![image-20220315174135837](https://xingdian-image.oss-cn-beijing.aliyuncs.com/xingdian-image/image-20220315174135837.png) - CE1、CE3属于vpna。 - CE2、CE4属于vpnb。 - vpna使用的VPN-target属性为111:1,vpnb为222:2。 - 不同VPN用户之间不能互相访问。 PE1: ``` # sysname PE1 # ip vpn-instance vpna //创建VPN实例vpna ipv4-family route-distinguisher 100:1 vpn-target 111:1 export-extcommunity vpn-target 111:1 import-extcommunity # ip vpn-instance vpnb //创建VPN实例vpnb ipv4-family route-distinguisher 100:2 vpn-target 222:2 export-extcommunity vpn-target 222:2 import-extcommunity # mpls lsr-id 1.1.1.9 //配置MPLS mpls # mpls ldp //建立LDP # interface Ethernet1/0/0 //绑定VPN实例 ip binding vpn-instance vpna ip address 10.1.1.2 255.255.255.0 # interface Ethernet2/0/0 ip binding vpn-instance vpnb //绑定VPN实例 ip address 10.2.1.2 255.255.255.0 # interface Ethernet2/0/1 //接口使能MPLS ip address 172.1.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # bgp 100 //配置MP-IBGP对等体 peer 3.3.3.9 as-number 100 peer 3.3.3.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 3.3.3.9 enable # ipv4-family vpnv4 //使能对等体交换VPNv4路由信息的能力 policy vpn-target peer 3.3.3.9 enable # ipv4-family vpn-instance vpna //配置PE与CE之间建立EBGP对等体关系,引入VPN路由 peer 10.1.1.1 as-number 65410 import-route direct # ipv4-family vpn-instance vpnb //配置PE与CE之间建立EBGP对等体关系,引入VPN路由 peer 10.2.1.1 as-number 65420 import-route direct # ospf 1 //配置公网路由 area 0.0.0.0 network 172.1.1.0 0.0.0.255 network 1.1.1.9 0.0.0.0 # return ``` P: ``` # sysname P # mpls lsr-id 2.2.2.9 //配置MPLS mpls # mpls ldp # interface Ethernet1/0/0 ip address 172.1.1.2 255.255.255.0 mpls mpls ldp # interface Ethernet2/0/0 ip address 172.2.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # ospf 1 //配置公网路由 area 0.0.0.0 network 172.1.1.0 0.0.0.255 network 172.2.1.0 0.0.0.255 network 2.2.2.9 0.0.0.0 # return ``` PE2: ``` # sysname PE2 # ip vpn-instance vpna //创建VPN实例vpna ipv4-family route-distinguisher 200:1 vpn-target 111:1 export-extcommunity vpn-target 111:1 import-extcommunity # ip vpn-instance vpnb //创建VPN实例vpnb ipv4-family route-distinguisher 200:2 vpn-target 222:2 export-extcommunity vpn-target 222:2 import-extcommunity # mpls lsr-id 3.3.3.9 //配置MPLS LSR mpls # mpls ldp # interface Ethernet1/0/0 //绑定VPN实例 ip binding vpn-instance vpna ip address 10.3.1.2 255.255.255.0 # interface Ethernet2/0/0 //绑定VPN实例 ip binding vpn-instance vpnb ip address 10.4.1.2 255.255.255.0 # interface Ethernet2/0/1 //接口使能MPLS ip address 172.2.1.2 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 3.3.3.9 255.255.255.255 # bgp 100 //配置MP-IBGP对等体 peer 1.1.1.9 as-number 100 peer 1.1.1.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 1.1.1.9 enable # ipv4-family vpnv4 //使能对等体交换VPNv4路由信息的能力 policy vpn-target peer 1.1.1.9 enable # ipv4-family vpn-instance vpna //配置PE与CE之间建立EBGP对等体关系,引入VPN路由 peer 10.3.1.1 as-number 65430 import-route direct # ipv4-family vpn-instance vpnb //配置PE与CE之间建立EBGP对等体关系,引入VPN路由 peer 10.4.1.1 as-number 65440 import-route direct # ospf 1 //配置公网路由 area 0.0.0.0 network 172.2.1.0 0.0.0.255 network 3.3.3.9 0.0.0.0 # return ``` CE1: ``` # sysname CE1 # interface Ethernet1/0/0 ip address 10.1.1.1 255.255.255.0 # bgp 65410 //在PE与CE之间建立EBGP对等体关系 peer 10.1.1.2 as-number 100 # ipv4-family unicast undo synchronization import-route direct //引入直连路由 peer 10.1.1.2 enable # return ``` CE2: ``` # sysname CE2 # interface Ethernet1/0/0 ip address 10.2.1.1 255.255.255.0 # bgp 65420 //在PE与CE之间建立EBGP对等体关系 peer 10.2.1.2 as-number 100 # ipv4-family unicast undo synchronization import-route direct //引入直连路由 peer 10.2.1.2 enable # return ``` CE3: ``` # sysname CE3 # interface Ethernet1/0/0 ip address 10.3.1.1 255.255.255.0 # bgp 65430 //在PE与CE之间建立EBGP对等体关系 peer 10.3.1.2 as-number 100 # ipv4-family unicast undo synchronization import-route direct //引入直连路由 peer 10.3.1.2 enable # return ``` CE4: ``` # sysname CE4 # interface Ethernet1/0/0 ip address 10.4.1.1 255.255.255.0 # bgp 65440 //在PE与CE之间建立EBGP对等体关系 peer 10.4.1.2 as-number 100 # ipv4-family unicast undo synchronization import-route direct //引入直连路由 peer 10.4.1.2 enable # return ``` PE之间必须使用32位掩码的Loopback接口地址来建立MP-IBGP对等体关系,以便能够迭代到隧道