MPLS VPN Hub and Spoke实验
实验拓扑
实验要求
1.R6与R7通信需要经过R1,不可以直通 2.HUB-CE,SPOKE-CE在同一个AS(allow -as-loop的合理使用) 3.各个PE与CE之间均为EBGP关系(也可以做IBGP,OSPF)
配置
1.R2,3,4,5配置路由,并启用ospf
2.PE之间配置MP-BGP邻居关系
(减少IBGP邻居的建立使用 RR 反射器,其中R2充当反射器最为合适)
3.R2,3,4,5启用MPLS
3.SPOKE-PE配置VPN实例,并进入接口进行绑定
4.HUB-PE上配置只进的VPN实例,和只出的VPN实例
5.配置PE与CE间路由交换(允许路由环路)
测试:
R2上dis bgp vpnv4 vpn-instance in routing-table
R2上dis bgp vpnv4 vpn-instance out routing-table
R6pingR7
全部配置:
R1
#sysname R1
#
interface GigabitEthernet0/0/0ip address 10.1.12.1 255.255.255.0
#
interface GigabitEthernet0/0/1ip address 10.2.12.1 255.255.255.0
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0ip address 10.1.1.1 255.255.255.0
#
bgp 10peer 10.1.12.2 as-number 100 peer 10.2.12.2 as-number 100 #ipv4-family unicastundo synchronizationnetwork 10.1.1.0 255.255.255.0 peer 10.1.12.2 enablepeer 10.1.12.2 allow-as-looppeer 10.2.12.2 enablepeer 10.2.12.2 allow-as-loop
#
R2
#sysname R2
#
ip vpn-instance inipv4-familyroute-distinguisher 2:2vpn-target 1:1 1:2 import-extcommunity
#
ip vpn-instance outipv4-familyroute-distinguisher 2:1vpn-target 2:1 export-extcommunity
#
mpls lsr-id 10.2.2.2
mpls
#
mpls ldp
#
interface GigabitEthernet0/0/0ip binding vpn-instance inip address 10.1.12.2 255.255.255.0
#
interface GigabitEthernet0/0/1ip binding vpn-instance outip address 10.2.12.2 255.255.255.0
#
interface GigabitEthernet0/0/2ip address 10.1.23.1 255.255.255.0 mplsmpls ldp
#
interface NULL0
#
interface LoopBack0ip address 10.2.2.2 255.255.255.0
#
bgp 100peer 10.4.4.4 as-number 100 peer 10.4.4.4 connect-interface LoopBack0peer 10.5.5.5 as-number 100 peer 10.5.5.5 connect-interface LoopBack0#ipv4-family unicastundo synchronizationpeer 10.4.4.4 enablepeer 10.4.4.4 reflect-clientpeer 10.4.4.4 next-hop-local peer 10.5.5.5 enablepeer 10.5.5.5 reflect-clientpeer 10.5.5.5 next-hop-local # ipv4-family vpnv4policy vpn-targetpeer 10.4.4.4 enablepeer 10.4.4.4 reflect-clientpeer 10.5.5.5 enablepeer 10.5.5.5 reflect-client#ipv4-family vpn-instance in peer 10.1.12.1 as-number 10 #ipv4-family vpn-instance out peer 10.2.12.1 as-number 10 peer 10.2.12.1 allow-as-loop 2
#
ospf 1 router-id 2.2.2.2 area 0.0.0.0 network 10.1.23.0 0.0.0.255 network 10.2.2.2 0.0.0.0
#
R3
#sysname R3
#
mpls lsr-id 10.3.3.3
mpls
#
mpls ldp
#
interface GigabitEthernet0/0/0ip address 10.1.23.2 255.255.255.0 mplsmpls ldp
#
interface GigabitEthernet0/0/1ip address 10.1.34.2 255.255.255.0 mplsmpls ldp
#
interface GigabitEthernet0/0/2ip address 10.1.35.2 255.255.255.0 mplsmpls ldp
#
interface NULL0
#
interface LoopBack0ip address 10.3.3.3 255.255.255.0
