MPLS VPN实验
要求:
1, R1和R5是客户A两个站点的CE设备,R6和R7是客户6两个站点的CE设备,通过HPLS VPN骨干网络分别连接不同客户的不同站点。
2, R1和R5采用静态路由的方式传递私网路由,R6通过RIP将私网路由传递给PE设备;R7通过osPF将私网路由传递给PE设备,
3, R7单独拉一根网线保证可以访问公网,R7可以访问R2/R3/R4环回
一,首先给mpls vpn骨干网络配置公网IP地址
R2:
R3:
R4:
二,使用OSPF获取公网IP的路由条目
ospf 1 router-id 2.2.2.2
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 23.0.0.0 0.0.0.255
三,创建mlps
[r2]mpls lsr-id 2.2.2.2 ---mpls的router-id,要为本地设备的真实ip地址,且邻居可达
[r2]mpls ---全局开启mpls协议
[r2]mpls ldp ---激活LDP协议
[r2-GigabitEthernet0/0/1]mpls ---接口开启mpls协议
[r2-GigabitEthernet0/0/1]mpls ldp ---接口激活LDP协议
注意:MLPS域的每一个接口都要开启
四,配置MPLS VPN
(一)配置R2的vpn
配置vpn a
[r2]ip vpn-instance a ---创建名为a的vrf空间
[r2-vpn-instance-a]route-distinguisher 100:100 ---配置RD值
[r2-vpn-instance-a-af-ipv4]vpn-target 100:1 ? ---配置PT值
both ---出站和入站一样
export-extcommunity ---配置出站RT
import-extcommunity ---配置入站RT
[r2-vpn-instance-a-af-ipv4]vpn-target 100:1 both
[r2]int g0/0/0
[r2-GigabitEthernet0/0/0]ip binding vpn-instance a ---关联到vrf空间
[r2-GigabitEthernet0/0/0]ip address 192.168.2.2 24 ---配置私有ip地址
配置vpn b
[r2]ip vpn-instance b
[r2-vpn-instance-b]route-distinguisher 200:200
[r2-vpn-instance-b-af-ipv4]vpn-target 200:1 both
[r2]int g0/0/2
[r2-GigabitEthernet0/0/2]ip binding vpn-instance b
[r2-GigabitEthernet0/0/2]ip address 172.16.2.2 24
(二)配置R4的vpn
配置vpn a
[r4]ip vpn-instance a
[r4-vpn-instance-a]route-distinguisher 100:100
[r4-vpn-instance-a-af-ipv4]vpn-target 100:1 both
[r4]int g0/0/1
[r4-GigabitEthernet0/0/1]ip binding vpn-instance a
[r4-GigabitEthernet0/0/1]ip address 192.168.3.2 24
配置vpn b
[r4]ip vpn-instance b
[r4-vpn-instance-b]route-distinguisher 200:200
[r4-vpn-instance-b-af-ipv4]vpn-target 200:1 both
[r4]int g0/0/2
[r4-GigabitEthernet0/0/2]ip binding vpn-instance b
[r4-GigabitEthernet0/0/2]ip address 172.16.3.2 24
(三)配置r1,r5,r6,r7IP地址
[r1-GigabitEthernet0/0/0]ip address 192.168.2.1 24
[r1-LoopBack0]ip address 192.168.1.1 24
[r5-GigabitEthernet0/0/0]ip address 192.168.3.1 24
[r5-LoopBack0]ip address 192.168.4.1 24
[r6-GigabitEthernet0/0/0]ip address 172.16.2.1 24
[r6-LoopBack0]ip address 172.16.1.1 24
[r7-GigabitEthernet0/0/0]ip address 172.16.3.1 24
[r7-LoopBack0]ip address 172.16.4.1 24
注:在关联到vrf空间前不能配置接口ip,否则该地址的直连路由将进入公有路由表
[r2]display ip routing-table vpn-instance a ---查看空间内的私有路由表
[r2]ping -vpn-instance a 192.168.2.1 正常测试将在公有路由表中查询记录;该命令为基于VRF空间
五,配置BGP建邻
R2:
[r2]bgp 1
[r2-bgp]router-id 2.2.2.2
[r2-bgp]peer 4.4.4.4 as-number 1
[r2-bgp]peer 4.4.4.4 connect-interface LoopBack 0
[r2-bgp]ipv4-family vpnv4 ---进入vpnv4
[r2-bgp-af-vpnv4]peer 4.4.4.4 enable --- 开启VPNv4建邻关系
R4:
[r4]bgp 1
[r4-bgp]router-id 4.4.4.4
[r4-bgp]peer 2.2.2.2 as-number 1
[r4-bgp]peer 2.2.2.2 connect-interface LoopBack 0
[r4-bgp]ipv4-family vpnv4
[r4-bgp-af-vpnv4]peer 2.2.2.2 enable
六,给R1-R2 和 R4-R5配置静态,使其可以互相访问
(一)配置静态路由
R1:
[r1]ip route-static 192.168.3.0 24 192.168.1.2
[r1]ip route-static 192.168.4.0 24 192.168.1.2
R2:
[r2]ip route-static vpn-instance a 192.168.1.0 192.168.2.1
R4:
[r4]ip route-static vpn-instance a 192.168.4.0 24 192.168.3.1
R5:
[r5]ip route-static 192.168.1.0 24 192.168.3.2
[r5]ip route-static 192.168.2.0 24 192.168.3.2
(二)进入BGP发布路由
[r2]bgp 1
[r2-bgp]ipv4-family vpn-instance a
[r2-bgp-a]import-route static
[r2-bgp-a]import-route direct
[r4]bgp 1
[r4-bgp]ipv4-family vpn-instance a
[r4-bgp-a]import-route static
[r4-bgp-a]import-route direct
七,R6通过RIP将私网路由传递给PE设备,R7通过osPF将私网路由传递给PE设备,
R2——R6:rip
[r2]rip 1 vpn-instance b
[r2-rip-1]v 2
[r2-rip-1]network 172.16.0.0
[r6]rip
[r6-rip-1]v 2
[r6-rip-1]network 172.16.0.0
R4—R7: ospf
[r4]ospf 2 vpn-instance b router-id 4.4.4.4
[r4-ospf-2]a 0
[r4-ospf-2-area-0.0.0.0]network 172.16.0.0 0.0.255.255
[r7]ospf 1 router-id 7.7.7.7
[r7-ospf-1]a 0
[r7-ospf-1-area-0.0.0.0]net
[r7-ospf-1-area-0.0.0.0]network 172.16.0.0 0.0.255.255
双点重发布
[r2]rip
[r2-rip-1]import-route bgp 1
[r2]bgp 1
[r2-bgp]ipv4-family vpn-instance b
[r2-bgp-b]import-route rip 1
[r4]bgp 1
[r4-bgp]ipv4-family vpn-instance b
[r4-bgp-b]import-route ospf 2
[r4]ospf 2
[r4-ospf-2]import-route bgp
八,配置一条缺省,使R7可以访问R2/R3/R4环回。
[r7]ip route-static 0.0.0.0 0 47.0.0.1
完毕!
