HCIE必考题：HUB Spoke实验

闫辉

HCIE必考的一个lab题，可以添加微信 领取实验压缩包和实验图。（微信号：taige8080）

多的不说了，直接上图和配置文件。
太真实了，自己敲过才知道，会错在什么地方。
BGP中：
Ipv4单播邻居跑公网路由
VPNv4 跑穿透路由
Vpnv4 instance  和客户CE建立邻居传递私网路由。
VPN-IPv4地址结构
图片

RD（route distinguisher）：64bits，用于区分使用相同地址空间的IPv4前缀，增加了RD的IPv4地址称为VPN-IPv4地址（即VPNv4地址）。PE从CE接收到IPv4路由后，转换为全局唯一的VPN-IPv4路，并在公网上发布。
RD的两个功能：
1) 与 32bits 的 Ipv4 前缀一起构成 96bits 的 VPNv4 前缀；
2) 如果不同的 VPN 客户，存在相同的 IPv4 地址空间，那么可以通过设置不同的 RD 值从而保证前缀的唯一性。
• 每一个VRF有一个全局唯一的RD。
• 同一个VPN的不同站点可以配置相同的RD，不同VPN的RD必须唯一。
RT（Route Target）：用来区分VPN customer ，是BGP community 的扩展属性，在VRF 中进行配置。它跟在VPNv4 前缀后面被一起传递。一条路由可以附加多个RT 值。
有两类VPN Target属性：
• Export Target：本地PE从直接相连Site学到IPv4路由后，转换为VPN-IPv4路由，并为这些路由设置Export Target属性。Export Target属性作为BGP的扩展团体属性随路由发布。
• Import Target：PE收到其它PE发布的VPN-IPv4路由时，检查其Export Target属性。当此属性与PE上某个VPN实例的Import Target匹配时，PE就把路由加入到该VPN实例中。
在BGP/MPLS IP VPN网络中，通过VPN  Target属性来控制VPN路由信息在各Site之间的发布和接收。VPN Export Target和Import  Target的设置相互独立，并且都可以设置多个值，能够实现灵活的VPN访问控制，从而实现多种VPN组网方案。


配置文档
R1

[V200R003C00]
#
sysname R1
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
set cpu-usage threshold 80 restore 75
#
ip vpn-instance A
ipv4-family
  route-distinguisher 10:10
  vpn-target 10:10 export-extcommunity
#
ip vpn-instance B
ipv4-family
  route-distinguisher 11:11
  vpn-target 20:20 30:30 import-extcommunity
#
mpls lsr-id 1.1.1.1
mpls
#
mpls ldp
#
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 13.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/1.10
dot1q termination vid 10
ip binding vpn-instance A
ip address 12.1.1.10 255.255.255.0
arp broadcast enable
#
interface GigabitEthernet0/0/1.20
dot1q termination vid 11
ip binding vpn-instance B
ip address 12.1.2.20 255.255.255.0
arp broadcast enable
#
interface GigabitEthernet0/0/2
ip address 14.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface NULL0
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
#
bgp 10
router-id 1.1.1.1
undo default ipv4-unicast
peer 3.3.3.3 as-number 10
peer 3.3.3.3 connect-interface LoopBack0
peer 4.4.4.4 as-number 10
peer 4.4.4.4 connect-interface LoopBack0
#
ipv4-family unicast
  undo synchronization
  undo peer 3.3.3.3 enable
  undo peer 4.4.4.4 enable
#
ipv4-family vpnv4
  policy vpn-target
  peer 3.3.3.3 enable
  peer 3.3.3.3 reflect-client
  peer 4.4.4.4 enable
  peer 4.4.4.4 reflect-client
#
ipv4-family vpn-instance A
  peer 12.1.1.11 as-number 65000
#
ipv4-family vpn-instance B
  peer 12.1.2.21 as-number 65000
#
ospf 10 router-id 1.1.1.1
area 0.0.0.0
  network 1.1.1.1 0.0.0.0
  network 13.1.1.1 0.0.0.0
  network 14.1.1.1 0.0.0.0
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
Return

