华为综合实验03-宽带运营商MPLS V P N城际互联综合项目(傅老师eNSP经典实验系列)

已于 2024-09-23 11:12:21 修改
阅读量2.6k 收藏 72
点赞数 29
分类专栏: 【项目库】eNSP网络综合实验 文章标签: 网络 运维 网络协议 tcp/ip 信息与通信
于 2024-01-26 17:11:36 首次发布
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/darkgray11/article/details/135859826
版权

作者:网络傅老师

特别提示:纯原创干货!!未经作者允许,不得转载任何内容。违者必究!!!

宽带运营商MPLS V P N城际互联综合项目

《傅老师eNSP经典综合实验系列之项目03》——原创

==前言==

本案例主要技术:

MPLS、VPN、OSPF、BGP、EBGP、VLAN、Trunk、VRRP、DHCP等。

傅老师文档特点:

1、必须能做通;

2、很强的易读性(重点部分有理论讲解,例如本文的R9)

3、教科书级别(曾主刀10+年相关教材编纂,放心看)。

(文章尾部有傅老师的二维码,欢迎沟通交流:)

适合人群:

1、希望快速完成毕业设计同时提升能力的在校生;

2、用业余时间提升的在职人员;

阅读建议:

1、傅老师的实验案例几乎都来自真实项目,但因为真实项目过于庞大不适用于实验环境,因此每个案例都结合该项目特点进行了提炼,把最重要的部分展现给各位同学,且不失其综合性;

2、务必先了解拓扑图和需求,因为实验步骤是与需求对应的;

3、重要的命令有注释,可以帮助理解。

一、项目概述

    随着企业业务的不断扩展和信息化程度的提高,对于高效、稳定、安全的网络连接需求日益增长。某大型审计事务所,作为业界的领军者,对信息技术有着极高的要求。为了确保各分支机构与总部之间数据传输的安全性和可靠性,该事务所决定采用宽带运营商提供的MPLS VPN技术来实现安全、稳定和高速的城际网络连接。

    MPLS VPN技术是一种基于多协议标签交换(MPLS)的虚拟专用网络(VPN)技术。它通过在运营商的骨干网络上建立隧道,实现对数据的加密和封装,确保数据在传输过程中的安全性和完整性。

    宽带运营商将利用MPLS VPN技术的特点,构建一个跨越审计事务所总部及三个分支机构的虚拟专用网络。通过该网络,各分支机构将能够与总部进行安全、可靠的数据传输,确保业务的连续性和数据的完整性。

二、拓扑图与需求

1、拓扑图

    本拓扑分为5部分,核心是宽带运营商的网络,提供MPLS VPN服务,审计事务所总部和分支都是VPN用户站点。其中总部内部稍微展开,融进了常用的局域网技术,便于同学们学习。

    本拓扑极具代表性,多个VPN用户站点内部路由协议各不相同,有OSPF、BGP和静态路由,充分说明MPLS VPN的灵活性和扩展性。

    详细区域划分和IP规划详见拓扑图,就不再赘述了。

2、需求及实现思路

  • 总公司内部网络

    (1)配置VLAN、Trunk、Access和Eth-trunk

    (2)配置生成树MSTP,使2台核心交换机分别为2个实例的根,并分配不同VLAN的流量给不同的生成树实例

    (3)配置VRRP,使不同VLAN流量发往不同的核心交换机,实现负载分担和主备冗余

    (4)配置OSPF,实现总公司内网各网段路由可达

  • 分公司内部网络

    (1)朝阳分公司路由器启用BGP

    (2)海淀分公司路由器启用OSPF和DHCP

    (3)东城分公司路由器配置静态路由;

  • 宽带运营商内部网络

    启用OSPF,实现运营商内部骨干设备互通;

  • 宽带运营商配置MPLS VPN

    (1)运营商各路由器启用MPLS LDP

    (2)运营商RR与各PE之间建立MP-IBGP连接,并启用RR的BGP-VPNv4路由反射功能

    (3)各PE路由器上配置VPN实例

    (4)运营商配置路由引入;

三、实施步骤OBO(one by one)

1、配置VLAN、Trunk、Access和Eth-trunk

(1)SW3

<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]undo info-center enable
Info: Information center is disabled.
[Huawei]sysname SW3
[SW3]vlan batch 10 20
Info: This operation may take a few seconds. Please wait for a moment...done.
[SW3]interface e0/0/1
[SW3-Ethernet0/0/1]port link-type access
[SW3-Ethernet0/0/1]port default vlan 10
[SW3-Ethernet0/0/1]quit
[SW3]interface e0/0/2
[SW3-Ethernet0/0/2]port link-type access
[SW3-Ethernet0/0/2]port default vlan 20
[SW3-Ethernet0/0/2]quit
[SW3]port-group group-member e0/0/3 e0/0/4
//小技巧:
//创建临时端口组,系统会自动到绑定的所有成员接口下执行相关命令行,完成以太网接口批量配置。
[SW3-port-group]port link-type trunk        //这条命令是手动敲进去的
[SW3-Ethernet0/0/3]port link-type trunk     //这条命令是系统自己敲进去的
[SW3-Ethernet0/0/4]port link-type trunk     //这条命令也是系统自己敲进去的
[SW3-port-group]port trunk allow-pass vlan all
[SW3-Ethernet0/0/3]port trunk allow-pass vlan all
[SW3-Ethernet0/0/4]port trunk allow-pass vlan all
[SW3-port-group]quit

