|
|
|
|
|
|
|
|
- CE1、CE3属于vpna。
|
|
|
- CE2、CE4属于vpnb。
|
|
|
- vpna使用的VPN-target属性为111:1,vpnb为222:2。
|
|
|
- 不同VPN用户之间不能互相访问。
|
|
|
|
|
|
PE1:
|
|
|
|
|
|
```
|
|
|
#
|
|
|
sysname PE1
|
|
|
#
|
|
|
ip vpn-instance vpna //创建VPN实例vpna
|
|
|
ipv4-family
|
|
|
route-distinguisher 100:1
|
|
|
vpn-target 111:1 export-extcommunity
|
|
|
vpn-target 111:1 import-extcommunity
|
|
|
#
|
|
|
ip vpn-instance vpnb //创建VPN实例vpnb
|
|
|
ipv4-family
|
|
|
route-distinguisher 100:2
|
|
|
vpn-target 222:2 export-extcommunity
|
|
|
vpn-target 222:2 import-extcommunity
|
|
|
#
|
|
|
mpls lsr-id 1.1.1.9 //配置MPLS
|
|
|
mpls
|
|
|
#
|
|
|
mpls ldp //建立LDP
|
|
|
#
|
|
|
interface Ethernet1/0/0 //绑定VPN实例
|
|
|
ip binding vpn-instance vpna
|
|
|
ip address 10.1.1.2 255.255.255.0
|
|
|
#
|
|
|
interface Ethernet2/0/0
|
|
|
ip binding vpn-instance vpnb //绑定VPN实例
|
|
|
ip address 10.2.1.2 255.255.255.0
|
|
|
#
|
|
|
interface Ethernet2/0/1 //接口使能MPLS
|
|
|
ip address 172.1.1.1 255.255.255.0
|
|
|
mpls
|
|
|
mpls ldp
|
|
|
#
|
|
|
interface LoopBack1
|
|
|
ip address 1.1.1.9 255.255.255.255
|
|
|
#
|
|
|
bgp 100 //配置MP-IBGP对等体
|
|
|
peer 3.3.3.9 as-number 100
|
|
|
peer 3.3.3.9 connect-interface LoopBack1
|
|
|
#
|
|
|
ipv4-family unicast
|
|
|
undo synchronization
|
|
|
peer 3.3.3.9 enable
|
|
|
#
|
|
|
ipv4-family vpnv4 //使能对等体交换VPNv4路由信息的能力
|
|
|
policy vpn-target
|
|
|
peer 3.3.3.9 enable
|
|
|
#
|
|
|
ipv4-family vpn-instance vpna //配置PE与CE之间建立EBGP对等体关系,引入VPN路由
|
|
|
peer 10.1.1.1 as-number 65410
|
|
|
import-route direct
|
|
|
#
|
|
|
ipv4-family vpn-instance vpnb //配置PE与CE之间建立EBGP对等体关系,引入VPN路由
|
|
|
peer 10.2.1.1 as-number 65420
|
|
|
import-route direct
|
|
|
#
|
|
|
ospf 1 //配置公网路由
|
|
|
area 0.0.0.0
|
|
|
network 172.1.1.0 0.0.0.255
|
|
|
network 1.1.1.9 0.0.0.0
|
|
|
#
|
|
|
return
|
|
|
```
|
|
|
|
|
|
P:
|
|
|
|
|
|
```
|
|
|
#
|
|
|
sysname P
|
|
|
#
|
|
|
mpls lsr-id 2.2.2.9 //配置MPLS
|
|
|
mpls
|
|
|
#
|
|
|
mpls ldp
|
|
|
#
|
|
|
interface Ethernet1/0/0
|
|
|
ip address 172.1.1.2 255.255.255.0
|
|
|
mpls
|
|
|
mpls ldp
|
|
|
#
|
|
|
interface Ethernet2/0/0
|
|
|
ip address 172.2.1.1 255.255.255.0
|
|
|
mpls
|
|
|
mpls ldp
|
|
|
#
|
|
|
interface LoopBack1
|
|
|
ip address 2.2.2.9 255.255.255.255
|
|
|
#
|
|
|
ospf 1 //配置公网路由
|
|
|
area 0.0.0.0
|
|
|
network 172.1.1.0 0.0.0.255
|
|
|
network 172.2.1.0 0.0.0.255
|
|
|
network 2.2.2.9 0.0.0.0
|
|
|
#
|
|
|
return
|
|
|
```
|
|
|
|
|
|
PE2:
|
|
|
|
|
|
```
|
|
|
#
|
|
|
sysname PE2
|
|
|
#
|
|
|
ip vpn-instance vpna //创建VPN实例vpna
|
|
|
ipv4-family
|
|
|
route-distinguisher 200:1
|
|
|
vpn-target 111:1 export-extcommunity
|
|
|
vpn-target 111:1 import-extcommunity
|
|
|
#
|
|
|
ip vpn-instance vpnb //创建VPN实例vpnb
|
|
|
ipv4-family
|
|
|
route-distinguisher 200:2
|
|
|
vpn-target 222:2 export-extcommunity
|
|
|
vpn-target 222:2 import-extcommunity
|
|
|
#
|
