BGPMPLS IP VPN示例
2023-12-14 10:42:29
1、拓扑 需求如图所示
2、各配置如下:
CE1:
#
sysname CE1
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher K72.=[mj(T@X,k6.E\Z,+<D#
local-user admin service-type http
#
firewall zone Local
priority 16
#
interface Ethernet0/0/0
ip address 172.16.1.1 255.255.255.0
#
interface Ethernet0/0/1
#
interface Serial0/0/0
link-protocol ppp
#
interface Serial0/0/1
link-protocol ppp
#
interface Serial0/0/2
link-protocol ppp
#
interface Serial0/0/3
link-protocol ppp
#
interface GigabitEthernet0/0/0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/3
#
wlan
#
interface NULL0
#
bgp 64512
peer 172.16.1.254 as-number 100
#
ipv4-family unicast
undo synchronization
import-route direct
peer 172.16.1.254 enable
#
user-interface con 0
user-interface vty 0 4
user-interface vty 16 20
#
return
CE2:
#
sysname CE2
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher OOCM4m($F4ajUn1vMEIBNUw#
local-user admin service-type http
#
firewall zone Local
priority 16
#
interface Ethernet0/0/0
ip address 172.16.2.1 255.255.255.0
#
interface Ethernet0/0/1
#
interface Serial0/0/0
link-protocol ppp
#
interface Serial0/0/1
link-protocol ppp
#
interface Serial0/0/2
link-protocol ppp
#
interface Serial0/0/3
link-protocol ppp
#
interface GigabitEthernet0/0/0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/3
#
wlan
#
interface NULL0
#
bgp 64514
peer 172.16.2.254 as-number 100
#
ipv4-family unicast
undo synchronization
import-route direct
peer 172.16.2.254 enable
#
user-interface con 0
user-interface vty 0 4
user-interface vty 16 20
#
return
CE3:
#
sysname CE3
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher gD/VGZfKq7939O4.`(ZG",'#
local-user admin service-type http
#
firewall zone Local
priority 16
#
interface Ethernet0/0/0
ip address 172.16.3.1 255.255.255.0
#
interface Ethernet0/0/1
#
interface Serial0/0/0
link-protocol ppp
#
interface Serial0/0/1
link-protocol ppp
#
interface Serial0/0/2
link-protocol ppp
#
interface Serial0/0/3
link-protocol ppp
#
interface GigabitEthernet0/0/0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/3
#
wlan
#
interface NULL0
#
bgp 64513
peer 172.16.3.254 as-number 100
#
ipv4-family unicast
undo synchronization
import-route direct
peer 172.16.3.254 enable
#
user-interface con 0
user-interface vty 0 4
user-interface vty 16 20
#
return
CE4:
#
sysname CE4
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher OOCM4m($F4ajUn1vMEIBNUw#
local-user admin service-type http
#
firewall zone Local
priority 16
#
interface Ethernet0/0/0
ip address 172.16.4.1 255.255.255.0
#
interface Ethernet0/0/1
#
interface Serial0/0/0
link-protocol ppp
#
interface Serial0/0/1
link-protocol ppp
#
interface Serial0/0/2
link-protocol ppp
#
interface Serial0/0/3
link-protocol ppp
#
interface GigabitEthernet0/0/0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/3
#
wlan
#
interface NULL0
#
bgp 64516
peer 172.16.4.254 as-number 100
#
ipv4-family unicast
undo synchronization
import-route direct
peer 172.16.4.254 enable
#
user-interface con 0
idle-timeout 30 0
user-interface vty 0 4
user-interface vty 16 20
#
return
P:
#
sysname P
#
mpls lsr-id 192.168.10.2
mpls
#
mpls ldp
#
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher &9wFL=iR{9pe}@HMNPn@#Kf#
local-user admin service-type http
#
firewall zone Local
priority 16
#
interface Ethernet0/0/0
ip address 10.10.10.1 255.255.255.0
mpls
mpls ldp
#
interface Ethernet0/0/1
ip address 10.11.11.1 255.255.255.0
mpls
mpls ldp
#
interface Serial0/0/0
link-protocol ppp
#
interface Serial0/0/1
link-protocol ppp
#
interface Serial0/0/2
link-protocol ppp
#
interface Serial0/0/3
link-protocol ppp
#
interface GigabitEthernet0/0/0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/3
#
wlan
#
interface NULL0
#
interface LoopBack1
ip address 192.168.10.2 255.255.255.0
#
ospf 1
area 0.0.0.0
network 10.10.10.0 0.0.0.255
network 10.11.11.0 0.0.0.255