(2)SW4

<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]undo info-center enable
Info: Information center is disabled.
[Huawei]sysname SW4
[SW4]vlan batch 10 20
Info: This operation may take a few seconds. Please wait for a moment...done.
[SW4]interface e0/0/1
[SW4-Ethernet0/0/1]port link-type access
[SW4-Ethernet0/0/1]port default vlan 10
[SW4-Ethernet0/0/1]quit
[SW4]interface e0/0/2
[SW4-Ethernet0/0/2]port link-type access
[SW4-Ethernet0/0/2]port default vlan 20
[SW4-Ethernet0/0/2]quit
[SW4]port-group group-member e0/0/3 e0/0/4
[SW4-port-group]port link-type trunk
[SW4-Ethernet0/0/3]port link-type trunk
[SW4-Ethernet0/0/4]port link-type trunk
[SW4-port-group]port trunk allow-pass vlan all
[SW4-Ethernet0/0/3]port trunk allow-pass vlan all
[SW4-Ethernet0/0/4]port trunk allow-pass vlan all
[SW4-port-group]quit

(3)SW1

<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]undo info-center enable
Info: Information center is disabled.
[Huawei]sysname SW1
[SW1]vlan batch 10 20 11
Info: This operation may take a few seconds. Please wait for a moment...done.
[SW1]port-group group-member g0/0/1 g0/0/2
[SW1-port-group]port link-type trunk
[SW1-GigabitEthernet0/0/1]port link-type trunk
[SW1-GigabitEthernet0/0/2]port link-type trunk
[SW1-port-group]port trunk allow-pass vlan all
[SW1-GigabitEthernet0/0/1]port trunk allow-pass vlan all
[SW1-GigabitEthernet0/0/2]port trunk allow-pass vlan all
[SW1-port-group]quit
[SW1]interface g0/0/3
[SW1-GigabitEthernet0/0/3]port link-type access
[SW1-GigabitEthernet0/0/3]port default vlan 11
[SW1-GigabitEthernet0/0/3]quit
[SW1]interface eth-trunk 1
[SW1-Eth-Trunk1]mode lacp-static   //eth-trunk相关知识可访问傅老师小知识库
[SW1-Eth-Trunk1]trunkport g0/0/10
Info: This operation may take a few seconds. Please wait for a moment...done.
[SW1-Eth-Trunk1]trunkport g0/0/11
Info: This operation may take a few seconds. Please wait for a moment...done.
[SW1-Eth-Trunk1]port link-type trunk
[SW1-Eth-Trunk1]port trunk allow-pass vlan all
[SW1-Eth-Trunk1]quit

(4)SW2

<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]undo info-center enable
Info: Information center is disabled.
[Huawei]sysname SW2
[SW2]vlan batch 10 20 22
Info: This operation may take a few seconds. Please wait for a moment...done.
[SW2]port-group group-member g0/0/1 g0/0/2
[SW2-port-group]port link-type trunk
[SW2-GigabitEthernet0/0/1]port link-type trunk
[SW2-GigabitEthernet0/0/2]port link-type trunk
[SW2-port-group]port trunk allow-pass vlan all
[SW2-GigabitEthernet0/0/1]port trunk allow-pass vlan all
[SW2-GigabitEthernet0/0/2]port trunk allow-pass vlan all
[SW2-port-group]quit
[SW2]interface g0/0/3
[SW2-GigabitEthernet0/0/3]port link-type access
[SW2-GigabitEthernet0/0/3]port default vlan 22
[SW2-GigabitEthernet0/0/3]quit
[SW2]interface eth-trunk 1
[SW2-Eth-Trunk1]mode lacp-static
[SW2-Eth-Trunk1]trunkport g0/0/10
Info: This operation may take a few seconds. Please wait for a moment...done.
[SW2-Eth-Trunk1]trunkport g0/0/11
Info: This operation may take a few seconds. Please wait for a moment...done.
[SW2-Eth-Trunk1]port link-type trunk
[SW2-Eth-Trunk1]port trunk allow-pass vlan all
[SW2-Eth-Trunk1]quit

查看一下Eth-trunk的状态,正常。

2、配置MSTP生成树

(1)SW3

[SW3]stp region-configuration
[SW3-mst-region]instance 1 vlan 10
[SW3-mst-region]instance 2 vlan 20
[SW3-mst-region]active region-configuration
Info: This operation may take a few seconds. Please wait for a moment...done.
[SW3-mst-region]quit

(2)SW4

[SW4]stp region-configuration
[SW4-mst-region]instance 1 vlan 10
[SW4-mst-region]instance 2 vlan 20
[SW4-mst-region]active region-configuration
Info: This operation may take a few seconds. Please wait for a moment...done.
[SW4-mst-region]quit

(3)SW1

实例1的主,实例2的从

[SW1]stp region-configuration
[SW1-mst-region]instance 1 vlan 10
[SW1-mst-region]instance 2 vlan 20
[SW1-mst-region]active region-configuration
Info: This operation may take a few seconds. Please wait for a moment...done.
[SW1-mst-region]quit
[SW1]stp instance 1 root primary
[SW1]stp instance 2 root secondary
[SW1]quit

(4)SW2

实例2的主,实例1的从

[SW2]stp region-configuration
[SW2-mst-region]instance 1 vlan 10
[SW2-mst-region]instance 2 vlan 20
[SW2-mst-region]active region-configuration
Info: This operation may take a few seconds. Please wait for a moment...done.
[SW2-mst-region]quit
[SW2]stp instance 2 root primary
[SW2]stp instance 1 root secondary
[SW2]quit

验证一下生成树

3、配置VRRP

(1)SW1

是VRID 10的主、VRID 20的备

[SW1]interface vlanif 10
[SW1-Vlanif10]ip address 10.1.10.253 24
[SW1-Vlanif10]vrrp vrid 10 virtual-ip 10.1.10.254
[SW1-Vlanif10]vrrp vrid 10 priority 120
[SW1-Vlanif10]quit
[SW1]interface vlanif 20
[SW1-Vlanif20]ip address 10.1.20.253 24
[SW1-Vlanif20]vrrp vrid 20 virtual-ip 10.1.20.254
[SW1-Vlanif20]quit
[SW1]interface vlanif 11
[SW1-Vlanif11]ip address 10.1.15.1 24
[SW1-Vlanif11]quit

