跨域 虚拟专用网 Option-A方案配置案例
一、实验规划
如下方拓扑所示,共分为4个AS。PE1、P1和ASBR1属于AS100,PE2、P2和ASBR2属于AS200。CE1和CE2属于同一个VPN,CE1通过AS100的PE1接入,CE2通过AS200 的PE2接入,其分别属于AS65001与AS65002。
二、拓扑图
三、配置各接口IP地址
1.配置CE1
sysname CE1 #配置主机名
interface GigabitEthernet0/0/1
ip address 10.1.1.1 255.255.255.252
#
interface LoopBack0
ip address 11.11.11.11 255.255.255.255
2.配置PE1
#
interface GigabitEthernet0/0/0
ip address 12.12.12.1 255.255.255.252
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
3.配置P1
interface GigabitEthernet0/0/0
ip address 12.12.12.2 255.255.255.252
#
interface GigabitEthernet0/0/1
ip address 23.23.23.1 255.255.255.252
#
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
4.配置ASBR1
interface GigabitEthernet0/0/1
ip address 23.23.23.2 255.255.255.252
#
interface LoopBack0
ip address 3.3.3.3 255.255.255.255
5.配置ASBR2
interface GigabitEthernet0/0/1
ip address 45.45.45.1 255.255.255.252
#
interface LoopBack0
ip address 4.4.4.4 255.255.255.255
6.配置P2
interface GigabitEthernet0/0/0
ip address 56.56.56.1 255.255.255.252
interface GigabitEthernet0/0/1
ip address 45.45.45.2 255.255.255.252
#
interface LoopBack0
ip address 5.5.5.5 255.255.255.255
7.配置PE2
interface GigabitEthernet0/0/0
ip address 56.56.56.2 255.255.255.252
#
interface LoopBack0
ip address 6.6.6.6 255.255.255.255
8.配置CE2
interface GigabitEthernet0/0/1
ip address 20.1.1.2 255.255.255.252
#
interface LoopBack0
ip address 22.22.22.22 255.255.255.255
四、配置OSPF
1.PE1配置
ospf 1 router-id 1.1.1.1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 12.12.12.0 0.0.0.3
2.P1配置
ospf 1 router-id 2.2.2.2
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 12.12.12.0 0.0.0.3
network 23.23.23.0 0.0.0.3
3.ASBR1配置
ospf 1 router-id 3.3.3.3
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 23.23.23.0 0.0.0.3
4.ASBR2配置
ospf 1 router-id 4.4.4.4
area 0.0.0.0
network 4.4.4.4 0.0.0.0
network 45.45.45.0 0.0.0.3
5.P2配置
ospf 1 router-id 5.5.5.5
area 0.0.0.0
network 5.5.5.5 0.0.0.0
network 45.45.45.0 0.0.0.3
network 56.56.56.0 0.0.0.3
6.PE2配置
ospf 1 router-id 6.6.6.6
area 0.0.0.0
network 6.6.6.6 0.0.0.0
network 56.56.56.0 0.0.0.3
五、使能MPLS/MPLS LDP
1.配置PE1
mpls lsr-id 1.1.1.1
mpls
#
mpls ldp
interface GigabitEthernet0/0/0
mpls
mpls ldp
2.配置P1
mpls lsr-id 2.2.2.2
mpls
#
mpls ldp
#
interface GigabitEthernet0/0/0
ip address 12.12.12.2 255.255.255.252
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
ip address 23.23.23.1 255.255.255.252
mpls
mpls ldp
3.配置ASBR1
mpls lsr-id 3.3.3.3
mpls
#
mpls ldp
#
interface GigabitEthernet0/0/1
ip address 23.23.23.2 255.255.255.252
mpls
mpls ldp
#
4.配置ASBR2
mpls lsr-id 4.4.4.4
mpls
#
mpls ldp
#
interface GigabitEthernet0/0/0
ip binding vpn-instance huawei
ip address 34.34.34.2 255.255.255.252
#
interface GigabitEthernet0/0/1
ip address 45.45.45.1 255.255.255.252
mpls
mpls ldp
5.配置P2
mpls lsr-id 5.5.5.5
mpls
#
mpls ldp
#
interface GigabitEthernet0/0/0
ip address 56.56.56.1 255.255.255.252
