R2/R3/R4的基础IP地址配置
R2:
[r2]int g 0/0/2
[r2-GigabitEthernet0/0/2]ip add 23.0.0.1 24
[r2-GigabitEthernet0/0/2]int l0
[r2-LoopBack0]ip add 2.2.2.2 24
R3:
[r3]int g 0/0/0
[r3-GigabitEthernet0/0/0]ip add 23.0.0.2 24
[r3-GigabitEthernet0/0/0]int l0
[r3-LoopBack0]ip add 3.3.3.3 24
[r3-LoopBack0]int g 0/0/1
[r3-GigabitEthernet0/0/1]ip add 34.0.0.2 24
R4:
[r4]int g 0/0/0
[r4-GigabitEthernet0/0/0]ip add 34.0.0.1 24
[r4-GigabitEthernet0/0/0]int l0
[r4-LoopBack0]ip add 4.4.4.4 24
[r4-LoopBack0]int g 4/0/0
[r4-GigabitEthernet4/0/0]ip add 47.0.0.2 24
R7:
[r7]int g 0/0/1
[r7-GigabitEthernet0/0/1]ip add 47.0.0.1 24
R2/R3/R4上运行ospf
R2:
[r2]ospf
[r2-ospf-1]area 0
[r2-ospf-1-area-0.0.0.0]network 23.0.0.0 0.0.0.255
[r2-ospf-1-area-0.0.0.0]network 2.2.2.2 0.0.0.0
R3:
[r3]ospf
[r3-ospf-1]area 0
[r3-ospf-1-area-0.0.0.0]network 23.0.0.0 0.0.0.255
[r3-ospf-1-area-0.0.0.0]network 34.0.0.0 0.0.0.255
[r3-ospf-1-area-0.0.0.0]network 3.3.3.3 0.0.0.0
R4:
[r4]ospf
[r4-ospf-1]area 0
[r4-ospf-1-area-0.0.0.0]network 34.0.0.0 0.0.0.255
[r4-ospf-1-area-0.0.0.0]network 4.4.4.4 0.0.0.0
[r4-ospf-1-area-0.0.0.0]network 47.0.0.0 0.0.0.255
MPLS VPN骨干区域的配置
配置MPLS的LSR ID并且激活MPLS和LDP
R2:
[r2]mpls lsr-id 2.2.2.2
[r2]mpls ---全局开启MPLS协议
[r2-mpls ]mpls ldp---全局激活LDP协议
[r2]int g 0/0/2
[r2-GigabitEthernet0/0/2]mpls
[r2-GigabitEthernet0/0/2]mpls ldp ---接口激活
R3:
[r3]mpls lsr-id 3.3.3.3
[r3]mpls
Info: Mpls starting, please wait... OK!
[r3-mpls]mpls ldp
[r3]int g 0/0/0
[r3-GigabitEthernet0/0/0]mpls
[r3-GigabitEthernet0/0/0]mpls ldp
[r3-GigabitEthernet0/0/0]int g 0/0/1
[r3-GigabitEthernet0/0/1]mpls
[r3-GigabitEthernet0/0/1]mpls ldp
R4:
[r4]mpls lsr-id 4.4.4.4
[r4]mpls
Info: Mpls starting, please wait... OK!
[r4-mpls]mpls ldp
[r4]int g 0/0/0
[r4-GigabitEthernet0/0/0]mpls
[r4-GigabitEthernet0/0/0]mpls ldp
创建VRF空间:
注意:要先绑定接口才能给接口配IP。如果先给接口配IP地址再绑定空间,绑定完空间之后IP地址会溢出,需要重新配IP。
R2上创建空间a和b:
[r2]ip vpn-instance a
[r2-vpn-instance-a]route-distinguisher 100:100
[r2-vpn-instance-a-af-ipv4]vpn-target 100:1 both
[r2]ip vpn-instance b
[r2-vpn-instance-b]route-distinguisher 200:200
[r2-vpn-instance-b-af-ipv4]vpn-target 200:1 both
将R2的接口划入到VRF空间:
[r2]int g 0/0/0
[r2-GigabitEthernet0/0/0]ip binding vpn-instance a
[r2-GigabitEthernet0/0/0]ip add 192.168.2.2 24
[r2]int g 0/0/1
[r2-GigabitEthernet0/0/1]ip binding vpn-instance b
[r2-GigabitEthernet0/0/1]ip add 172.16.2.1 24
R4上创建空间a和b:
[r4]ip vpn-instance a
[r4-vpn-instance-a]route-distinguisher 100:100
[r4-vpn-instance-a-af-ipv4]vpn-target 100:1 both
[r4]ip vpn-instance b
[r4-vpn-instance-b]route-distinguisher 200:200
[r4-vpn-instance-b-af-ipv4]vpn-target 200:1 both
将R4的接口划入到VRF空间:
[r4]int g 0/0/1
[r4-GigabitEthernet0/0/1]ip binding vpn-instance a
[r4-GigabitEthernet0/0/1]ip add 192.168.3.1 24
