应用场景描述
该场景拓扑中,为中小型企业总部(Hub)和两个分公司Spoke 1和Spoke 2,它们分布在不同的地域,并且总部和分公司的子网环境经常变化。总部希望采用专线接入公网,分公司采用动态地址接入公网,规划采用OSPF路由协议能够在实现分公司与总部之间的VPN互联的同时,分公司之间也能够建立VPN互联。
配置思路及步骤
一、配置各设备接口IP(含隧道接口),Hub和两个Spoke 间的公网路由,采用ospf协议。
【Hub】
<Huawei>system-view
[Huawei]sysname Hub
[Hub-GigabitEthernet0/0/1]ip address 202.210.1.1 24 //配置Hub公网口ip
[Hub-GigabitEthernet0/0/2]ip address 10.1.1.1 24 //配置Hub子网口ip
[Hub-Tunnel0/0/0]ip address 192.168.1.1 24 //配置隧道口ip
[Hub]ospf 2 //配置Hub连接公网OSPF路由
[Hub-ospf-2]area 1
[Hub-ospf-2-area-0.0.0.1]network 202.210.1.0 0.0.0.255
【Spoke 1】
<Huawei>system-view
[Huawei]sysname Spoke 1
[Spoke 1-GigabitEthernet0/0/1]ip address 202.210.2.1 24
[Spoke 1-GigabitEthernet0/0/2]ip address 20.1.1.1 24
[Spoke 1-Tunnel0/0/0]ip address 192.168.1.2 24
[Spoke 1]ospf 2
[Spoke 1-ospf-2]area 1
[Spoke 1-ospf-2-area-0.0.0.1]network 202.210.2.0 0.0.0.255
【Spoke 2】
<Huawei>system-view
[Huawei]sysname Spoke 2
[Spoke 2-GigabitEthernet0/0/1]ip address 202.210.3.1 24
[Spoke 2-GigabitEthernet0/0/2]ip address 30.1.1.1 24
[Spoke 2-Tunnel0/0/0]ip address 192.168.1.3 24
[Spoke 2]ospf 2
[Spoke 2-ospf-2]area 1
[Spoke 2-ospf-2-area-0.0.0.1]network 202.210.3.0 0.0.0.255
【Internet】
<Huawei>system-view
[Huawei]sysname Internet //配置模拟公网路由接口IP
[Internet-GigabitEthernet0/0/0]ip address 202.210.1.2 24
[Internet-GigabitEthernet0/0/1]ip address 202.210.2.2 24
[Internet-GigabitEthernet0/0/2]ip address 202.210.3.2 24
[Internet]ospf 2 //配置模拟公网OSPF路由
[Internet-ospf-2]area 1
[Internet-ospf-2-area-0.0.0.1]network 202.210.1.0 0.0.0.255
[Internet-ospf-2-area-0.0.0.1]network 202.210.2.0 0.0.0.255
[Internet-ospf-2-area-0.0.0.1]network 202.210.3.0 0.0.0.255
二、使用OSPF路由协议通告本地子网和tunnel口的网段,注意要区别与公网路由进程,
配置各个设备上的mGRE Tunnel接口与NHRP协议。
【Hub】
[Hub]ospf 1 router-id 192.168.1.1 //配置Hub的OSPF路由ID号为mGRE隧道接口IP
[Hub-ospf-1]area 0
[Hub-ospf-1-area-0.0.0.0]network 192.168.1.0 0.0.0.255 //通告Hub mGRE隧道IP网段。
[Hub-ospf-1-area-0.0.0.0]network 10.1.1.0 0.0.0.255 //通告Hub 子网IP网段
[Hub-Tunnel0/0/0]tunnel-protocol gre p2mp //配置mGRE隧道协议为 GER p2mp
[Hub-Tunnel0/0/0]source GigabitEthernet 0/0/1 //指定 mGRE隧道源端为Hub公网接口
[Hub-Tunnel0/0/0]nhrp entry multicast dynamic //允许Spoke 在Hub上进行动态注册
[Hub-Tunnel0/0/0]ospf network-type broadcast //配置 mGRE隧道接口为OSPF广播网络类型
[Hub-Tunnel0/0/0]ospf dr-priority 100 //配置 mGRE隧道接口DR优先为100 为最高
【Spoke 1】
[Spoke 1]ospf 1 router-id 192.168.1.2
[Spoke 1-ospf-1]area 0
[Spoke 1-ospf-1-area-0.0.0.0]network 192.168.1.0 0.0.0.255
[Spoke 1-ospf-1-area-0.0.0.0]network 20.1.1.0 0.0.0.255
[Spoke 1-Tunnel0/0/0]tunnel-protocol gre p2mp//配置mGRE隧道协议为 GER p2mp
[Spoke 1-Tunnel0/0/0]source GigabitEthernet 0/0/1
[Spoke 1-Tunnel0/0/0]nhrp entry 192.168.1.1 202.210.1.1 register //配置 静态NHRP peer表项并向Hub发起NHRP动态注册。
[Spoke 1-Tunnel0/0/0]ospf network-type broadcast//配置 mGRE隧道接口为OSPF广播网络类型
[Spoke 1-Tunnel0/0/0]ospf dr-priority 0 //配置 mGRE隧道接口DR优先为0
【Spoke 2】
[Spoke 2]ospf 1 router-id 192.168.1.3
[Spoke 2-ospf-1]area 0
[Spoke 2-ospf-1-area-0.0.0.0]network 192.168.1.0 0.0.0.255
[Spoke 2-ospf-1-area-0.0.0.0]network 30.1.1.0 0.0.0.255
[Spoke 2-Tunnel0/0/0]tunnel-protocol gre p2mp
[Spoke 2-Tunnel0/0/0]source GigabitEthernet 0/0/1
[Spoke 2-Tunnel0/0/0]nhrp entry 192.168.1.1 202.210.1.1 register
[Spoke 2-Tunnel0/0/0]ospf network-type broadcast