#
ospf 1 router-id 3.3.3.3 area 0.0.0.0 network 10.1.23.0 0.0.0.255 network 10.1.34.0 0.0.0.255 network 10.1.35.0 0.0.0.255 network 10.3.3.3 0.0.0.0
#
R4
#sysname R4
#
ip vpn-instance spokeipv4-familyroute-distinguisher 1:1vpn-target 1:1 export-extcommunityvpn-target 2:1 import-extcommunity
#
mpls lsr-id 10.4.4.4
mpls
#
mpls ldp
#interface GigabitEthernet0/0/0ip address 10.1.34.1 255.255.255.0 mplsmpls ldp
#
interface GigabitEthernet0/0/1ip binding vpn-instance spokeip address 10.1.46.2 255.255.255.0
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0ip address 10.4.4.4 255.255.255.0
#
bgp 100peer 10.2.2.2 as-number 100 peer 10.2.2.2 connect-interface LoopBack0#ipv4-family unicastundo synchronizationpeer 10.2.2.2 enablepeer 10.2.2.2 next-hop-local peer 10.2.2.2 allow-as-loop# ipv4-family vpnv4policy vpn-targetpeer 10.2.2.2 enable#ipv4-family vpn-instance spoke peer 10.1.46.1 as-number 10 peer 10.1.46.1 allow-as-loop
#
ospf 1 router-id 4.4.4.4 area 0.0.0.0 network 10.1.34.0 0.0.0.255 network 10.4.4.4 0.0.0.0
#
R5
#sysname R5
#
ip vpn-instance spokeipv4-familyroute-distinguisher 1:2vpn-target 1:2 export-extcommunityvpn-target 2:1 import-extcommunity
#
mpls lsr-id 10.5.5.5
mpls
#
mpls ldp
#
interface GigabitEthernet0/0/0ip address 10.1.35.1 255.255.255.0 mplsmpls ldp
#
interface GigabitEthernet0/0/1ip binding vpn-instance spokeip address 10.1.57.2 255.255.255.0
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0ip address 10.5.5.5 255.255.255.0
#
bgp 100peer 10.2.2.2 as-number 100 peer 10.2.2.2 connect-interface LoopBack0#ipv4-family unicastundo synchronizationpeer 10.2.2.2 enablepeer 10.2.2.2 next-hop-local peer 10.2.2.2 allow-as-loop# ipv4-family vpnv4policy vpn-targetpeer 10.2.2.2 enable#ipv4-family vpn-instance spoke peer 10.1.57.1 as-number 10 peer 10.1.57.1 allow-as-loop
#
ospf 1 router-id 5.5.5.5 area 0.0.0.0 network 10.1.35.0 0.0.0.255 network 10.5.5.5 0.0.0.0
#
R6
#sysname R6
#
interface GigabitEthernet0/0/0ip address 10.1.46.1 255.255.255.0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0ip address 10.6.6.6 255.255.255.0
#
bgp 10peer 10.1.46.2 as-number 100 #ipv4-family unicastundo synchronizationnetwork 10.6.6.0 255.255.255.0 peer 10.1.46.2 enablepeer 10.1.46.2 allow-as-loop 2# ipv4-family vpnv4policy vpn-target
#
R7
#sysname R7
#
interface GigabitEthernet0/0/0ip address 10.1.57.1 255.255.255.0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0ip address 10.7.7.7 255.255.255.0
#
bgp 10peer 10.1.57.2 as-number 100 #ipv4-family unicastundo synchronizationnetwork 10.7.7.0 255.255.255.0 peer 10.1.57.2 enablepeer 10.1.57.2 allow-as-loop 2
#
支付宝扫一扫
微信扫一扫
.png)
.png)