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
ip address 45.45.45.2 255.255.255.252
mpls
mpls ldp
6.配置PE2
mpls lsr-id 6.6.6.6
mpls
#
mpls ldp
#
interface GigabitEthernet0/0/0
ip address 56.56.56.2 255.255.255.252
mpls
mpls ldp
六、配置IBGP/MP-BGP
1.PE1配置
bgp 100
peer 3.3.3.3 as-number 100 #配置PE1与ASBR1之间的IBGP邻居关系
peer 3.3.3.3 connect-interface LoopBack0 #配置建立对等体的接口为looback 0;
#
ipv4-family unicast
undo synchronization
peer 3.3.3.3 enable
#
ipv4-family vpnv4 #进入BGP的VPNv4视图
policy vpn-target
peer 3.3.3.3 enable #使能PE1与ASBR1的MP-IBGP邻居
2.ASBR1配置
bgp 100
peer 1.1.1.1 as-number 100
peer 1.1.1.1 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
peer 1.1.1.1 enable
#
ipv4-family vpnv4
policy vpn-target
peer 1.1.1.1 enable
3.PE2配置
bgp 200
peer 4.4.4.4 as-number 200
peer 4.4.4.4 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
peer 4.4.4.4 enable
#
ipv4-family vpnv4
policy vpn-target
peer 4.4.4.4 enable
4.ASBR2配置
bgp 200
peer 6.6.6.6 as-number 200
peer 6.6.6.6 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
peer 6.6.6.6 enable
#
ipv4-family vpnv4
policy vpn-target
peer 6.6.6.6 enable
七、配置VPN实例
1.PE1配置
ip vpn-instance huawei #创建VPN实例
ipv4-family
route-distinguisher 100:1 #配置RD属性
vpn-target 100:1 export-extcommunity #配置RT属性
vpn-target 100:1 import-extcommunity
interface GigabitEthernet0/0/1 #接口绑定VPN实例,注意绑定VPN实例后,接口的所有配置都将被清空
ip binding vpn-instance huawei
ip address 10.1.1.2 255.255.255.252
&nsbp;
2.ASBR1配置
ip vpn-instance huawei
ipv4-family
route-distinguisher 100:1
vpn-target 100:1 export-extcommunity
vpn-target 100:1 import-extcommunity
interface GigabitEthernet0/0/0
ip binding vpn-instance huawei
ip address 34.34.34.1 255.255.255.252
&nsbp;
3.ASBR2配置
#
ip vpn-instance huawei
ipv4-family
route-distinguisher 100:1
vpn-target 100:1 export-extcommunity
vpn-target 100:1 import-extcommunity
interface GigabitEthernet0/0/0
ip binding vpn-instance huawei
ip address 34.34.34.2 255.255.255.252
&nsbp;
4.PE2配置
ip vpn-instance huawei
ipv4-family
route-distinguisher 100:1
vpn-target 100:1 export-extcommunity
vpn-target 100:1 import-extcommunity
interface GigabitEthernet0/0/1
ip binding vpn-instance huawei
ip address 20.1.1.1 255.255.255.252
八、VPN实例配置EBGP
1.PE1配置
bgp 100
#
ipv4-family vpn-instance huawei
peer 10.1.1.1 as-number 65001 #配置PE1与CE1的BGP邻居关系
#
2.CE1配置
bgp 65001
peer 10.1.1.2 as-number 100
#
ipv4-family unicast
undo synchronization
network 11.11.11.11 255.255.255.255
peer 10.1.1.2 enable
3.ASBR1配置
bgp 100 #配置ASBR1与ASBR2的BGP邻居关系
ipv4-family vpn-instance huawei
peer 34.34.34.2 as-number 200
4.ASBR2配置
bgp 200
ipv4-family vpn-instance huawei
peer 34.34.34.1 as-number 100
5.PE2配置
bgp 200
ipv4-family vpn-instance huawei
peer 20.1.1.2 as-number 65002
6.CE2配置
bgp 65002
peer 20.1.1.1 as-number 200
#
ipv4-family unicast
undo synchronization
network 22.22.22.22 255.255.255.255
peer 20.1.1.1 enable
九、结果验证
1.检查配置结果
版权声明:本文为weixin_42952508原创文章,遵循CC 4.0 BY-SA版权协议,转载请附上原文出处链接和本声明。