(2)SW2

是VRID 10的备、VRID 20的主

[SW2]interface vlanif 10
[SW2-Vlanif10]ip address 10.1.10.252 24
[SW2-Vlanif10]vrrp vrid 10 virtual-ip 10.1.10.254
[SW2-Vlanif10]quit
[SW2]interface vlanif 20
[SW2-Vlanif20]ip address 10.1.20.252 24
[SW2-Vlanif20]vrrp vrid 20 virtual-ip 10.1.20.254
[SW2-Vlanif20]vrrp vrid 20 priority 120
[SW2-Vlanif20]quit
[SW2]interface vlanif 22
[SW2-Vlanif22]ip address 10.1.25.2 24
[SW2-Vlanif22]quit

验证一下VRRP的状态

4、配置总公司OSPF

实现总公司内各网段路由可达。

(1)SW1

[SW1]ospf
[SW1-ospf-1]area 0
[SW1-ospf-1-area-0.0.0.0]network 10.1.15.0 0.0.0.255
[SW1-ospf-1-area-0.0.0.0]network 10.1.10.0 0.0.0.255
[SW1-ospf-1-area-0.0.0.0]network 10.1.20.0 0.0.0.255
[SW1-ospf-1-area-0.0.0.0]quit
[SW1-ospf-1]silent-interface vlanif 10
[SW1-ospf-1]silent-interface vlanif 20
//禁止接口收发OSPF报文,因此该接口上不会建立OSPF邻居关系。可提升设备性能、增强组网能力。
[SW1-ospf-1]quit

(2)SW2

[SW2]ospf
[SW2-ospf-1]area 0
[SW2-ospf-1-area-0.0.0.0]network 10.1.25.0 0.0.0.255
[SW2-ospf-1-area-0.0.0.0]network 10.1.10.0 0.0.0.255
[SW2-ospf-1-area-0.0.0.0]network 10.1.20.0 0.0.0.255
[SW2-ospf-1-area-0.0.0.0]quit
[SW2-ospf-1]silent-interface vlanif 10
[SW2-ospf-1]silent-interface vlanif 20
[SW2-ospf-1]quit

(3)R5

<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]undo info-center enable
Info: Information center is disabled.
[Huawei]sysname R5
[R5]interface g0/0/2
[R5-GigabitEthernet0/0/2]ip address 10.1.51.5 24
[R5-GigabitEthernet0/0/2]quit
[R5]interface g0/0/0
[R5-GigabitEthernet0/0/0]ip address 10.1.15.5 24
[R5-GigabitEthernet0/0/0]quit
[R5]interface g0/0/1
[R5-GigabitEthernet0/0/1]ip address 10.1.25.5 24
[R5-GigabitEthernet0/0/1]quit
[R5]ospf
[R5-ospf-1]area 0
[R5-ospf-1-area-0.0.0.0]network 10.1.15.0 0.0.0.255
[R5-ospf-1-area-0.0.0.0]network 10.1.25.0 0.0.0.255
[R5-ospf-1-area-0.0.0.0]network 10.1.51.0 0.0.0.255
[R5-ospf-1-area-0.0.0.0]quit
[R5-ospf-1]quit

可看到R5的2个OSPF邻居分别是SW1和SW2

5、配置各分公司路由

(1)R8(朝阳BGP)

<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]undo info-center enable
Info: Information center is disabled.
[Huawei]sysname R8
[R8]interface g0/0/1
[R8-GigabitEthernet0/0/1]ip address 10.1.112.254 24
[R8-GigabitEthernet0/0/1]quit
[R8]interface g0/0/0
[R8-GigabitEthernet0/0/0]ip address 10.1.28.8 24
[R8-GigabitEthernet0/0/0]quit
[R8]bgp 65530
[R8-bgp]peer 10.1.28.2 as 100    //指定对面的邻居以及AS号
[R8-bgp]network 10.1.112.0 24    //宣告自己的内部直连网段
[R8-bgp]quit

查看一下BGP邻居

(2)R6(海淀OSPF)

<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]undo info-center enable
Info: Information center is disabled.
[Huawei]sysname R6
[R6]interface g0/0/0
[R6-GigabitEthernet0/0/0]ip address 172.16.45.5 24
[R6-GigabitEthernet0/0/0]quit
[R6]dhcp enable
Info: The operation may take a few seconds. Please wait for a moment.done.
[R6]interface g0/0/1
[R6-GigabitEthernet0/0/1]ip address 172.16.1.254 24
[R6-GigabitEthernet0/0/1]dhcp select interface
[R6-GigabitEthernet0/0/1]quit
[R6]ospf
[R6-ospf-1]area 0
[R6-ospf-1-area-0.0.0.0]network 172.16.1.0 0.0.0.255
[R6-ospf-1-area-0.0.0.0]network 172.16.45.0 0.0.0.255
[R6-ospf-1-area-0.0.0.0]quit
[R6-ospf-1]quit

查看OSPF路由表,目前仅能看见自己的直连路由

查看DHCP状态,已经分配出去2个IP地址

PC获取IP地址(以PC4为例)

(3)R7(东城静态路由)

<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]undo info-center enable
Info: Information center is disabled.
[Huawei]sysname R7
[R7]interface g0/0/0
[R7-GigabitEthernet0/0/0]ip address 192.168.1.254 24
[R7-GigabitEthernet0/0/0]quit
[R7]interface g0/0/1
[R7-GigabitEthernet0/0/1]ip address 192.168.37.7 24
[R7-GigabitEthernet0/0/1]quit
[R7]ip route-static 0.0.0.0 0.0.0.0 192.168.37.3
[R7]quit