[r4-GigabitEthernet0/0/1]int g 0/0/2
[r4-GigabitEthernet0/0/2]ip binding vpn-instance b
[r4-GigabitEthernet0/0/2]ip add 172.16.3.1 24
其他路由的IP地址配置
R1:
[r1]int g 0/0/0
[r1-GigabitEthernet0/0/0]ip add 192.168.2.1 24
[r1-GigabitEthernet0/0/0]int l0
[r1-LoopBack0]ip add 192.168.1.1 24
R5:
[r5]int g 0/0/0
[r5-GigabitEthernet0/0/0]ip add 192.168.3.2 24
[r5-GigabitEthernet0/0/0]int l0
[r5-LoopBack0]ip add 192.168.4.1 24
R6:
[r6]int g 0/0/0
[r6-GigabitEthernet0/0/0]ip add 172.16.2.2 24
[r6-GigabitEthernet0/0/0]int l0
[r6-LoopBack0]ip add 172.16.1.1 24
R7:
[r7]int g 0/0/0
[r7-GigabitEthernet0/0/0]ip add 172.16.3.2 24
[r7-GigabitEthernet0/0/0]int l0
[r7-LoopBack0]ip add 172.16.4.1 24
R1和R5采用静态路由的方式传递私网路由
对于R1来说,192.168.1.0和192.168.2.0是直连,不知道的是192.168.3.0和192.168.4.0,所以这两个需要手工配置静态路由(R5同理)
R1:
[r1]ip route-static 192.168.3.0 24 192.168.2.2
[r1]ip route-static 192.168.4.0 24 192.168.2.2
R2:
[r2]ip route-static vpn-instance a 192.168.1.0 24 192.168.2.1---不会出现在全局路由表中,但会出现在VPN-instance a的路由表中
R5:
[r5]ip route-static 192.168.1.0 24 192.168.3.1
[r5]ip route-static 192.168.2.0 24 192.168.3.1
R4:
[r4]ip route-static vpn-instance a 192.168.4.0 24 192.168.3.2
在R2和R4上启动bgp进程,并建立对等体关系
R2:
[r2]bgp 1
[r2-bgp]router-id 2.2.2.2
[r2-bgp]peer 4.4.4.4 as 1
[r2-bgp]peer 4.4.4.4 connect-interface LoopBack 0
R4:
[r4]bgp 1
[r4-bgp]router-id 4.4.4.4
[r4-bgp]peer 2.2.2.2 as 1
[r4-bgp]peer 2.2.2.2 connect-interface LoopBack 0
启动MP-BGP并在VPN空间中导入路由
R2:
[r2-bgp]ipv4-family vpnv4---启动MP-BGP
[r2-bgp-af-vpnv4]peer 4.4.4.4 enable
[r2-bgp]ipv4-family vpn-instance a---在VPN空间中导入路由
[r2-bgp-a]import-route direct
[r2-bgp-a]import-route static
R4:
[r4-bgp]ipv4-family vpnv4
[r4-bgp-af-vpnv4]peer 2.2.2.2 enable
[r4-bgp]ipv4-family vpn-instance a
[r4-bgp-a]import-route direct
[r4-bgp-a]import-route static
客户a互相之间已经通了,R1可以正常访问R5
R6通过rip将私网路由传递给PE设备
R6:
[r6]rip
[r6-rip-1]version 2
[r6-rip-1]network 172.16.0.0
R2:
[r2]rip 1 vpn-instance b
[r2-rip-1]version 2
[r2-rip-1]network 172.16.0.0
R7通过ospf将私网路由传递给PE设备
R7:
[r7]ospf 1 router-id 7.7.7.7
[r7-ospf-1]area 0
[r7-ospf-1-area-0.0.0.0]network 172.16.0.0 0.0.255.255
R4:因为R4上已经存在ospf进程1在全局里面,所以这次要用不同的ospf进程号
[r4]ospf 2 vpn-instance b router-id 4.4.4.4
[r4-ospf-2]area 0
[r4-ospf-2-area-0.0.0.0]network 172.16.0.0 0.0.255.255
rip要将路由信息通过bgp传递给ospf,ospf也要将路由信息通过bgp传递给rip,所以需要在R2和R4上做一个双向重发布
R2:
[r2]bgp 1
[r2-bgp]ipv4-family vpn-instance b
[r2-bgp-b]import-route rip 1
[r2]rip
[r2-rip-1]import-route bgp
R4:
[r4]bgp 1
[r4-bgp]ipv4-family vpn-instance b
[r4-bgp-b]import-route ospf 2
[r4]ospf 2
[r4-ospf-2]import-route bgp
此时R6和R7后面的私网就可以通
R7单独拉一根网线保证可以访问公网,R7可以访问R2/R3/R4环回
私网要想访问公网就需要一条缺省[r7]ip route-static 0.0.0.0 0 47.0.0.2
此时R7就可以访问R2/R3/R4的环回