63.不同VPN路由引入场景--部署公网与私网互通 import-rib public【使用CE12800】

提示：文章写完后，目录可以自动生成，如何生成可参考右边的帮助文档

---

前言

CE1 为客户网络的边界设备，PE1与 P 为运营商设备，构建公网路由
在 PE1 上将 完成公网与私网的路由引入，完成公网与私网的互通

---

提示：以下是本篇文章正文内容，下面案例可供参考

一、基础配置私网地址，公网使用OSPF

Ensp 该实验需要使用CE12800
CE12800接口默认工作在二层，需要先转层三层接口//undo portswitch
并且接口默认关闭，先undo shutdown

CE使用lo 1：192。168。1。1作为测试地址
访问P上的公网地址 202。106。0。1

CE1: 到达公网PE使用 静态路由

<HUAWEI>system-v
[~HUAWEI]int g1/0/0
[~HUAWEI-GE1/0/0]undo shutdown 
[*HUAWEI-GE1/0/0]undo portswitch 
[*HUAWEI-GE1/0/0]ip add 10.1.1.1 30
[*HUAWEI-GE1/0/0]int lo 1
[*HUAWEI-LoopBack1]ip add 192.168.1.1 30
[*HUAWEI]ip route-static 20.1.1.0 30 10.1.1.2 
[*HUAWEI]ip route-static 202.106.0.1 30 10.1.1.2

每次都需要commit 生效
直接进入sys的时候敲入  system-view  immediately 

P：

<HUAWEI>sys immediately 
[HUAWEI]int lo 0
[HUAWEI-LoopBack0]ip add 202.106.0.1 30
[HUAWEI-LoopBack0]int g1/0/1
[HUAWEI-GE1/0/1]undo portswitch 
[HUAWEI-GE1/0/1]ip add 20.1.1.2 30

[HUAWEI]ospf 1
[HUAWEI-ospf-1]area 0
[HUAWEI-ospf-1-area-0.0.0.0]network 202.106.0.1 0.0.0.3
[HUAWEI-ospf-1-area-0.0.0.0]net 20.1.1.2 0.0.0.3

PE

[HUAWEI]int g1/0/0
[HUAWEI-GE1/0/0]undo portswitch 
[HUAWEI-GE1/0/0]undo shutdown 
[HUAWEI-GE1/0/0]ip add 20.1.1.1 30

[HUAWEI-GE1/0/0]ospf 1
[HUAWEI-ospf-1] area 0
[HUAWEI-ospf-1-area-0.0.0.0]net 20.1.1.1 0.0.0.3

确认OSPF关系

[HUAWEI]dis ospf peer br
OSPF Process 1 with Router ID 20.1.1.1
                   Peer Statistic Information
Total number of peer(s): 1       
 Peer(s) in full state: 1       
-----------------------------------------------------------------------------
 Area Id         Interface                  Neighbor id          State       
 0.0.0.0         GE1/0/0                    202.106.0.1          Full        
-----------------------------------------------------------------------------

二、PE1与CE建立关系

PE需要在VRF下与CE建立关系

PE

[HUAWEI]ip vpn-instance CE1
[HUAWEI-vpn-instance-CE1]ipv4-family
/因为不需要传递VPN V4路由，不需要RD RT，直接建立虚拟路由表就行

[HUAWEI]int g1/0/1
[HUAWEI-GE1/0/1]ip binding vpn-instance CE1
[HUAWEI-GE1/0/1]ip add 10.1.1.2 30
[HUAWEI-GE1/0/1]undo shutdown

[HUAWEI]ip route-static vpn-instance CE1 192.168.1.1 30 10.1.1.1 

测试下静态

[HUAWEI]ping -vpn-instance CE1 192.168.1.1
  PING 192.168.1.1: 56  data bytes, press CTRL_C to break
    Reply from 192.168.1.1: bytes=56 Sequence=1 ttl=255 time=9 ms
    Reply from 192.168.1.1: bytes=56 Sequence=2 ttl=255 time=5 ms
    Reply from 192.168.1.1: bytes=56 Sequence=3 ttl=255 time=5 ms
    Reply from 192.168.1.1: bytes=56 Sequence=4 ttl=255 time=5 ms
    Reply from 192.168.1.1: bytes=56 Sequence=5 ttl=255 time=4 ms

三、再PE做路由引入

1、公网引入私网路由

PE
先将私网路由表VPN-instance CE1 引入公网路由表，再将公网路由表引入 OSPF
ip import-rib R2220没有该命令，所以需要CE12800

[HUAWEI]ip import-rib vpn-instance CE1 protocol direct 
/引入互联10的直连路由 
[HUAWEI]ip import-rib vpn-instance CE1 protocol static 
/引入192的静态路由

将刚刚引入公网路由表的路由，再引入OSPF 同步给P

[HUAWEI]ospf 1
[HUAWEI-ospf-1]import-route direct 
[HUAWEI-ospf-1]import-route static 

查看P上的路由表

[HUAWEI-GE1/0/1]dis ip routing-table p o 
Proto: Protocol        Pre: Preference
Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole
 route
------------------------------------------------------------------------------
_public_ Routing Table : OSPF
         Destinations : 4        Routes : 4         

OSPF routing table status : <Active>
         Destinations : 2        Routes : 2         

Destination/Mask    Proto   Pre  Cost        Flags NextHop         Interface

       10.1.1.0/30  O_ASE   150  1             D   20.1.1.1        GE1/0/1
    192.168.1.0/30  O_ASE   150  1             D   20.1.1.1        GE1/0/1

OSPF routing table status : <Inactive>
         Destinations : 2        Routes : 2         

