华为BGP MPLS VPN实战
1. 实验拓扑:
使用eNSP模拟器(版本号:1.2.00.350 V100R002C00)+AR3260
2. 实验需求:
a) 运营商使用ISIS协议互通
b) A公司AR4和AR5与运营商AR1之间使用RIP协议传路由
c) 使用BGP MPLS VPN协议让A公司之间私网通信、B公司之间私网通信
3. 实验步骤:
a) IP地址规划如下:
AR1 | GE0/0/0 | 12.0.0.1/24 | AR3 | GE0/0/0 | 23.0.0.3/24 |
GE0/0/1 | 192.168.10.1/24 | GE0/0/1 | 192.168.20.1/24 | ||
GE0/0/2 | 192.168.30.1/24 | GE0/0/2 | 192.168.20.1/24 | ||
GE4/0/0 | 192.168.10.1/24 | Loopback1 | 3.3.3.3/32 | ||
Loopback1 | 1.1.1.1/32 | ||||
AR2 | GE0/0/0 | 23.0.0.2/24 | AR4 | GE0/0/0 | 192.168.10.10/24 |
GE0/0/1 | 12.0.0.2/24 | ||||
Loopback1 | 2.2.2.2/32 | Loopback1 | 4.4.4.4/24 | ||
AR5 | GE0/0/0 | 192.168.30.10/24 | AR7 | GE0/0/0 | 192.168.20.10/24 |
Loopback1 | 5.5.5.5/24 | Loopback1 | 7.7.7.7/24 | ||
AR6 | GE0/0/0 | 192.168.10.10/24 | AR8 | GE0/0/0 | 192.168.20.10/24 |
Loopback1 | 6.6.6.6/24 | Loopback1 | 8.8.8.8/24 |
b) 配置脚本如下:
AR1
<Huawei>sy//进入系统视图
[Huawei]sysnameAR1 //修改设备名称
[AR1]intg0/0/0 //进入接口视图
[AR1-GigabitEthernet0/0/0]ipadd 12.0.0.1 24 //配置接口IP地址
[AR1-GigabitEthernet0/0/0]intLoopBack 1
[AR1-LoopBack1]ipadd 1.1.1.1 32
AR2
<Huawei>sy
[Huawei]sysnameAR2
[AR2]intg0/0/1
[AR2-GigabitEthernet0/0/1]ipadd 12.0.0.2 24
[AR2-GigabitEthernet0/0/1]intg0/0/0
[AR2-GigabitEthernet0/0/0]ipadd 23.0.0.2 24
[AR2-GigabitEthernet0/0/0]intLoopBack 1
[AR3-LoopBack1]ipadd 2.2.2.2 32
AR3
<Huawei>sy
[Huawei]sysnameAR3
[AR3]intg0/0/0
[AR3-GigabitEthernet0/0/0]ipadd 23.0.0.3 24
[AR3-GigabitEthernet0/0/0]intLoopBack 1
[AR3-LoopBack1]ipadd 3.3.3.3 32
AR4
<Huawei>sy
[Huawei]sysnameAR4
[AR4]intg0/0/0
[AR4-GigabitEthernet0/0/0]ipadd 192.168.10.10 24
[AR4-GigabitEthernet0/0/0]intLoopBack 1
[AR4-LoopBack1]ipadd 4.4.4.4 24
AR5
<Huawei>sy
[Huawei]sysnameAR5
[AR5]intg0/0/0
[AR5-GigabitEthernet0/0/0]ipadd 192.168.30.10 24
[AR5-GigabitEthernet0/0/0]intLoopBack 1
[AR5-LoopBack1]ipadd 5.5.5.5 24
AR6
<Huawei>sy
[Huawei]sysnameAR6
[AR6]intg0/0/0
[AR6-GigabitEthernet0/0/0]ipadd 192.168.10.10 24
[AR6-GigabitEthernet0/0/0]intLoopBack 1
[AR6-LoopBack1]ipadd 6.6.6.6 24
[AR6-LoopBack1]q
[AR6]iproute-static 0.0.0.0 0 192.168.10.1
AR7
<Huawei>sy
[Huawei]sysnameAR7
[AR7]intg0/0/0
[AR7-GigabitEthernet0/0/0]ipadd 192.168.20.10 24
[AR7-GigabitEthernet0/0/0]intLoopBack 1
[AR7-LoopBack1]ipadd 7.7.7.7 24
[AR7-LoopBack1]q
[AR7]ip route-static 0.0.0.0 0 192.168.20.1
AR8
<Huawei>sy
[Huawei]sysname AR8
[AR8]int g0/0/0
[AR8-GigabitEthernet0/0/0]ip add 192.168.20.10 24
[AR8-GigabitEthernet0/0/0]intLoopBack 1
[AR8-LoopBack1]ipadd 8.8.8.8 24
[AR8-LoopBack1]q
[AR8]iproute-static 0.0.0.0 0 192.168.20.1
-----------------------以上是IP地址及路由配置------------------------