[Spoke 2-Tunnel0/0/0]ospf dr-priority 0
三、配置验证
1、验证设备上的NHRP peer
<Spoke 1>display nhrp peer all
-------------------------------------------------------------------------------
Protocol-addr Mask NBMA-addr NextHop-addr Type Flag
-------------------------------------------------------------------------------
192.168.1.1 32 202.210.1.1 192.168.1.1 static hub
-------------------------------------------------------------------------------
Tunnel interface: Tunnel0/0/0
Created time : 00:23:38
Expire time : --
Number of nhrp peers: 1
<Spoke 2>display nhrp peer all
-------------------------------------------------------------------------------
Protocol-addr Mask NBMA-addr NextHop-addr Type Flag
-------------------------------------------------------------------------------
192.168.1.1 32 202.210.1.1 192.168.1.1 static hub
-------------------------------------------------------------------------------
Tunnel interface: Tunnel0/0/0
Created time : 00:14:51
Expire time : --
Number of nhrp peers: 1
<Hub>display nhrp peer all
-------------------------------------------------------------------------------
Protocol-addr Mask NBMA-addr NextHop-addr Type Flag
-------------------------------------------------------------------------------
192.168.1.2 32 202.210.2.1 192.168.1.2 dynamic route tunnel
-------------------------------------------------------------------------------
Tunnel interface: Tunnel0/0/0
Created time : 00:00:35
Expire time : 01:59:25
-------------------------------------------------------------------------------
Protocol-addr Mask NBMA-addr NextHop-addr Type Flag
-------------------------------------------------------------------------------
192.168.1.3 32 202.210.3.1 192.168.1.3 dynamic route tunnel
-------------------------------------------------------------------------------
Tunnel interface: Tunnel0/0/0
Created time : 00:00:34
Expire time : 01:59:26
Number of nhrp peers: 2
以上验证各个设备上的NHRP peer都已经正常建立。
2、验证设备上的子网的OSPF路由
<Hub>display ospf 1 routing
OSPF Process 1 with Router ID 192.168.1.1
Routing Tables
Routing for Network
Destination Cost Type NextHop AdvRouter Area
10.1.1.0/24 1 Stub 10.1.1.1 192.168.1.1 0.0.0.0
192.168.1.0/24 1562 Transit 192.168.1.1 192.168.1.1 0.0.0.0
20.1.1.0/24 1563 Stub 192.168.1.2 192.168.1.2 0.0.0.0
30.1.1.0/24 1563 Stub 192.168.1.3 192.168.1.3 0.0.0.0
Total Nets: 4
Intra Area: 4 Inter Area: 0 ASE: 0 NSSA: 0
<Spoke 1>display ospf 1 routing
OSPF Process 1 with Router ID 192.168.1.2
Routing Tables
Routing for Network
Destination Cost Type NextHop AdvRouter Area
20.1.1.0/24 1 Stub 20.1.1.1 192.168.1.2 0.0.0.0
192.168.1.0/24 1562 Transit 192.168.1.2 192.168.1.2 0.0.0.0
10.1.1.0/24 1563 Stub 192.168.1.1 192.168.1.1 0.0.0.0
30.1.1.0/24 1563 Stub 192.168.1.3 192.168.1.3 0.0.0.0
<Spoke 2>display ospf 1 routing
OSPF Process 1 with Router ID 192.168.1.3
Routing Tables
Routing for Network
Destination Cost Type NextHop AdvRouter Area
30.1.1.0/24 1 Stub 30.1.1.1 192.168.1.3 0.0.0.0
192.168.1.0/24 1562 Transit 192.168.1.3 192.168.1.3 0.0.0.0
10.1.1.0/24 1563 Stub 192.168.1.1 192.168.1.1 0.0.0.0
20.1.1.0/24 1563 Stub 192.168.1.2 192.168.1.2 0.0.0.0
Total Nets: 4
Intra Area: 4 Inter Area: 0 ASE: 0 NSSA: 0
以上验证各个设备上子网的OSPF路由都已经正常建立
