上一篇mpls-vpn的文章介绍了组网背景及组网方案,本章重点讲解配置步骤与具体配置数据。
配置拓扑图
一、PE1配置数据
#
ip vpn-instance A
ipv4-family
route-distinguisher 64538:100
vpn-target 64538:1 export-extcommunity
vpn-target 64539:2 import-extcommunity
#
ip vpn-instance B
ipv4-family
route-distinguisher 64536:100
vpn-target 64536:1 export-extcommunity
vpn-target 64537:2 import-extcommunity
#
mpls lsr-id 1.1.1.1
mpls
#
mpls ldp
#
interface GigabitEthernet0/0/0
ip binding vpn-instance A
ip address 172.16.0.1 255.255.255.252
#
interface GigabitEthernet0/0/1
ip binding vpn-instance B
ip address 192.168.0.1 255.255.255.252
#
interface GigabitEthernet0/0/2
ip address 10.0.23.1 255.255.255.0
mpls
mpls ldp
#
interface NULL0
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
#
bgp 2345
router-id 1.1.1.1
undo default ipv4-unicast
peer 4.4.4.4 as-number 2345
peer 4.4.4.4 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
undo peer 4.4.4.4 enable
#
ipv4-family vpnv4
policy vpn-target
peer 4.4.4.4 enable
#
ipv4-family vpn-instance A
router-id 172.16.0.1
peer 172.16.0.2 as-number 64538
#
ipv4-family vpn-instance B
router-id 192.168.0.1
import-route ospf 100
#
ospf 1 router-id 1.1.1.1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 10.0.23.0 0.0.0.255
#
ospf 100 vpn-instance B
import-route bgp
area 0.0.0.0
network 192.168.0.0 0.0.0.3
#
二、PE2配置数据
interface GigabitEthernet0/0/0
ip binding vpn-instance A
ip address 172.16.0.5 255.255.255.252
#
interface GigabitEthernet0/0/1
ip binding vpn-instance B
ip address 192.168.0.5 255.255.255.252
#
interface GigabitEthernet0/0/2
ip address 10.0.44.2 255.255.255.0
mpls
mpls ldp
#
interface NULL0
#
interface LoopBack0
ip address 4.4.4.4 255.255.255.255
#
bgp 2345
router-id 4.4.4.4
undo default ipv4-unicast
peer 1.1.1.1 as-number 2345
peer 1.1.1.1 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
undo peer 1.1.1.1 enable
#
ipv4-family vpnv4
policy vpn-target
peer 1.1.1.1 enable
#
ipv4-family vpn-instance A
router-id 172.16.0.5
import-route ospf 100
#
ipv4-family vpn-instance B
router-id 192.168.0.5
peer 192.168.0.6 as-number 64537
#
ospf 1 router-id 4.4.4.4
area 0.0.0.0
network 4.4.4.4 0.0.0.0
network 10.0.44.0 0.0.0.255
#
ospf 100 vpn-instance A
import-route bgp
area 0.0.0.0
network 172.16.0.4 0.0.0.3
#
三、CE1、CE2配置数据
1、CE1配置
#
interface GigabitEthernet0/0/0
ip address 172.16.0.2 255.255.255.252
#
interface GigabitEthernet0/0/1
ip address 172.16.1.1 255.255.255.0
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 5.5.5.5 255.255.255.255
#
bgp 64538
router-id 172.16.0.2
peer 172.16.0.1 as-number 2345
#
ipv4-family unicast
undo synchronization
network 172.16.1.0 255.255.255.0
peer 172.16.0.1 enable
#
2、CE2配置
#
interface GigabitEthernet0/0/0
ip address 172.16.0.6 255.255.255.252
#
interface GigabitEthernet0/0/1
ip address 172.16.2.1 255.255.255.0
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 6.6.6.6 255.255.255.255
#
ospf 1 router-id 172.16.0.6
area 0.0.0.0
network 172.16.0.4 0.0.0.3
network 172.16.2.0 0.0.0.255
#
四、CE3、CE4配置数据
1、CE3配置
#
interface GigabitEthernet0/0/0
ip address 192.168.0.2 255.255.255.252
#
interface GigabitEthernet0/0/1
ip address 192.168.1.1 255.255.255.0
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 7.7.7.7 255.255.255.255
#
ospf 1 router-id 7.7.7.7
area 0.0.0.0
network 192.168.0.0 0.0.0.3
network 192.168.1.0 0.0.0.255
#
2、CE4配置
#
interface GigabitEthernet0/0/0
ip address 192.168.0.6 255.255.255.252
#
interface GigabitEthernet0/0/1
ip address 192.168.2.1 255.255.255.0
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 8.8.8.8 255.255.255.255
#
bgp 64537
router-id 192.168.0.6
peer 192.168.0.5 as-number 2345
#
ipv4-family unicast
undo synchronization
network 192.168.2.0
peer 192.168.0.5 enable
#
五、P1配置数据
#
interface GigabitEthernet0/0/0
ip address 10.0.33.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
ip address 10.0.23.2 255.255.255.0
mpls
mpls ldp
#
interface NULL0
#
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
#
ospf 1 router-id 2.2.2.2
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 10.0.23.0 0.0.0.255
network 10.0.33.0 0.0.0.255
#
六、P2配置数据
#
interface GigabitEthernet0/0/0
ip address 10.0.33.2 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
ip address 10.0.44.1 255.255.255.0
mpls
mpls ldp
#
interface NULL0
#
interface LoopBack0
ip address 3.3.3.3 255.255.255.255
#
ospf 1 router-id 3.3.3.3
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 10.0.33.0 0.0.0.255
network 10.0.44.0 0.0.0.255
#
七、测试验证阶段
1、验证客户A网络的连通性
a、在CE1下新增一个虚拟PC1,定义IP为172.16.1.2
b、在CE2下新增一个虚拟PC2,定义IP为172.16.2.2
c、mpls-vpn配置完成后,在CE1、CE2上分别可以学习到对方的IP地址,并且PC1与PC2可以相互通信;
下图在CE1上执行disp ip routing-table 可以学习到CE2上的客户网络172.16.2.0/24
下图在CE2上执行disp ip routing-table 可以学习到CE1上的客户网络172.16.1.0/24
2、验证客户B网络的连通性
a、在CE3下新增一个虚拟ftp客户端,定义IP为192.168.1.2
b、在CE4下新增一个虚拟ftp服务器端,定义IP为192.168.2.2,并启动ftp服务端口21分配用户名密码及文件访问目录;
c、mpls-vpn配置完成后,在CE3、CE4上分别可以学习到对方的IP地址,并且ftp客户端可以正常访问ftp服务器端;
下图在CE3上执行disp ip routing-table 可以学习到CE4上的客户网络192.168.2.0/24
下图在CE4上执行disp ip routing-table 可以学习到CE3上的客户网络192.168.1.0/24