AR1
[AR1]isis //指定IS-IS进程,进入IS-IS视图
[AR1-isis-1]net49.0001.0001.0001.00 //设置网络实体名称
[AR1-isis-1]is-levellevel-2 //设置路由器的Level级别
[AR1-isis-1]intg0/0/0
[AR1-GigabitEthernet0/0/0]isisenable //设置指定接开启IS-IS
[AR1-GigabitEthernet0/0/0]intLoopBack 1
[AR1-LoopBack1]isis enable
AR2
[AR2]isis
[AR2-isis-1]net49.0001.0001.0002.00
[AR2-isis-1]is-levellevel-2
[AR2-isis-1]intg0/0/0
[AR2-GigabitEthernet0/0/0]isisenable
[AR2-GigabitEthernet0/0/0]intg0/0/1
[AR2-GigabitEthernet0/0/1]isisenable
[AR2-GigabitEthernet0/0/1]intlo 1
[AR2-LoopBack1]isisenable
AR3
[AR3]isis
[AR3-isis-1]net49.0001.0001.0003.00
[AR3-isis-1]is-levellevel-2
[AR3-isis-1]intg0/0/0
[AR3-GigabitEthernet0/0/0]isisenable
[AR3-GigabitEthernet0/0/0]intLoopBack 1
[AR3-LoopBack1]ipadd 3.3.3.3 32
[AR3]disip routing-table //查看路由表
-------------一上是ISIS协议配置---------------
AR1
[AR1]ipvpn-instance vpna //创建VPN实例,并进入VPN实例视图
[AR1-vpn-instance-vpna]ipv4-family//进入VPN实例IPv4地址族视图
[AR1-vpn-instance-vpna-af-ipv4]route-distinguisher100:1 //配置VPN实例IPv4地址族的RD
[AR1-vpn-instance-vpna-af-ipv4]vpn-target100:1 //为VPN实例IPv4地址族配置VPN-target扩展团体属性
[AR1-vpn-instance-vpna-af-ipv4]intg0/0/1 //进入要绑定VPN实例的接口
[AR1-GigabitEthernet0/0/1]ipbinding vpn-instance vpna //将当前接口与VPN实例绑定
[AR1-GigabitEthernet0/0/1]ipadd 192.168.10.1 24 //配置接口的IP地址
[AR1-GigabitEthernet0/0/1]intg0/0/2
[AR1-GigabitEthernet0/0/2]ipbinding vpn-instance vpna
[AR1-GigabitEthernet0/0/2]ipadd 192.168.30.1 24
[AR1-GigabitEthernet0/0/2]q
[AR1]ipvpn-instance vpnb
[AR1-vpn-instance-vpnb]ipv4-family
[AR1-vpn-instance-vpnb-af-ipv4]route-distinguisher200:1
[AR1-vpn-instance-vpnb-af-ipv4]vpn-target200:1
[AR1-vpn-instance-vpnb-af-ipv4]intg4/0/0
[AR1-GigabitEthernet4/0/0]ipbinding vpn-instance vpnb
[AR1-GigabitEthernet4/0/0]ipadd 192.168.10.1 24
[AR1-GigabitEthernet4/0/0]disip int b //查看接口配置
AR3
[AR3]ipvpn-instance vpna
[AR3-vpn-instance-vpnb]ipv4-family
[AR3-vpn-instance-vpna-af-ipv4]route-distinguisher100:1
[AR3-vpn-instance-vpna-af-ipv4]vpn-target100:1
[AR3-vpn-instance-vpna-af-ipv4]intg0/0/1
[AR3-GigabitEthernet0/0/1]ipbinding vpn-instance vpna
[AR3-GigabitEthernet0/0/1]ipadd 192.168.20.1 24
[AR3-GigabitEthernet0/0/1]q
[AR3]ipvpn-instance vpnb
[AR3-vpn-instance-vpnb]ipv4-family
[AR3-vpn-instance-vpnb-af-ipv4]route-distinguisher200:1
[AR3-vpn-instance-vpnb-af-ipv4]vpn-target200:1
[AR3-vpn-instance-vpnb-af-ipv4]intg0/0/2
[AR3-GigabitEthernet0/0/2]ipbinding vpn-instance vpnb
[AR3-GigabitEthernet0/0/2]ipadd 192.168.20.1 24
[AR3]disip int b
------------------以上是VPN划分及IP地址配置---------------
AR1
<AR1>sy