6、配置运营商主干网络(OSPF)

主干内部看似命令多,实际并不复杂,对照拓扑图配置IP、宣告网段即可。

(1)R2

<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]undo info-center enable
Info: Information center is disabled.
[Huawei]sysname R2
[R2]interface g4/0/0
[R2-GigabitEthernet4/0/0]ip address 23.1.1.2 24
[R2-GigabitEthernet4/0/0]quit
[R2]interface g0/0/1
[R2-GigabitEthernet0/0/1]ip address 29.1.1.2 24
[R2-GigabitEthernet0/0/1]quit
[R2]interface g0/0/2
[R2-GigabitEthernet0/0/2]ip address 12.1.1.2 24
[R2-GigabitEthernet0/0/2]quit
[R2]interface loopback 0
[R2-LoopBack0]ip address 2.2.2.2 32
[R2-LoopBack0]quit
[R2]ospf 2 router-id 2.2.2.2
[R2-ospf-2]area 0
[R2-ospf-2-area-0.0.0.0]network 2.2.2.2 0.0.0.0
[R2-ospf-2-area-0.0.0.0]network 29.1.1.0 0.0.0.255
[R2-ospf-2-area-0.0.0.0]network 12.1.1.0 0.0.0.255
[R2-ospf-2-area-0.0.0.0]network 23.1.1.0 0.0.0.255
[R2-ospf-2-area-0.0.0.0]quit
[R2-ospf-2]quit

(2)R1

<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]undo info-center enable
Info: Information center is disabled.
[Huawei]sysname R1
[R1]interface g0/0/1
[R1-GigabitEthernet0/0/1]ip address 12.1.1.1 24
[R1-GigabitEthernet0/0/1]quit
[R1]interface g0/0/2
[R1-GigabitEthernet0/0/2]ip address 19.1.1.1 24
[R1-GigabitEthernet0/0/2]quit
[R1]interface g4/0/0
[R1-GigabitEthernet4/0/0]ip address 14.1.1.1 24
[R1-GigabitEthernet4/0/0]quit
[R1]interface loopback 0
[R1-LoopBack0]ip address 1.1.1.1 32
[R1-LoopBack0]quit
[R1]ospf 2 router-id 1.1.1.1
[R1-ospf-2]area 0
[R1-ospf-2-area-0.0.0.0]network 1.1.1.1 0.0.0.0
[R1-ospf-2-area-0.0.0.0]network 12.1.1.0 0.0.0.255
[R1-ospf-2-area-0.0.0.0]network 19.1.1.0 0.0.0.255
[R1-ospf-2-area-0.0.0.0]network 14.1.1.0 0.0.0.255
[R1-ospf-2-area-0.0.0.0]quit
[R1-ospf-2]quit

(3)R9

<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]undo info-center enable
Info: Information center is disabled.
[Huawei]sysname R9
[R9]interface g0/0/0
[R9-GigabitEthernet0/0/0]ip address 29.1.1.9 24
[R9-GigabitEthernet0/0/0]quit
[R9]interface g0/0/1
[R9-GigabitEthernet0/0/1]ip address 19.1.1.9 24
[R9-GigabitEthernet0/0/1]quit
[R9]interface g0/0/2
[R9-GigabitEthernet0/0/2]ip address 39.1.1.9 24
[R9-GigabitEthernet0/0/2]quit
[R9]interface g4/0/0
[R9-GigabitEthernet4/0/0]ip address 49.1.1.9 24
[R9-GigabitEthernet4/0/0]quit
[R9]interface loopback 0
[R9-LoopBack0]ip address 9.9.9.9 32
[R9-LoopBack0]quit
[R9]ospf 2 router-id 9.9.9.9
[R9-ospf-2]area 0
[R9-ospf-2-area-0.0.0.0]network 9.9.9.9 0.0.0.0
[R9-ospf-2-area-0.0.0.0]network 19.1.1.0 0.0.0.255
[R9-ospf-2-area-0.0.0.0]network 29.1.1.0 0.0.0.255
[R9-ospf-2-area-0.0.0.0]network 39.1.1.0 0.0.0.255
[R9-ospf-2-area-0.0.0.0]network 49.1.1.0 0.0.0.255
[R9-ospf-2-area-0.0.0.0]quit
[R9-ospf-2]quit

(4)R3

<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]undo info-center enable
Info: Information center is disabled.
[Huawei]sysname R3
[R3]interface g0/0/1
[R3-GigabitEthernet0/0/1]ip address 23.1.1.3 24
[R3-GigabitEthernet0/0/1]quit
[R3]interface g0/0/0
[R3-GigabitEthernet0/0/0]ip address 39.1.1.3 24
[R3-GigabitEthernet0/0/0]quit
[R3]interface g0/0/2
[R3-GigabitEthernet0/0/2]ip address 34.1.1.3 24
[R3-GigabitEthernet0/0/2]quit
[R3]interface loopback 0
[R3-LoopBack0]ip address 3.3.3.3 32
[R3-LoopBack0]quit
[R3]ospf 2 router-id 3.3.3.3
[R3-ospf-2]area 0
[R3-ospf-2-area-0.0.0.0]network 3.3.3.3 0.0.0.0
[R3-ospf-2-area-0.0.0.0]network 23.1.1.0 0.0.0.255
[R3-ospf-2-area-0.0.0.0]network 34.1.1.0 0.0.0.255
[R3-ospf-2-area-0.0.0.0]network 39.1.1.0 0.0.0.255
[R3-ospf-2-area-0.0.0.0]quit
[R3-ospf-2]quit