R2

[V200R003C00]
#
sysname R2
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
#
interface GigabitEthernet0/0/0.10
dot1q termination vid 10
ip address 12.1.1.11 255.255.255.0
arp broadcast enable
#
interface GigabitEthernet0/0/0.20
dot1q termination vid 11
ip address 12.1.2.21 255.255.255.0
arp broadcast enable
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/1.20
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 2.2.2.2 255.255.255.0
#
bgp 65000
router-id 2.2.2.2
peer 12.1.1.10 as-number 10
peer 12.1.2.20 as-number 10
#
ipv4-family unicast
  undo synchronization
  aggregate 10.0.0.0 255.0.0.0 detail-suppressed
  import-route direct
  peer 12.1.1.10 enable
  peer 12.1.2.20 enable
  peer 12.1.2.20 allow-as-loop
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
Return
R3

[V200R003C00]
#
sysname R3
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
set cpu-usage threshold 80 restore 75
#
ip vpn-instance A
ipv4-family
  route-distinguisher 20:20
  vpn-target 20:20 export-extcommunity
  vpn-target 10:10 import-extcommunity
#
mpls lsr-id 3.3.3.3
mpls
#
mpls ldp
#
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 13.1.1.3 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
ip binding vpn-instance A
ip address 35.1.1.3 255.255.255.0
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 3.3.3.3 255.255.255.255
#
bgp 10
router-id 3.3.3.3
undo default ipv4-unicast
peer 1.1.1.1 as-number 10
peer 1.1.1.1 connect-interface LoopBack0
#
ipv4-family unicast
  undo synchronization
  undo peer 1.1.1.1 enable
#
ipv4-family vpnv4
  policy vpn-target
  peer 1.1.1.1 enable
#
ipv4-family vpn-instance A
  peer 35.1.1.5 as-number 65000
#
ospf 10 router-id 3.3.3.3
area 0.0.0.0
  network 3.3.3.3 0.0.0.0
  network 13.1.1.3 0.0.0.0
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
Return
R4

[V200R003C00]
#
sysname R4
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
set cpu-usage threshold 80 restore 75
#
ip vpn-instance B
ipv4-family
  route-distinguisher 30:30
  vpn-target 10:10 30:30 export-extcommunity
  vpn-target 30:30 10:10 import-extcommunity
#
mpls lsr-id 4.4.4.4
mpls
#
mpls ldp
#
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 14.1.1.4 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
ip binding vpn-instance B
ip address 46.1.1.4 255.255.255.0
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 4.4.4.4 255.255.255.255
#
bgp 10
router-id 4.4.4.4
undo default ipv4-unicast
peer 1.1.1.1 as-number 10
peer 1.1.1.1 connect-interface LoopBack0
#
ipv4-family unicast
  undo synchronization
  undo peer 1.1.1.1 enable
#
ipv4-family vpnv4
  policy vpn-target
  peer 1.1.1.1 enable
#
ipv4-family vpn-instance B
  peer 46.1.1.6 as-number 65000
#
ospf 10 router-id 4.4.4.4
area 0.0.0.0
  network 4.4.4.4 0.0.0.0
  network 14.1.1.4 0.0.0.0
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
Return
R5

[V200R003C00]
#
sysname R5
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 35.1.1.5 255.255.255.0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 5.5.5.5 255.255.255.255
#
interface LoopBack1
ip address 10.5.5.5 255.255.255.255
#
bgp 65000
router-id 5.5.5.5
peer 35.1.1.3 as-number 10
#
ipv4-family unicast
  undo synchronization
  import-route direct
  peer 35.1.1.3 enable
  peer 35.1.1.3 allow-as-loop
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
R6

[V200R003C00]
#
sysname R6
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 46.1.1.6 255.255.255.0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 6.6.6.6 255.255.255.255
#
bgp 65000
router-id 6.6.6.6
peer 46.1.1.4 as-number 10
#
ipv4-family unicast
  undo synchronization
  import-route direct
  peer 46.1.1.4 enable
  peer 46.1.1.4 allow-as-loop
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return

f1662

andyyan521

辉哥牛逼！！！！