华为设备配置BGP/MPLS IP VPN
如图:CE1、CE3属于vpna。
CE2、CE4属于vpnb。
vpna使用的VPN-target属性为111:1,vpnb为222:2。
不同VPN用户之间不能互相访问。
图 配置BGP/MPLS IP VPN组网图
操作步骤
1、配置PE1
#
sysname PE1
#
ip vpn-instance vpna//创建VPN实例vpna
ipv4-family
route-distinguisher 100:1
vpn-target 111:1 export-extcommunity
vpn-target 111:1 import-extcommunity
#
ip vpn-instance vpnb//创建VPN实例vpnb
ipv4-family
route-distinguisher 100:2
vpn-target 222:2 export-extcommunity
vpn-target 222:2 import-extcommunity
#
mpls lsr-id 1.1.1.9//配置MPLS
mpls
#
mpls ldp//建立LDP
#
interface Ethernet1/0/0//绑定VPN实例
ip binding vpn-instance vpna
ip address 10.1.1.2 255.255.255.0
#
interface Ethernet2/0/0
ip binding vpn-instance vpnb//绑定VPN实例
ip address 10.2.1.2 255.255.255.0
#
interface Ethernet2/0/1//接口使能MPLS
ip address 172.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
bgp 100//配置MP-IBGP对等体
peer 3.3.3.9 as-number 100
peer 3.3.3.9 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 3.3.3.9 enable
#
ipv4-family vpnv4//使能对等体交换VPNv4路由信息的能力
policy vpn-target
peer 3.3.3.9 enable
#
ipv4-family vpn-instance vpna//配置PE与CE之间建立EBGP对等体关系,引入VPN路由
peer 10.1.1.1 as-number 65410
import-route direct
#
ipv4-family vpn-instance vpnb//配置PE与CE之间建立EBGP对等体关系,引入VPN路由
peer 10.2.1.1 as-number 65420
import-route direct
#
ospf 1//配置公网路由
area 0.0.0.0
network 172.1.1.0 0.0.0.255
network 1.1.1.9 0.0.0.0
#
return
2、配置P
#
sysname P
#
mpls lsr-id 2.2.2.9//配置MPLS
mpls
#
mpls ldp
#
interface Ethernet1/0/0
ip address 172.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Ethernet2/0/0
ip address 172.2.1.1 255.255.255.0
mpls
mpls ldp
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
ospf 1//配置公网路由
area 0.0.0.0
network 172.1.1.0 0.0.0.255
network 172.2.1.0 0.0.0.255
network 2.2.2.9 0.0.0.0
#
return
3、配置PE2
#
sysname PE2
#
ip vpn-instance vpna//创建VPN实例vpna
ipv4-family
route-distinguisher 200:1
vpn-target 111:1 export-extcommunity
vpn-target 111:1 import-extcommunity
#
ip vpn-instance vpnb//创建VPN实例vpnb
ipv4-family
route-distinguisher 200:2
vpn-target 222:2 export-extcommunity
vpn-target 222:2 import-extcommunity
#
mpls lsr-id 3.3.3.9//配置MPLS LSR
mpls
#
mpls ldp
#
interface Ethernet1/0/0 //绑定VPN实例
ip binding vpn-instance vpna
ip address 10.3.1.2 255.255.255.0
#
interface Ethernet2/0/0//绑定VPN实例
ip binding vpn-instance vpnb
ip address 10.4.1.2 255.255.255.0
#
interface Ethernet2/0/1//接口使能MPLS
ip address 172.2.1.2 255.255.255.0
mpls
mpls ldp
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
bgp 100//配置MP-IBGP对等体
peer 1.1.1.9 as-number 100
peer 1.1.1.9 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 1.1.1.9 enable
#
ipv4-family vpnv4//使能对等体交换VPNv4路由信息的能力
policy vpn-target
peer 1.1.1.9 enable
#
ipv4-family vpn-instance vpna//配置PE与CE之间建立EBGP对等体关系,引入VPN路由
peer 10.3.1.1 as-number 65430
import-route direct
#
ipv4-family vpn-instance vpnb//配置PE与CE之间建立EBGP对等体关系,引入VPN路由
peer 10.4.1.1 as-number 65440
import-route direct
#
ospf 1//配置公网路由
area 0.0.0.0
network 172.2.1.0 0.0.0.255
network 3.3.3.9 0.0.0.0
#
return
4、配置CE1
#
sysname CE1
#
interface Ethernet1/0/0
ip address 10.1.1.1 255.255.255.0
#
bgp 65410//在PE与CE之间建立EBGP对等体关系
peer 10.1.1.2 as-number 100
#
ipv4-family unicast
undo synchronization
import-route direct//引入直连路由
peer 10.1.1.2 enable
#
return
5、配置CE2
#
sysname CE2
#
interface Ethernet1/0/0
ip address 10.2.1.1 255.255.255.0
#
bgp 65420//在PE与CE之间建立EBGP对等体关系
peer 10.2.1.2 as-number 100
#
ipv4-family unicast
undo synchronization
import-route direct//引入直连路由
peer 10.2.1.2 enable
#
return
6、配置CE3
#
sysname CE3
#
interface Ethernet1/0/0
ip address 10.3.1.1 255.255.255.0
#
bgp 65430//在PE与CE之间建立EBGP对等体关系
peer 10.3.1.2 as-number 100
#
ipv4-family unicast
undo synchronization
import-route direct//引入直连路由
peer 10.3.1.2 enable
#
return
7、配置CE4
#
sysname CE4
#
interface Ethernet1/0/0
ip address 10.4.1.1 255.255.255.0
#
bgp 65440//在PE与CE之间建立EBGP对等体关系
peer 10.4.1.2 as-number 100
#
ipv4-family unicast
undo synchronization
import-route direct//引入直连路由
peer 10.4.1.2 enable
#
return
配置注意事项
PE之间必须使用32位掩码的Loopback接口地址来建立MP-IBGP对等体关系,以便能够迭代到隧道。
感谢楼主分享! 强啊!
页:
[1]