(5)R4

<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]undo info-center enable
Info: Information center is disabled.
[Huawei]sysname R4
[R4]interface g0/0/1
[R4-GigabitEthernet0/0/1]ip address 34.1.1.4 24
[R4-GigabitEthernet0/0/1]quit
[R4]interface g0/0/2
[R4-GigabitEthernet0/0/2]ip address 49.1.1.4 24
[R4-GigabitEthernet0/0/2]quit
[R4]interface g0/0/0
[R4-GigabitEthernet0/0/0]ip address 14.1.1.4 24
[R4-GigabitEthernet0/0/0]quit
[R4]interface loopback 0
[R4-LoopBack0]ip address 4.4.4.4 32
[R4-LoopBack0]quit
[R4]ospf 2 router-id 4.4.4.4
[R4-ospf-2]area 0
[R4-ospf-2-area-0.0.0.0]network 4.4.4.4 0.0.0.0
[R4-ospf-2-area-0.0.0.0]network 14.1.1.0 0.0.0.255
[R4-ospf-2-area-0.0.0.0]network 49.1.1.0 0.0.0.255
[R4-ospf-2-area-0.0.0.0]network 34.1.1.0 0.0.0.255
[R4-ospf-2-area-0.0.0.0]quit
[R4-ospf-2]quit

7、配置MPLS

(1)R2

[R2]mpls lsr-id 2.2.2.2
//LSR ID用来唯一标识一个LSR。部署MPLS时,必须首先配置LSR ID
//为了提高可靠性,推荐使用Loopback接口的地址
[R2]mpls
Info: Mpls starting, please wait... OK!
[R2-mpls]mpls ldp	   //启动全局LDP,以便建立LDP对等体
[R2-mpls-ldp]quit
[R2]interface g4/0/0
[R2-GigabitEthernet4/0/0]mpls    //启动接口的MPLS功能
[R2-GigabitEthernet4/0/0]mpls ldp    //启动接口的LDP
[R2-GigabitEthernet4/0/0]quit
[R2]interface g0/0/1
[R2-GigabitEthernet0/0/1]mpls
[R2-GigabitEthernet0/0/1]mpls ldp
[R2-GigabitEthernet0/0/1]quit
[R2]interface g0/0/2
[R2-GigabitEthernet0/0/2]mpls
[R2-GigabitEthernet0/0/2]mpls ldp
[R2-GigabitEthernet0/0/2]quit

(2)R1

[R1]mpls lsr-id 1.1.1.1
[R1]mpls
Info: Mpls starting, please wait... OK!
[R1-mpls]mpls ldp
[R1-mpls-ldp]quit
[R1]interface g4/0/0
[R1-GigabitEthernet4/0/0]mpls
[R1-GigabitEthernet4/0/0]mpls ldp
[R1-GigabitEthernet4/0/0]quit
[R1]interface g0/0/1
[R1-GigabitEthernet0/0/1]mpls
[R1-GigabitEthernet0/0/1]mpls ldp
[R1-GigabitEthernet0/0/1]quit
[R1]interface g0/0/2
[R1-GigabitEthernet0/0/2]mpls
[R1-GigabitEthernet0/0/2]mpls ldp
[R1-GigabitEthernet0/0/2]quit

(3)R9

[R9]mpls lsr-id 9.9.9.9
[R9]mpls
Info: Mpls starting, please wait... OK!
[R9-mpls]mpls ldp
[R9-mpls-ldp]quit
[R9]interface g0/0/0
[R9-GigabitEthernet0/0/0]mpls
[R9-GigabitEthernet0/0/0]mpls ldp
[R9-GigabitEthernet0/0/0]quit
[R9]interface g0/0/2
[R9-GigabitEthernet0/0/2]mpls
[R9-GigabitEthernet0/0/2]mpls ldp
[R9-GigabitEthernet0/0/2]quit
[R9]interface g0/0/1
[R9-GigabitEthernet0/0/1]mpls
[R9-GigabitEthernet0/0/1]mpls ldp
[R9-GigabitEthernet0/0/1]quit
[R9]interface g4/0/0
[R9-GigabitEthernet4/0/0]mpls
[R9-GigabitEthernet4/0/0]mpls ldp
[R9-GigabitEthernet4/0/0]quit

(4)R3

[R3]mpls lsr-id 3.3.3.3
[R3]mpls
Info: Mpls starting, please wait... OK!
[R3-mpls]mpls ldp
[R3-mpls-ldp]quit
[R3]interface g0/0/1
[R3-GigabitEthernet0/0/1]mpls
[R3-GigabitEthernet0/0/1]mpls ldp
[R3-GigabitEthernet0/0/1]quit
[R3]interface g0/0/2
[R3-GigabitEthernet0/0/2]mpls
[R3-GigabitEthernet0/0/2]mpls ldp
[R3-GigabitEthernet0/0/2]quit
[R3]interface g0/0/0
[R3-GigabitEthernet0/0/0]mpls
[R3-GigabitEthernet0/0/0]mpls ldp
[R3-GigabitEthernet0/0/0]quit

(5)R4

[R4]mpls lsr-id 4.4.4.4
[R4]mpls
Info: Mpls starting, please wait... OK!
[R4-mpls]mpls ldp
[R4-mpls-ldp]quit
[R4]interface g0/0/1
[R4-GigabitEthernet0/0/1]mpls
[R4-GigabitEthernet0/0/1]mpls ldp
[R4-GigabitEthernet0/0/1]quit
[R4]interface g0/0/2
[R4-GigabitEthernet0/0/2]mpls
[R4-GigabitEthernet0/0/2]mpls ldp
[R4-GigabitEthernet0/0/2]quit
[R4]interface g0/0/0
[R4-GigabitEthernet0/0/0]mpls
[R4-GigabitEthernet0/0/0]mpls ldp
[R4-GigabitEthernet0/0/0]quit