3、验证NHRP协议动态学习到本地NHRP peer 信息。
执行Spoke 1子网ping Spoke 2子网 用流量触发Spoke间的相互学习PC2 -Ping- PC3
PC2>ping 30.1.1.2
Ping 30.1.1.2: 32 data bytes, Press Ctrl_C to break
From 30.1.1.2: bytes=32 seq=1 ttl=126 time=62 ms
From 30.1.1.2: bytes=32 seq=2 ttl=126 time=32 ms
From 30.1.1.2: bytes=32 seq=3 ttl=126 time=46 ms
From 30.1.1.2: bytes=32 seq=4 ttl=126 time=32 ms
From 30.1.1.2: bytes=32 seq=5 ttl=126 time=31 ms
--- 30.1.1.2 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 31/40/62 ms
<Spoke 1>display nhrp peer all
-------------------------------------------------------------------------------
Protocol-addr Mask NBMA-addr NextHop-addr Type Flag
-------------------------------------------------------------------------------
192.168.1.1 32 202.210.1.1 192.168.1.1 static hub
-------------------------------------------------------------------------------
Tunnel interface: Tunnel0/0/0
Created time : 04:36:29
Expire time : --
-------------------------------------------------------------------------------
Protocol-addr Mask NBMA-addr NextHop-addr Type Flag
-------------------------------------------------------------------------------
192.168.1.3 32 202.210.3.1 192.168.1.3 dynamic route tunnel
-------------------------------------------------------------------------------
Tunnel interface: Tunnel0/0/0
Created time : 04:08:52
Expire time : 01:47:53
-------------------------------------------------------------------------------
Protocol-addr Mask NBMA-addr NextHop-addr Type Flag
-------------------------------------------------------------------------------
192.168.1.2 32 202.210.2.1 192.168.1.2 dynamic local
-------------------------------------------------------------------------------
Tunnel interface: Tunnel0/0/0
Created time : 00:12:07
Expire time : 01:47:53
Number of nhrp peers: 3
<Spoke 2>display nhrp peer all
-------------------------------------------------------------------------------
Protocol-addr Mask NBMA-addr NextHop-addr Type Flag
-------------------------------------------------------------------------------
192.168.1.1 32 202.210.1.1 192.168.1.1 static hub
-------------------------------------------------------------------------------
Tunnel interface: Tunnel0/0/0
Created time : 00:19:26
Expire time : --
-------------------------------------------------------------------------------
Protocol-addr Mask NBMA-addr NextHop-addr Type Flag
-------------------------------------------------------------------------------
192.168.1.2 32 202.210.2.1 192.168.1.2 dynamic route tunnel
-------------------------------------------------------------------------------
Tunnel interface: Tunnel0/0/0
Created time : 00:00:53
Expire time : 01:59:07
-------------------------------------------------------------------------------
Protocol-addr Mask NBMA-addr NextHop-addr Type Flag
-------------------------------------------------------------------------------
192.168.1.3 32 202.210.3.1 192.168.1.3 dynamic local
-------------------------------------------------------------------------------
Tunnel interface: Tunnel0/0/0
Created time : 00:00:53
Expire time : 01:59:07
Number of nhrp peers: 3
均通过学习到NHRP peer项信息,完成本配置。
1821
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