network 192.168.10.2 0.0.0.0
#
user-interface con 0
user-interface vty 0 4
user-interface vty 16 20
#
return
PE1:
#
sysname PE1
#
ip vpn-instance vpna
ipv4-family
route-distinguisher 100:1
vpn-target 111:1 export-extcommunity
vpn-target 111:1 import-extcommunity
#
ip vpn-instance vpnb
ipv4-family
route-distinguisher 100:2
vpn-target 222:2 export-extcommunity
vpn-target 222:2 import-extcommunity
#
mpls lsr-id 192.168.10.1
mpls
#
mpls ldp
#
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher mgm'2+Ba8N:z9:%F`[a=_iY#
local-user admin service-type http
#
firewall zone Local
priority 16
#
interface Ethernet0/0/0
ip address 10.10.10.254 255.255.255.0
mpls
mpls ldp
#
interface Ethernet0/0/1
ip binding vpn-instance vpnb
ip address 172.16.2.254 255.255.255.0
#
interface Serial0/0/0
link-protocol ppp
#
interface Serial0/0/1
link-protocol ppp
#
interface Serial0/0/2
link-protocol ppp
#
interface Serial0/0/3
link-protocol ppp
#
interface GigabitEthernet0/0/0
ip binding vpn-instance vpna
ip address 172.16.1.254 255.255.255.0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/3
#
wlan
#
interface NULL0
#
interface LoopBack1
ip address 192.168.10.1 255.255.255.255
#
bgp 100
peer 192.168.10.3 as-number 100
peer 192.168.10.3 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 192.168.10.3 enable
#
ipv4-family vpnv4
policy vpn-target
peer 192.168.10.3 enable
#
ipv4-family vpn-instance vpna
import-route direct
peer 172.16.1.1 as-number 64512
#
ipv4-family vpn-instance vpnb
import-route direct
peer 172.16.2.1 as-number 64514
#
ospf 1
area 0.0.0.0
network 10.10.10.0 0.0.0.255
network 192.168.10.1 0.0.0.0
#
user-interface con 0
user-interface vty 0 4
user-interface vty 16 20
#
return
PE2:
#
sysname PE2
#
ip vpn-instance vpna
ipv4-family
route-distinguisher 200:1
vpn-target 111:1 export-extcommunity
vpn-target 111:1 import-extcommunity
#
ip vpn-instance vpnb
ipv4-family
route-distinguisher 200:2
vpn-target 222:2 export-extcommunity
vpn-target 222:2 import-extcommunity
#
mpls lsr-id 192.168.10.3
mpls
#
mpls ldp
#
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher OOCM4m($F4ajUn1vMEIBNUw#
local-user admin service-type http
#
firewall zone Local
priority 16
#
interface Ethernet0/0/0
ip address 10.11.11.254 255.255.255.0
mpls
mpls ldp
#
interface Ethernet0/0/1
ip binding vpn-instance vpna
ip address 172.16.3.254 255.255.255.0
#
interface Serial0/0/0
link-protocol ppp
#
interface Serial0/0/1
link-protocol ppp
#
interface Serial0/0/2
link-protocol ppp
#
interface Serial0/0/3
link-protocol ppp
#
interface GigabitEthernet0/0/0
ip binding vpn-instance vpnb
ip address 172.16.4.254 255.255.255.0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/3
#
wlan
#
interface NULL0
#
interface LoopBack1
ip address 192.168.10.3 255.255.255.255
#
bgp 100
peer 192.168.10.1 as-number 100
peer 192.168.10.1 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 192.168.10.1 enable
#
ipv4-family vpnv4
policy vpn-target
peer 192.168.10.1 enable
#
ipv4-family vpn-instance vpna
import-route direct
peer 172.16.3.1 as-number 64513
#
ipv4-family vpn-instance vpnb
import-route direct
peer 172.16.4.1 as-number 64516
#
ospf 1
area 0.0.0.0
network 10.11.11.0 0.0.0.255
network 192.168.10.3 0.0.0.0
#
user-interface con 0
user-interface vty 0 4
user-interface vty 16 20
#
return
3、配置验证
P、PE之间配置OSPF,实现骨干网的IP连通性
在MPLS骨干网上配置MPLS基本能力和MPLS LDP,建立LDP LSP
PE设备上配置VPN实例,将CE接入PE
在PE之间建立MP-IBGP对等体关系
在PE与CE之间建立EBGP对等体关系,引入VPN路由
以PE1与CE1的对等体关系为例
在PE设备上执行display ip routing-table vpn-instance命令,可以看到去往对端CE的路由
同一VPN的CE能够相互Ping通,不同VPN的CE不能相互Ping通
文章来源:https://blog.csdn.net/cornerlin/article/details/134987066
本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。 如若内容造成侵权/违法违规/事实不符,请联系我的编程经验分享网邮箱:veading@qq.com进行投诉反馈,一经查实,立即删除!
本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。 如若内容造成侵权/违法违规/事实不符,请联系我的编程经验分享网邮箱:veading@qq.com进行投诉反馈,一经查实,立即删除!