查看MPLS状态,以R9为例。

8、配置BGP

这部分R9是重点。

(1)R2

[R2]bgp 100
[R2-bgp]peer 9.9.9.9 as 100
//配置对等体R9,AS号为100
[R2-bgp]peer 9.9.9.9 connect-interface loopback 0
//指定发送BGP报文的源接口,这里用到Loopback,更可靠稳定
[R2-bgp]ipv4-family vpnv4    //进入BGP-VPNv4地址族视图
[R2-bgp-af-vpnv4]peer 9.9.9.9 enable    //启动与RR交换BGP的VPNv4路由
[R2-bgp-af-vpnv4]quit
[R2-bgp]quit

(2)R1

[R1]bgp 100
[R1-bgp]peer 9.9.9.9 as 100
[R1-bgp]peer 9.9.9.9 connect-interface loopback 0
[R1-bgp]ipv4-family vpnv4
[R1-bgp-af-vpnv4]peer 9.9.9.9 enable
[R1-bgp-af-vpnv4]quit
[R1-bgp]quit

(3)R3

[R3]bgp 100
[R3-bgp]peer 9.9.9.9 as 100
[R3-bgp]peer 9.9.9.9 connect-interface loopback 0
[R3-bgp]ipv4-family vpnv4
[R3-bgp-af-vpnv4]peer 9.9.9.9 enable
[R3-bgp-af-vpnv4]quit
[R3-bgp]quit

(4)R4

[R4]bgp 100
[R4-bgp]peer 9.9.9.9 as 100
[R4-bgp]peer 9.9.9.9 connect-interface loopback 0
[R4-bgp]ipv4-family vpnv4
[R4-bgp-af-vpnv4]peer 9.9.9.9 enable
[R4-bgp-af-vpnv4]quit
[R4-bgp]quit

(5)R9

注意:R9是个比较特殊的设备。除了要与其他路由器配置BGP对等体,还有2点要特别注意。

首先,R9要关闭VPN-Target属性。

在BGP/MPLS IP VPN组网中,VPN-Target属性用来对接收到的VPN路由或者标签块进行过滤,该属性默认开启。但RR或者ASBR又需要保存所有PE发来的VPN路由或者标签块,为解决这个问题,需要在RR或者ASBR上配置undo policy vpn-target命令,不对VPN路由或者标签块进行VPN-Target过滤。

其次,R9要配置为路由反射器。

PE间需要建立BGP对等体关系。但是当PE设备较多时,对等体关系的数目也会很多,会显著增加网络资源和CPU资源的消耗;解决方法是使用peer reflect-client命令将一台设备配置为路由反射器,并指定其他对等体作为路由反射器的客户端。这样一来,BGP对等体关系由复杂的“多对多”变为了“一对多”,大大减小了对网络资源和CPU资源的消耗。

[R9]bgp 100
[R9-bgp]peer 2.2.2.2 as 100
[R9-bgp]peer 2.2.2.2 connect-interface loopback 0
[R9-bgp]peer 3.3.3.3 as 100
[R9-bgp]peer 3.3.3.3 connect-interface loopback 0
[R9-bgp]peer 1.1.1.1 as 100
[R9-bgp]peer 1.1.1.1 connect-interface loopback 0
[R9-bgp]peer 4.4.4.4 as 100
[R9-bgp]peer 4.4.4.4 connect-interface loopback 0
[R9-bgp]ipv4-family vpnv4
[R9-bgp-af-vpnv4]undo policy vpn-target
//不对VPN路由或者标签块进行VPN-Target过滤。
[R9-bgp-af-vpnv4]peer 2.2.2.2 enable
[R9-bgp-af-vpnv4]peer 2.2.2.2 reflect-client
//R9为路由反射器,R2为客户端,以此建立对等体关系。
[R9-bgp-af-vpnv4]peer 3.3.3.3 enable
[R9-bgp-af-vpnv4]peer 3.3.3.3 reflect-client
//R9为路由反射器,R3为客户端,以此建立对等体关系。
[R9-bgp-af-vpnv4]peer 1.1.1.1 enable
[R9-bgp-af-vpnv4]peer 1.1.1.1 reflect-client
//R9为路由反射器,R1为客户端,以此建立对等体关系。
[R9-bgp-af-vpnv4]peer 4.4.4.4 enable
[R9-bgp-af-vpnv4]peer 4.4.4.4 reflect-client
//R9为路由反射器,R4为客户端,以此建立对等体关系。
[R9-bgp-af-vpnv4]quit
[R9-bgp]quit

在R9查看一下BGP邻居们的状态,正常。

9、配置VPN

(1)R2

[R2]ip vpn-instance vpna    //创建VPN实例,实例名vpna
[R2-vpn-instance-vpna]route-distinguisher 1:1   //为VPN实例地址族配置路由标识RD
[R2-vpn-instance-vpna-af-ipv4]vpn-target 1:1
//在配置了VPN实例的PE设备上,都需要执行此命令为VPN实例相应地址族配置VPN Target属性,
//VPN Target可以控制VPN实例之间的路由学习。
 IVT Assignment result: 
Info: VPN-Target assignment is successful.
 EVT Assignment result: 
Info: VPN-Target assignment is successful.
[R2-vpn-instance-vpna-af-ipv4]quit
[R2-vpn-instance-vpna]quit
[R2]interface g0/0/0
[R2-GigabitEthernet0/0/0]ip binding vpn-instance vpna
//将接口与VPN实例绑定。绑定后,该接口将变为私网接口,可以配置私网地址、运行私网路由协议等。
Info: All IPv4 related configurations on this interface are removed!
Info: All IPv6 related configurations on this interface are removed!
[R2-GigabitEthernet0/0/0]ip address 10.1.28.2 24
[R2-GigabitEthernet0/0/0]quit
[R2]bgp 100
[R2-bgp]ipv4-family vpn-instance vpna
[R2-bgp-vpna]peer 10.1.28.8 as 65530
[R2-bgp-vpna]quit

