[系统运维] 华为设备配置跨域虚拟专用网

开发: C++知识库 Java知识库 JavaScript Python PHP知识库人工智能区块链大数据移动开发嵌入式开发工具数据结构与算法开发测试游戏开发网络协议系统运维
教程: HTML教程 CSS教程 JavaScript教程 Go语言教程 JQuery教程 VUE教程 VUE3教程 Bootstrap教程 SQL数据库教程 C语言教程 C++教程 Java教程 Python教程 Python3教程 C#教程
数码: 电脑笔记本显卡显示器固态硬盘硬盘耳机手机 iphone vivo oppo 小米华为单反装机图拉丁

-> 系统运维 -> 华为设备配置跨域虚拟专用网 -> 正文阅读

[系统运维]华为设备配置跨域虚拟专用网

在这里插入图片描述

配置接口IP地址
[ASBR-PE1-LoopBack0]ip add 1.1.1.1 32
[ASBR-PE1-GigabitEthernet0/0/0]ip add 12.1.1.1 24
[ASBR-PE1-GigabitEthernet0/0/1]ip add 20.1.1.1 24
[ASBR-PE2-LoopBack0]ip add 2.2.2.2 32
[ASBR-PE2-GigabitEthernet0/0/0]ip add 12.1.1.2 24
[ASBR-PE2-GigabitEthernet0/0/1]ip add 30.1.1.2 24
[PE1-LoopBack0]ip add 3.3.3.3 32
[PE1-GigabitEthernet0/0/0]ip add 20.1.1.3 24
[PE1-GigabitEthernet0/0/1]ip add 10.1.1.3 24
[PE2-LoopBack0]ip add 4.4.4.4 32
[PE2-GigabitEthernet0/0/0]ip add 30.1.1.4 24
[PE2-GigabitEthernet0/0/1]ip add 10.2.1.4 24
[CE1-GigabitEthernet0/0/0]ip add 10.1.1.5 24
[CE2-GigabitEthernet0/0/0]ip add 10.2.1.6 24
在AS100和AS200的MPLS骨干网上分别配置OSPF协议，实现各自骨干网ASBR-PE和PE之间的互通
[ASBR-PE1]ospf 1
[ASBR-PE1-ospf-1]area 0
[ASBR-PE1-ospf-1-area-0.0.0.0]network 12.1.1.0 0.0.0.255
[ASBR-PE1-ospf-1-area-0.0.0.0]network 20.1.1.0 0.0.0.255
[ASBR-PE1-ospf-1-area-0.0.0.0]network 1.1.1.1 0.0.0.0
[ASBR-PE2]ospf 1
[ASBR-PE2-ospf-1]area 0
[ASBR-PE2-ospf-1-area-0.0.0.0]network 2.2.2.2 0.0.0.0
[ASBR-PE2-ospf-1-area-0.0.0.0]network 30.1.1.0 0.0.0.255
[ASBR-PE2-ospf-1-area-0.0.0.0]network 12.1.1.0 0.0.0.255
[PE1]ospf 1
[PE1-ospf-1]area 0
[PE1-ospf-1-area-0.0.0.0]network 3.3.3.3 0.0.0.0
[PE1-ospf-1-area-0.0.0.0]network 20.1.1.0 0.0.0.255
[PE2]ospf 1
[PE2-ospf-1]area 0
[PE2-ospf-1-area-0.0.0.0]network 4.4.4.4 0.0.0.0
[PE2-ospf-1-area-0.0.0.0]network 30.1.1.0 0.0.0.255
在AS100和AS200的MPLS骨干网上分别配置MPLS基本能力和MPLS LDP，建立LDP LSP
[ASBR-PE1]mpls lsr-id 1.1.1.1
[ASBR-PE1]mpls
[ASBR-PE1-mpls]label advertise non-null
[ASBR-PE1]mpls ldp
[ASBR-PE1-GigabitEthernet0/0/1]mpls
[ASBR-PE1-GigabitEthernet0/0/1]mpls ldp
[ASBR-PE2]mpls lsr-id 2.2.2.2
[ASBR-PE2]mpls
[ASBR-PE2-mpls]label advertise non-null
[ASBR-PE2]mpls ldp
[ASBR-PE2-GigabitEthernet0/0/1]mpls
[ASBR-PE2-GigabitEthernet0/0/1]mpls ldp
[PE1]mpls lsr-id 3.3.3.3
[PE1]mpls
[PE1-mpls]label advertise non-null
[PE1]mpls ldp
[PE1-GigabitEthernet0/0/0]mpls
[PE1-GigabitEthernet0/0/0]mpls ldp
[PE2]mpls lsr-id 4.4.4.4
[PE2]mpls
[PE2-mpls]label advertise non-null
[PE2]mpls ldp
[PE2-GigabitEthernet0/0/0]mpls
[PE2-GigabitEthernet0/0/0]mpls ldp
PE与ASBR-PE之间建立MP-IBGP对等体关系，交换VPN路由信息
[ASBR-PE1]bgp 100
[ASBR-PE1-bgp]peer 3.3.3.3 as-number 100
[ASBR-PE1-bgp]peer 3.3.3.3 connect-interface LoopBack 0
[ASBR-PE1-bgp]ipv4-family vpnv4
[ASBR-PE1-bgp-af-vpnv4]peer 3.3.3.3 enable
[PE1]bgp 100
[PE1-bgp]peer 1.1.1.1 as-number 100
[PE1-bgp]peer 1.1.1.1 connect-interface LoopBack 0
[PE1-bgp]ipv4-family vpnv4
[PE1-bgp-af-vpnv4]peer 1.1.1.1 enable
[ASBR-PE2]bgp 200
[ASBR-PE2-bgp]peer 4.4.4.4 as-number 200
[ASBR-PE2-bgp]peer 4.4.4.4 connect-interface LoopBack 0
[ASBR-PE2-bgp]ipv4-family vpnv4
[ASBR-PE2-bgp-af-vpnv4]peer 4.4.4.4 enable
[PE2]bgp 200
[PE2-bgp]peer 2.2.2.2 as-number 200
[PE2-bgp]peer 2.2.2.2 connect-interface LoopBack 0
[PE2-bgp]ipv4-family vpnv4
[PE2-bgp-af-vpnv4]peer 2.2.2.2 enable
在PE设备上配置使能IPv4地址族的VPN实例，将CE接入PE
[PE1]ip vpn-instance vpn1
[PE1-vpn-instance-vpn1]ipv4-family
[PE1-vpn-instance-vpn1-af-ipv4]route-distinguisher 100:1
[PE1-vpn-instance-vpn1-af-ipv4]vpn-target 1:1 both
[PE1-GigabitEthernet0/0/1]ip binding vpn-instance vpn1
[PE1-GigabitEthernet0/0/1]ip add 10.1.1.3 24
[PE2]ip vpn-instance vpn1
[PE2-vpn-instance-vpn1]ipv4-family
[PE2-vpn-instance-vpn1-af-ipv4]route-distinguisher 200:1
[PE2-vpn-instance-vpn1-af-ipv4]vpn-target 2:2 both
[PE2-GigabitEthernet0/0/1]ip binding vpn-instance vpn1
[PE2-GigabitEthernet0/0/1]ip add 10.2.1.4 24
配置PE与CE建立EBGP对等体关系，交换VPN路由
[CE1]bgp 65001
[CE1-bgp]peer 10.1.1.3 as-number 100
[CE1-bgp]import-route direct
[PE1]bgp 100
[PE1-bgp]ipv4-family vpn-instance vpn1
[PE1-bgp]peer 10.1.1.5 as-number 65001
[PE1-bgp]import-route direct

