BGPMPLS IP VPN示例

2023-12-14 10:42:29

1、拓扑 需求如图所示

2、各配置如下:

CE1:


#
sysname CE1
#
aaa 
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default 
 domain default_admin 
 local-user admin password cipher K72.=[mj(T@X,k6.E\Z,+<D#
 local-user admin service-type http
#
firewall zone Local
 priority 16
#
interface Ethernet0/0/0
 ip address 172.16.1.1 255.255.255.0 
#
interface Ethernet0/0/1
#
interface Serial0/0/0
 link-protocol ppp
#
interface Serial0/0/1
 link-protocol ppp
#
interface Serial0/0/2
 link-protocol ppp
#
interface Serial0/0/3
 link-protocol ppp
#
interface GigabitEthernet0/0/0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/3
#
wlan
#
interface NULL0
#
bgp 64512
 peer 172.16.1.254 as-number 100 
 #
 ipv4-family unicast
  undo synchronization
  import-route direct
  peer 172.16.1.254 enable
#
user-interface con 0
user-interface vty 0 4
user-interface vty 16 20
#
return 

CE2:


#
sysname CE2
#
aaa 
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default 
 domain default_admin 
 local-user admin password cipher OOCM4m($F4ajUn1vMEIBNUw#
 local-user admin service-type http
#
firewall zone Local
 priority 16
#
interface Ethernet0/0/0
 ip address 172.16.2.1 255.255.255.0 
#
interface Ethernet0/0/1
#
interface Serial0/0/0
 link-protocol ppp
#
interface Serial0/0/1
 link-protocol ppp
#
interface Serial0/0/2
 link-protocol ppp
#
interface Serial0/0/3
 link-protocol ppp
#
interface GigabitEthernet0/0/0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/3
#
wlan
#
interface NULL0
#
bgp 64514
 peer 172.16.2.254 as-number 100 
 #
 ipv4-family unicast
  undo synchronization
  import-route direct
  peer 172.16.2.254 enable
#
user-interface con 0
user-interface vty 0 4
user-interface vty 16 20
#
return 

CE3:


#
sysname CE3
#
aaa 
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default 
 domain default_admin 
 local-user admin password cipher gD/VGZfKq7939O4.`(ZG",'#
 local-user admin service-type http
#
firewall zone Local
 priority 16
#
interface Ethernet0/0/0
 ip address 172.16.3.1 255.255.255.0 
#
interface Ethernet0/0/1
#
interface Serial0/0/0
 link-protocol ppp
#
interface Serial0/0/1
 link-protocol ppp
#
interface Serial0/0/2
 link-protocol ppp
#
interface Serial0/0/3
 link-protocol ppp
#
interface GigabitEthernet0/0/0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/3
#
wlan
#
interface NULL0
#
bgp 64513
 peer 172.16.3.254 as-number 100 
 #
 ipv4-family unicast
  undo synchronization
  import-route direct
  peer 172.16.3.254 enable
#
user-interface con 0
user-interface vty 0 4
user-interface vty 16 20
#
return 

CE4:


#
sysname CE4
#
aaa 
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default 
 domain default_admin 
 local-user admin password cipher OOCM4m($F4ajUn1vMEIBNUw#
 local-user admin service-type http
#
firewall zone Local
 priority 16
#
interface Ethernet0/0/0
 ip address 172.16.4.1 255.255.255.0 
#
interface Ethernet0/0/1
#
interface Serial0/0/0
 link-protocol ppp
#
interface Serial0/0/1
 link-protocol ppp
#
interface Serial0/0/2
 link-protocol ppp
#
interface Serial0/0/3
 link-protocol ppp
#
interface GigabitEthernet0/0/0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/3
#
wlan
#
interface NULL0
#
bgp 64516
 peer 172.16.4.254 as-number 100 
 #
 ipv4-family unicast
  undo synchronization
  import-route direct
  peer 172.16.4.254 enable
#
user-interface con 0
 idle-timeout 30 0
user-interface vty 0 4
user-interface vty 16 20
#
return 

P:


#
sysname P
#
mpls lsr-id 192.168.10.2
mpls
#
mpls ldp
#
#
aaa 
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default 
 domain default_admin 
 local-user admin password cipher &9wFL=iR{9pe}@HMNPn@#Kf#
 local-user admin service-type http
#
firewall zone Local
 priority 16
#
interface Ethernet0/0/0
 ip address 10.10.10.1 255.255.255.0 
 mpls
 mpls ldp
#
interface Ethernet0/0/1
 ip address 10.11.11.1 255.255.255.0 
 mpls
 mpls ldp
#
interface Serial0/0/0
 link-protocol ppp
#
interface Serial0/0/1
 link-protocol ppp
#
interface Serial0/0/2
 link-protocol ppp
#
interface Serial0/0/3
 link-protocol ppp
#
interface GigabitEthernet0/0/0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/3
#
wlan
#
interface NULL0
#
interface LoopBack1
 ip address 192.168.10.2 255.255.255.0 
#
ospf 1 
 area 0.0.0.0 
  network 10.10.10.0 0.0.0.255 
  network 10.11.11.0 0.0.0.255 
  network 192.168.10.2 0.0.0.0 
#
user-interface con 0
user-interface vty 0 4
user-interface vty 16 20
#
return 

PE1:


#
sysname PE1
#
ip vpn-instance vpna
 ipv4-family
  route-distinguisher 100:1
  vpn-target 111:1 export-extcommunity
  vpn-target 111:1 import-extcommunity
#
ip vpn-instance vpnb
 ipv4-family
  route-distinguisher 100:2
  vpn-target 222:2 export-extcommunity
  vpn-target 222:2 import-extcommunity
#
mpls lsr-id 192.168.10.1
mpls
#
mpls ldp
#
#
aaa 
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default 
 domain default_admin 
 local-user admin password cipher mgm'2+Ba8N:z9:%F`[a=_iY#
 local-user admin service-type http
#
firewall zone Local
 priority 16
#
interface Ethernet0/0/0
 ip address 10.10.10.254 255.255.255.0 
 mpls
 mpls ldp
#
interface Ethernet0/0/1
 ip binding vpn-instance vpnb
 ip address 172.16.2.254 255.255.255.0 
#
interface Serial0/0/0
 link-protocol ppp
#
interface Serial0/0/1
 link-protocol ppp
#
interface Serial0/0/2
 link-protocol ppp
#
interface Serial0/0/3
 link-protocol ppp
#
interface GigabitEthernet0/0/0
 ip binding vpn-instance vpna
 ip address 172.16.1.254 255.255.255.0 
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/3
#
wlan
#
interface NULL0
#
interface LoopBack1
 ip address 192.168.10.1 255.255.255.255 
#
bgp 100
 peer 192.168.10.3 as-number 100 
 peer 192.168.10.3 connect-interface LoopBack1
 #
 ipv4-family unicast
  undo synchronization
  peer 192.168.10.3 enable
 # 
 ipv4-family vpnv4
  policy vpn-target
  peer 192.168.10.3 enable
 #
 ipv4-family vpn-instance vpna 
  import-route direct
  peer 172.16.1.1 as-number 64512 
 #
 ipv4-family vpn-instance vpnb 
  import-route direct
  peer 172.16.2.1 as-number 64514 
#
ospf 1 
 area 0.0.0.0 
  network 10.10.10.0 0.0.0.255 
  network 192.168.10.1 0.0.0.0 
#
user-interface con 0
user-interface vty 0 4
user-interface vty 16 20
#
return 

PE2:


#
sysname PE2
#
ip vpn-instance vpna
 ipv4-family
  route-distinguisher 200:1
  vpn-target 111:1 export-extcommunity
  vpn-target 111:1 import-extcommunity
#
ip vpn-instance vpnb
 ipv4-family
  route-distinguisher 200:2
  vpn-target 222:2 export-extcommunity
  vpn-target 222:2 import-extcommunity
#
mpls lsr-id 192.168.10.3
mpls
#
mpls ldp
#
#
aaa 
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default 
 domain default_admin 
 local-user admin password cipher OOCM4m($F4ajUn1vMEIBNUw#
 local-user admin service-type http
#
firewall zone Local
 priority 16
#
interface Ethernet0/0/0
 ip address 10.11.11.254 255.255.255.0 
 mpls
 mpls ldp
#
interface Ethernet0/0/1
 ip binding vpn-instance vpna
 ip address 172.16.3.254 255.255.255.0 
#
interface Serial0/0/0
 link-protocol ppp
#
interface Serial0/0/1
 link-protocol ppp
#
interface Serial0/0/2
 link-protocol ppp
#
interface Serial0/0/3
 link-protocol ppp
#
interface GigabitEthernet0/0/0
 ip binding vpn-instance vpnb
 ip address 172.16.4.254 255.255.255.0 
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/3
#
wlan
#
interface NULL0
#
interface LoopBack1
 ip address 192.168.10.3 255.255.255.255 
#
bgp 100
 peer 192.168.10.1 as-number 100 
 peer 192.168.10.1 connect-interface LoopBack1
 #
 ipv4-family unicast
  undo synchronization
  peer 192.168.10.1 enable
 # 
 ipv4-family vpnv4
  policy vpn-target
  peer 192.168.10.1 enable
 #
 ipv4-family vpn-instance vpna 
  import-route direct
  peer 172.16.3.1 as-number 64513 
 #
 ipv4-family vpn-instance vpnb 
  import-route direct
  peer 172.16.4.1 as-number 64516 
#
ospf 1 
 area 0.0.0.0 
  network 10.11.11.0 0.0.0.255 
  network 192.168.10.3 0.0.0.0 
#
user-interface con 0
user-interface vty 0 4
user-interface vty 16 20
#
return 

3、配置验证

PPE之间配置OSPF,实现骨干网的IP连通性

MPLS骨干网上配置MPLS基本能力和MPLS LDP,建立LDP LSP

PE设备上配置VPN实例,将CE接入PE

PE之间建立MP-IBGP对等体关系

PECE之间建立EBGP对等体关系,引入VPN路由

PE1CE1的对等体关系为例

PE设备上执行display ip routing-table vpn-instance命令,可以看到去往对端CE的路由

同一VPNCE能够相互Ping通,不同VPNCE不能相互Ping

文章来源:https://blog.csdn.net/cornerlin/article/details/134987066
本文来自互联网用户投稿,该文观点仅代表作者本人,不代表本站立场。本站仅提供信息存储空间服务,不拥有所有权,不承担相关法律责任。