查看R2的VPN实例

查看R2的BGP邻居,可以看到多了10.1.28.8,即朝阳分公司。

R2已经学到了朝阳分公司内部的路由

(2)R3

[R3]ip vpn-instance vpnc
[R3-vpn-instance-vpnc]route-distinguisher 2:1
[R3-vpn-instance-vpnc-af-ipv4]vpn-target 1:1
 IVT Assignment result: 
Info: VPN-Target assignment is successful.
 EVT Assignment result: 
Info: VPN-Target assignment is successful.
[R3-vpn-instance-vpnc-af-ipv4]quit
[R3-vpn-instance-vpnc]quit
[R3]interface g4/0/0
[R3-GigabitEthernet4/0/0]ip binding vpn-instance vpnc
Info: All IPv4 related configurations on this interface are removed!
Info: All IPv6 related configurations on this interface are removed!
[R3-GigabitEthernet4/0/0]ip address 192.168.37.3 24
[R3-GigabitEthernet4/0/0]quit
[R3]ip route-static vpn-instance vpnc 192.168.1.0 24 192.168.37.7
//为VPN实例配置静态路由(因为东城分公司内运行静态路由协议)
[R3]quit

此时R3上可以看到来自朝阳的IBGP路由,还能看到东城的静态路由。

(3)R1

[R1]ip vpn-instance vpn
[R1-vpn-instance-vpn]route-distinguisher 3:1
[R1-vpn-instance-vpn-af-ipv4]vpn-target 1:1
 IVT Assignment result: 
Info: VPN-Target assignment is successful.
 EVT Assignment result: 
Info: VPN-Target assignment is successful.
[R1-vpn-instance-vpn-af-ipv4]quit
[R1-vpn-instance-vpn]quit
[R1]interface g0/0/0
[R1-GigabitEthernet0/0/0]ip binding vpn-instance vpn
Info: All IPv4 related configurations on this interface are removed!
Info: All IPv6 related configurations on this interface are removed!
[R1-GigabitEthernet0/0/0]ip address 10.1.51.1 24
[R1-GigabitEthernet0/0/0]quit
[R1]ospf 1 vpn-instance vpn
[R1-ospf-1]area 0
[R1-ospf-1-area-0.0.0.0]network 10.1.51.0 0.0.0.255
[R1-ospf-1-area-0.0.0.0]quit
[R1-ospf-1]quit

此时R1已经学习到总公司内部的路由。

(4)R4

[R4]ip vpn-instance vpnb
[R4-vpn-instance-vpnb]route-distinguisher 4:1
[R4-vpn-instance-vpnb-af-ipv4]vpn-target 1:1
 IVT Assignment result: 
Info: VPN-Target assignment is successful.
 EVT Assignment result: 
Info: VPN-Target assignment is successful.
[R4-vpn-instance-vpnb-af-ipv4]quit
[R4-vpn-instance-vpnb]quit
[R4]interface g4/0/0
[R4-GigabitEthernet4/0/0]ip binding vpn-instance vpnb
Info: All IPv4 related configurations on this interface are removed!
Info: All IPv6 related configurations on this interface are removed!
[R4-GigabitEthernet4/0/0]ip address 172.16.45.4 24
[R4-GigabitEthernet4/0/0]quit
[R4]ospf 1 vpn-instance vpnb
[R4-ospf-1]area 0
[R4-ospf-1-area-0.0.0.0]network 172.16.45.0 0.0.0.255
[R4-ospf-1-area-0.0.0.0]quit
[R4-ospf-1]quit

查看R4也已经学到了海淀的内部路由

10、配置路由引入

(1)R1

[R1]bgp 100
[R1-bgp]ipv4-family vpn-instance vpn
[R1-bgp-vpn]import-route ospf 1
[R1-bgp-vpn]quit
[R1-bgp]quit
[R1]ospf
[R1-ospf-1]import-route bgp
[R1-ospf-1]quit

引入后,可以看到R1已经学到了各个区域的路由。

(2)R4

[R4]bgp 100
[R4-bgp]ipv4-family vpn-instance vpnb
[R4-bgp-vpnb]import-route ospf 1
[R4-bgp-vpnb]quit
[R4-bgp]quit
[R4]ospf
[R4-ospf-1]import-route bgp
[R4-ospf-1]quit

(3)R3

[R3]bgp 100
[R3-bgp]ipv4-family vpn-instance vpnc
[R3-bgp-vpnc]import-route static
[R3-bgp-vpnc]quit
[R3-bgp]quit

查看R2的vpna路由表,其中10.1.112.0/24为EBGP

11、测试全网互通(以PC5为例)

至此,项目全部实现。各位同学试一下吧。

四、傅老师的微信名片

欢迎沟通交流:)