|
|
mpls lsr-id 3.3.3.9 //配置MPLS LSR
|
|
|
mpls
|
|
|
#
|
|
|
mpls ldp
|
|
|
#
|
|
|
interface Ethernet1/0/0 //绑定VPN实例
|
|
|
ip binding vpn-instance vpna
|
|
|
ip address 10.3.1.2 255.255.255.0
|
|
|
#
|
|
|
interface Ethernet2/0/0 //绑定VPN实例
|
|
|
ip binding vpn-instance vpnb
|
|
|
ip address 10.4.1.2 255.255.255.0
|
|
|
#
|
|
|
interface Ethernet2/0/1 //接口使能MPLS
|
|
|
ip address 172.2.1.2 255.255.255.0
|
|
|
mpls
|
|
|
mpls ldp
|
|
|
#
|
|
|
interface LoopBack1
|
|
|
ip address 3.3.3.9 255.255.255.255
|
|
|
#
|
|
|
bgp 100 //配置MP-IBGP对等体
|
|
|
peer 1.1.1.9 as-number 100
|
|
|
peer 1.1.1.9 connect-interface LoopBack1
|
|
|
#
|
|
|
ipv4-family unicast
|
|
|
undo synchronization
|
|
|
peer 1.1.1.9 enable
|
|
|
#
|
|
|
ipv4-family vpnv4 //使能对等体交换VPNv4路由信息的能力
|
|
|
policy vpn-target
|
|
|
peer 1.1.1.9 enable
|
|
|
#
|
|
|
ipv4-family vpn-instance vpna //配置PE与CE之间建立EBGP对等体关系,引入VPN路由
|
|
|
peer 10.3.1.1 as-number 65430
|
|
|
import-route direct
|
|
|
#
|
|
|
ipv4-family vpn-instance vpnb //配置PE与CE之间建立EBGP对等体关系,引入VPN路由
|
|
|
peer 10.4.1.1 as-number 65440
|
|
|
import-route direct
|
|
|
#
|
|
|
ospf 1 //配置公网路由
|
|
|
area 0.0.0.0
|
|
|
network 172.2.1.0 0.0.0.255
|
|
|
network 3.3.3.9 0.0.0.0
|
|
|
#
|
|
|
return
|
|
|
```
|
|
|
|
|
|
CE1:
|
|
|
|
|
|
```
|
|
|
#
|
|
|
sysname CE1
|
|
|
#
|
|
|
interface Ethernet1/0/0
|
|
|
ip address 10.1.1.1 255.255.255.0
|
|
|
#
|
|
|
bgp 65410 //在PE与CE之间建立EBGP对等体关系
|
|
|
peer 10.1.1.2 as-number 100
|
|
|
#
|
|
|
ipv4-family unicast
|
|
|
undo synchronization
|
|
|
import-route direct //引入直连路由
|
|
|
peer 10.1.1.2 enable
|
|
|
#
|
|
|
return
|
|
|
```
|
|
|
|
|
|
CE2:
|
|
|
|
|
|
```
|
|
|
#
|
|
|
sysname CE2
|
|
|
#
|
|
|
interface Ethernet1/0/0
|
|
|
ip address 10.2.1.1 255.255.255.0
|
|
|
#
|
|
|
bgp 65420 //在PE与CE之间建立EBGP对等体关系
|
|
|
peer 10.2.1.2 as-number 100
|
|
|
#
|
|
|
ipv4-family unicast
|
|
|
undo synchronization
|
|
|
import-route direct //引入直连路由
|
|
|
peer 10.2.1.2 enable
|
|
|
#
|
|
|
return
|
|
|
```
|
|
|
|
|
|
CE3:
|
|
|
|
|
|
```
|
|
|
#
|
|
|
sysname CE3
|
|
|
#
|
|
|
interface Ethernet1/0/0
|
|
|
ip address 10.3.1.1 255.255.255.0
|
|
|
#
|
|
|
bgp 65430 //在PE与CE之间建立EBGP对等体关系
|
|
|
peer 10.3.1.2 as-number 100
|
|
|
#
|
|
|
ipv4-family unicast
|
|
|
undo synchronization
|
|
|
import-route direct //引入直连路由
|
|
|
peer 10.3.1.2 enable
|
|
|
#
|
|
|
return
|
|
|
```
|
|
|
|
|
|
CE4:
|
|
|
|
|
|
```
|
|
|
#
|
|
|
sysname CE4
|
|
|
#
|
|
|
interface Ethernet1/0/0
|
|
|
ip address 10.4.1.1 255.255.255.0
|
|
|
#
|
|
|
bgp 65440 //在PE与CE之间建立EBGP对等体关系
|
|
|
peer 10.4.1.2 as-number 100
|
|
|
#
|
|
|
ipv4-family unicast
|
|
|
undo synchronization
|
|
|
import-route direct //引入直连路由
|
|
|
peer 10.4.1.2 enable
|
|
|
#
|
|
|
return
|
|
|
```
|
|
|
|
|
|
PE之间必须使用32位掩码的Loopback接口地址来建立MP-IBGP对等体关系,以便能够迭代到隧道
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