[CE2]bgp 65002
[CE2-bgp]peer 10.2.1.4 as-number 200
[CE2-bgp]import-route direct
[PE2]bgp 200
[PE2-bgp]ipv4-family vpn-instance vpn1
[PE2-bgp-vpn1]peer 10.2.1.6 as-number 65002
[PE2-bgp-vpn1]import-route direct
在这里插入图片描述

配置OptionA方式的跨域VPN
[ASBR-PE1]ip vpn-instance vpn1
[ASBR-PE1-vpn-instance-vpn1]ipv4-family
[ASBR-PE1-vpn-instance-vpn1-af-ipv4]route-distinguisher 100:2
[ASBR-PE1-vpn-instance-vpn1-af-ipv4]vpn-target 1:1 both
[ASBR-PE1-GigabitEthernet0/0/0]ip binding vpn-instance vpn1
[ASBR-PE1-GigabitEthernet0/0/0]ip add 12.1.1.1 24
[ASBR-PE2]ip vpn-instance vpn1
[ASBR-PE2-vpn-instance-vpn1]ipv4-family
[ASBR-PE2-vpn-instance-vpn1-af-ipv4]route-distinguisher 200:2
[ASBR-PE2-vpn-instance-vpn1-af-ipv4]vpn-target 2:2
[ASBR-PE2-GigabitEthernet0/0/0]ip binding vpn-instance vpn1
[ASBR-PE2-GigabitEthernet0/0/0]ip add 12.1.1.2 24
[ASBR-PE1]bgp 100
[ASBR-PE1-bgp]ipv4-family vpn-instance vpn1
[ASBR-PE1-bgp-vpn1]peer 12.1.1.2 as-number 200
[ASBR-PE1-bgp-vpn1]import-route direct
[ASBR-PE2]bgp 200
[ASBR-PE2-bgp]ipv4-family vpn-instance vpn1
[ASBR-PE2-bgp-vpn1]peer 12.1.1.1 as-number 100
[ASBR-PE2-bgp-vpn1]import-route direct
检查配置