2-rip-1]ver 2 [r2-rip-1]network 172.16.0.0 Rip重发布BGP [r2]bgp 2 [r2-bgp]ipv4-family vpn-instance a1 [r2-bgp-a1]import-route rip 1 BGP重发布到rip [r2]rip 1 vpn-instance a1 [r2-rip-1]import-route bgpR7:
[r7]int g0/0/0 [r7-GigabitEthernet0/0/0]ip add 45.1.1.2 24 [r7-GigabitEthernet0/0/0]int g0/0/1 [r7-GigabitEthernet0/0/1]ip add 172.16.3.2 24 [r7-GigabitEthernet0/0/1]int loo0 [r7-LoopBack0]ip add 192.168.4.2 24 [r7]ospf 1 router-id 7.7.7.7 [r7-ospf-1]area 0 [r7-ospf-1-area-0.0.0.0]network 192.168.4.0 255.255.255.0 [r7-ospf-1-area-0.0.0.0]network 172.16.3.0 255.255.255.0 [r7-ospf-1-area-0.0.0.0]network 45.1.1.0 255.255.255.0 //配置一条用户可上网的路由R4:
[r4]ip vpn-instance a2 [r4-vpn-instance-a1]ipv4-family [r4-vpn-instance-a1-af-ipv4]route-distinguisher 2:2 [r4-vpn-instance-a1-af-ipv4]vpn-target 2:2 [r4]int g4/0/0 [r4-GigabitEthernet4/0/0]ip binding vpn-instance a2 [r4-GigabitEthernet4/0/0]ip add 172.16.3.1 24 [r4-ospf-1-area-0.0.0.0]network 45.1.1.0 255.255.255.0 [r4]ospf 2 vpn-instance a2 //这里需要注意是进程号为2 [r4-ospf-2]area 0 [r4-ospf-2-area-0.0.0.0]network 172.16.3.0 255.255.255.0 之后使用双向重发布,实现路由共享 [r4]bgp 2 [r4-bgp]ipv4-family vpn-instance a2 [r4-bgp-a]import-route ospf 2 [r4]ospf 2 vpn-instance a2 [r4-ospf-2]import-route bg
四.实验结果