Destination/Mask    Proto   Pre  Cost        Flags NextHop         Interface

       20.1.1.0/30  OSPF    10   1                 20.1.1.2        GE1/0/1
    202.106.0.1/32  OSPF    10   0                 202.106.0.1     LoopBack0

2、私网引入公网路由

PE1

进入vpn-instance 引入公网表中的 直连路由与OSPF
[HUAWEI]ip vpn-instance CE1
[HUAWEI-vpn-instance-CE1]ipv4-family
[HUAWEI-vpn-instance-CE1-af-ipv4]import-rib public protocol direct 
[HUAWEI-vpn-instance-CE1-af-ipv4]import-rib public protocol ospf 1

查看CE路由表

[HUAWEI-GE1/0/0] dis ip routing-table 
Proto: Protocol        Pre: Preference
Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole
 route
------------------------------------------------------------------------------
Routing Table : _public_
         Destinations : 12       Routes : 12        

Destination/Mask    Proto   Pre  Cost        Flags NextHop         Interface

       10.1.1.0/30  Direct  0    0             D   10.1.1.1        GE1/0/0
       10.1.1.1/32  Direct  0    0             D   127.0.0.1       GE1/0/0
       10.1.1.3/32  Direct  0    0             D   127.0.0.1       GE1/0/0
       20.1.1.0/30  Static  60   0             RD  10.1.1.2        GE1/0/0
      127.0.0.0/8   Direct  0    0             D   127.0.0.1       InLoopBack0
      127.0.0.1/32  Direct  0    0             D   127.0.0.1       InLoopBack0
127.255.255.255/32  Direct  0    0             D   127.0.0.1       InLoopBack0
    192.168.1.0/30  Direct  0    0             D   192.168.1.1     LoopBack1
    192.168.1.1/32  Direct  0    0             D   127.0.0.1       LoopBack1
    192.168.1.3/32  Direct  0    0             D   127.0.0.1       LoopBack1
    202.106.0.0/30  Static  60   0             RD  10.1.1.2        GE1/0/0
255.255.255.255/32  Direct  0    0             D   127.0.0.1       InLoopBack0

[HUAWEI-GE1/0/0]ping 202.106.0.1
  PING 202.106.0.1: 56  data bytes, press CTRL_C to break
    Reply from 202.106.0.1: bytes=56 Sequence=1 ttl=254 time=11 ms
    Reply from 202.106.0.1: bytes=56 Sequence=2 ttl=254 time=8 ms
    Reply from 202.106.0.1: bytes=56 Sequence=3 ttl=254 time=9 ms
    Reply from 202.106.0.1: bytes=56 Sequence=4 ttl=254 time=10 ms
    Reply from 202.106.0.1: bytes=56 Sequence=5 ttl=254 time=12 ms

总结给自己看的，自己瞎理解着玩

公网路由指的其实指的 ASBR上的公用路由表
因为模拟运营商网络，内网使用OSPF
所以需要从VRF路由表先引入 →公网路由表→再从公网路由表引入 OSPF内传递给下游P设备
反过来公网注入私网
使用import-rib public protocol direct 引入路由信息库表项引入所需网段的 协议路由表

猜测CE-PE使用静态也可以

CE

<HUAWEI>sys immediately 
[HUAWEI]int g1/0/0
[HUAWEI-GE1/0/0]undo portswitch 
[HUAWEI-GE1/0/0]undo shutdown 
[HUAWEI-GE1/0/0]ip address 10.1.1.1 30
[HUAWEI-GE1/0/0]q
[HUAWEI]ip route-static 0.0.0.0 0 10.1.1.2 

[HUAWEI]dis ip routing-table 
Proto: Protocol        Pre: Preference
Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole
 route
------------------------------------------------------------------------------
Routing Table : _public_
         Destinations : 13       Routes : 13        

Destination/Mask    Proto   Pre  Cost        Flags NextHop         Interface

        0.0.0.0/0   Static  60   0             RD  10.1.1.2        GE1/0/0
       10.1.1.0/30  Direct  0    0             D   10.1.1.1        GE1/0/0
       10.1.1.1/32  Direct  0    0             D   127.0.0.1       GE1/0/0
       10.1.1.3/32  Direct  0    0             D   127.0.0.1       GE1/0/0
       20.1.1.0/30  Static  60   0             RD  10.1.1.2        GE1/0/0
      127.0.0.0/8   Direct  0    0             D   127.0.0.1       InLoopBack0
      127.0.0.1/32  Direct  0    0             D   127.0.0.1       InLoopBack0
127.255.255.255/32  Direct  0    0             D   127.0.0.1       InLoopBack0
    192.168.1.0/30  Direct  0    0             D   192.168.1.1     LoopBack1
    192.168.1.1/32  Direct  0    0             D   127.0.0.1       LoopBack1
    192.168.1.3/32  Direct  0    0             D   127.0.0.1       LoopBack1
    202.106.0.0/30  Static  60   0             RD  10.1.1.2        GE1/0/0
255.255.255.255/32  Direct  0    0             D   127.0.0.1       InLoopBack0

[HUAWEI]ping 202.106.0.1
  PING 202.106.0.1: 56  data bytes, press CTRL_C to break
    Reply from 202.106.0.1: bytes=56 Sequence=1 ttl=254 time=16 ms
    Reply from 202.106.0.1: bytes=56 Sequence=2 ttl=254 time=10 ms
    Reply from 202.106.0.1: bytes=56 Sequence=3 ttl=254 time=8 ms
    Reply from 202.106.0.1: bytes=56 Sequence=4 ttl=254 time=12 ms
    Reply from 202.106.0.1: bytes=56 Sequence=5 ttl=254 time=8 ms