华为综合实验
看清所以看轻
10-20 2311
1.链路聚合概述 链路聚合(Link Aggregation) 是将多个物理接口当作一个逻 辑接口,以增加带宽和提供线路冗余。链路聚合的带宽理论.上相当于所包含的物理接口带宽总和,非常适用于企业核心网络中,同时参捆绑的某个成员接口或链路损坏,不影响聚合链路的正常工作,提供了冗余性。华为设备支持的链路聚合协议是LACP (Link Aggregation Control Protocol)。在华...
华为eNSP综合实验(ACL+OSPF+DHCP接口模式和DHCP全局模式)
qq_56182387的博客
10-03 2172
2.除Server服务器外,禁止192.168.1.0/24网段所有PC访问其他网段,使用ping测试。禁止192.168.5.0/24网段所有PC访问其他网段,使用ping测试。在端口GigabitEthernet 0/0/0上设置全局DHCP服务。1.AR3:在端口GigabitEthernet 0/0/1上设置为接口DHCP服务。3.AR4:在端口GigabitEthernet 0/0/0上设置接口DHCP服务。dhcp select global #设置为全局DHCP服务。
华为交换综合实验——VRRP、MSTP、Eth-trunk、NAT、DHCP等技术应用
最新发布
2401_83342251的博客
03-29 757
1,内网Ip地址使用172.16.0.0/16分配2,sw1和SW2之间互为备份3, VRRP/STP/VLAN/Eth-trunk均使用4,所有Pc均通过DHCP获取IP地址5,ISP只能配置IP地址6,所有电脑可以正常访问IsP路由器环回。
华为综合实验01-大型企业网络设计实验(DHCP、VRRP、OSPF、PPP、PPPoE等)——老师eNSP经典实验系列
傅老师的运维技术空间
12-29 4829
eNSP经典综合实验系列项目01-大型企业网络建设。涉及VLAN、生成树、DHCP、VRRP、OSPF、PPP、CHAP、PPPoE、Telnet和ACL等技能的综合应用。超值超经典
华为eNSP搭建的综合实验+实验报告
07-26
综合实验,技术包括MGRE、OSPF、RIP、BGP等内容,全网可达
华为模拟器eNSP - HCIA-OSPF综合实验
炸鸡店老板z的博客
01-03 2352
实验要求: R6为isp,接口IP地址均为公有地址;该设备只能配置IP地址,之后不能再对其进行其他任何配置; R1- R5为局域网,私有IP地址192.168.1.0/24,请合理分配; R1,R2,R4,各有两个环回地址;R5,R6各有一个环回地址;所有路由器上环回均代表连接用户的接口; R3下的两台PC通过DHCP自动获取IP地址; 选路最佳,路由表尽量小,避免环路; R1- R5均可以访问R6的环回; R6telnetR5的公有IP地址时,实际登陆到R1上; R4R.
华为综合实验02-某科研院网络路由实验(OSPF、BGP、EBGP、BFD、NAT、DHCP等)——老师eNSP经典实验系列
傅老师的运维技术空间
01-12 2329
eNSP经典综合实验系列项目02-某科研院网络路由实验。涉及OSPF、BGP、EBGP、BFD、VLAN、DHCP等技能的综合应用。超值超经典
华为ensp sr-mpls be配置
03-29
**标题解析:** "华为ensp sr-mpls be配置" 指的是使用华为网络模拟器(ENSP)进行SR-MPLS(Segment Routing over MPLS,基于段路由的多协议标签交换)的基本路径(BE,Basic Engine)配置。SR-MPLS是一种现代的网络...
ensp经典13个实验案例
05-07
实验1 mstp 实验2 vrrp配置 实验3 ospf高级配置 实验4 MSTP+VRRP+OSPF配置 实验5isis配置 实验6路由过滤配置 实验7路由引入 路由策略配置 实验8 BGP基本配置 实验9 BGP选路配置 实验10 GRE VPN配置 实验11 高级手工...
华为ensp_园区综合组网 — —华为ENSP实验
weixin_39814393的博客
12-15 4306
点击“HCIE考试俱乐部”→点击右上角“...”→“设为星标”资讯丨干货丨入群 联系小E微信:SPOTO123456组网拓扑组网需求用路由器模拟运营商设备,在路由器上用环回接口8.8.8.8模拟公网web serverR1、SW1、SW2之间运行ospf动态路由协议,使用环回口作为Router-IDSW1、SW2通过OSPF学习到默认路由SW1、SW2属于核心交换机,两台设备使用聚...
华为综合实验(EasyIP、RIP、OSPF)
daxiongbaobei的博客
06-04 829
华为综合实验(EasyIP、RIP、OSPF)一:实验环境二:实验拓补图三:实验需求四:实验步骤 一:实验环境 ENSP 二:实验拓补图 三:实验需求 实现全网互通 四:实验步骤 配置R5 配置R4 配置R3 配置R2 配置SW1 配置SW2 配置R1 ...
华为综合实验(1)
江南靓仔的博客
08-05 1875
华为综合实验 一、 创建vlan,和配置trunk、将接口加入到vlan 1) sw1创建多个vlan,和查看创建的vlan [SW1]vlan batch 10 20 2) 配置trunk [SW1]interface GigabitEthernet 0/0/1 进入接口 0/0/1 [SW1-GigabitEthernet0/0/1]port link-type trunk...
华为-综合实验(EasyIP、DHCP、端口映射)
ycycyyc_的博客
06-09 3633
目录一、实验需求1.1需求一1.2需求二1.3需求三二、实验环境三、实验步骤3.1 配置SW23.2 配置 SW33.3 配置SW13.4 配置R33.5 配置R13.6 配置R23.7 配置SW4四、验证测试4.1 测试需求一4.2 测试需求二4.3 测试需求三 一、实验需求 1.1需求一 ●要求R3通过DHCP协议向PC1、PC2、PC3、PC4分配ip地址。 1.2需求二 ●要求PC1、PC2、PC3、PC4通过Easyip可以ping通PC5。 1.3需求三 ●要求云服务器通过“NAT server
华为S9300系列MPLS配置手册-V100R002C00_03
"S9300系列T比特核心路由交换机的配置指南专注于MPLS功能,涵盖了V100R002C00_03版本的详细配置步骤和维护方法。" 华为的S9300系列T比特核心路由交换机是一款高性能的网络设备,特别适用于构建大型企业或服务提供商...
评论 2
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包

打赏作者

网络傅老师

你的鼓励将是我创作的最大动力

¥1 ¥2 ¥4 ¥6 ¥10 ¥20
扫码支付:¥1
获取中
扫码支付

您的余额不足,请更换扫码支付或充值

打赏作者

实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值