[AR1]ripvpn-instance vpna
[AR1-rip-1]version2
[AR1-rip-1]unsummary
[AR1-rip-1]net192.168.10.0
[AR1-rip-1]net192.168.30.0
AR4
<AR4>sy
[AR4]rip
[AR4-rip-1]version2
[AR4-rip-1]unsummary
[AR4-rip-1]net192.168.10.0
[AR4-rip-1]net 4.0.0.0
AR5
<AR5>sy
[AR5]rip
[AR5-rip-1]version2
[AR5-rip-1]unsummary
[AR5-rip-1]net192.168.30.0
[AR5-rip-1]net 5.0.0.0
AR1
[AR1]iproute-static vpn-instance vpnb 6.6.6.0 24 192.168.10.10
AR3
[AR3]iproute-static vpn-instance vpna 7.7.7.0 24 192.168.20.10
[AR3]iproute-static vpn-instance vpnb 8.8.8.0 24 192.168.20.10
-------------------以上是RIP及路由配置-------------------
[AR1]bgp 65001 //进入BGP视图
[AR1-bgp]peer3.3.3.3 as-number 65001 //将对端配置为对等体
[AR1-bgp]peer3.3.3.3 connect-interface lo 1 //指定建立连接的接口
[AR1-bgp]ipv4-familyvpnv4 //进入BGP-VPNv4子地址族视图
[AR1-bgp-af-vpnv4]peer3.3.3.3 enable //使对等体交换VPNv4路由信息
[AR1-bgp-af-vpnv4]q
[AR1-bgp]ipv4-familyvpn-instance vpna
[AR1-bgp-vpna]import-routerip 1 //把RIP引入到本地的路由
[AR1-bgp-vpna]q
[AR1-bgp]ipv4-familyvpn-instance vpnb
[AR1-bgp-vpnb]import-routedirect
[AR1-bgp-vpnb]import-routestatic
[AR1-bgp-vpnb]q
[AR1-bgp]q
[AR1]ripvpn-instance vpna
[AR1-rip-1]import-routebgp
AR3
[AR3]bgp65001
[AR3-bgp]peer1.1.1.1 as-number 65001
[AR3-bgp]peer1.1.1.1 connect-interface lo 1
[AR3-bgp]ipv4-familyvpnv4
[AR3-bgp-af-vpnv4]peer1.1.1.1 enable
[AR3-bgp-af-vpnv4]q
[AR3-bgp]ipv4-familyvpn-instance vpna
[AR3-bgp-vpna]import-routedirect
[AR3-bgp-vpna]import-routestatic
[AR3-bgp-vpna]q
[AR3-bgp]ipv4-familyvpn-instance vpnb
[AR3-bgp-vpnb]import-routedirect
[AR3-bgp-vpnb]import-routestatic
-------------------以上是间bgp邻居及路由引入---------------------------
AR1
[AR1]mplslsr-id 1.1.1.1 //指定MPLS的ID
[AR1]mpls //开启MPLS
[AR1-mpls]mpls ldp //开启MPLS ldp标签
[AR1-mpls-ldp]intg0/0/0
[AR1-GigabitEthernet0/0/0]mpls
[AR1-GigabitEthernet0/0/0]mplsldp
[AR1-GigabitEthernet0/0/0]intg0/0/1
[AR1-GigabitEthernet0/0/1]mpls
[AR1-GigabitEthernet0/0/1]mplsldp
AR2
[AR2]mpls lsr-id 2.2.2.2
[AR2]mpls
[AR2-mpls]mpls ldp
[AR2-mpls-ldp]intg0/0/0
[AR2-GigabitEthernet0/0/0]mpls
[AR2-GigabitEthernet0/0/0]mplsldp
[AR2-GigabitEthernet0/0/0]intg0/0/1
[AR2-GigabitEthernet0/0/1]mpls
[AR2-GigabitEthernet0/0/1]mplsldp
[AR3]mpls lsr-id 3.3.3.3
[AR3]mpls
[AR3-mpls]mpls ldp
[AR3-mpls-ldp]intg0/0/0
[AR3-GigabitEthernet0/0/0]mpls
[AR3-GigabitEthernet0/0/0]mpls ldp
---------------以上是开启mpls ldp--------------
查看路由是否引入
AR4
AR5
AR1
AR3
4. 结果验证:
a) A公司之间私网通信
b) B公司之间私网通信
c) A公司与B公司之间私网通信
本文出自 “波仔网络技术” 博客,请务必保留此出处http://bozai666.blog.51cto.com/10138815/1657968
郑重声明:本站内容如果来自互联网及其他传播媒体,其版权均属原媒体及文章作者所有。转载目的在于传递更多信息及用于网络分享,并不代表本站赞同其观点和对其真实性负责,也不构成任何其他建议。
