MPLS VPN（MCE组网）配置

实验拓扑

实验需求：

CE1和CE2属于实例a、CE3和CE4属于实例b。要求a的RD值配置为100：1，RT值配置为100：1both。b的RD值配置为200：1,RT值配置为200：1 both。最终要求CE1能访问CE2、CE3能访问CE4。

1.配置ISP内的ip地址

PE1的IP地址

P的IP地址

PE2的IP地址

2.配置ISP内的OSPF协议

[PE1-ospf-1-area-0.0.0.0]dis this

area 0.0.0.0

network 1.1.1.1 0.0.0.0

network 12.1.1.0 0.0.0.255

[P-ospf-1-area-0.0.0.0]dis this

area 0.0.0.0

network 2.2.2.2 0.0.0.0

network 12.1.1.0 0.0.0.255

re network 23.1.1.0 0.0.0.255

[PE2-ospf-1-area-0.0.0.0]dis this

area 0.0.0.0

network 3.3.3.3 0.0.0.0

network 23.1.1.0 0.0.0.255

查看ospf 的状态

3.配置ISP运行MPLS LDP

[PE1]mpls lsr-id 1.1.1.1

[PE1]mpls

[PE1-mpls]mpls ldp

[PE1]int g0/0/1

[PE1-GigabitEthernet0/0/1]mpls

[PE1-GigabitEthernet0/0/1]mpls ldp

[P]mpls lsr-id 2.2.2.2

[P]mpls

[P-mpls]mpls ldp

[P-mpls-ldp]int g0/0/0

[P-GigabitEthernet0/0/0]mpls

[P-GigabitEthernet0/0/0]mpls ldp

[P-GigabitEthernet0/0/0]int g0/0/1

[P-GigabitEthernet0/0/1]mpls

[P-GigabitEthernet0/0/1]mpls ldp

[PE2]mpls lsr-id 3.3.3.3

[PE2]mpls

[PE2-mpls]mpls ldp

[PE2]int g0/0/0

[PE2-GigabitEthernet0/0/0]mpls

[PE2-GigabitEthernet0/0/0]mpls ldp

查看MPLS 的LSP，可以看到环回口对应的配置了公网的隧道

4.在PE1和PE2，MCE上创建分别创建两个实例，a和b，PE1和MCE上绑定到对应的接口

[PE1-vpn-instance-a-af-ipv4]dis this

ipv4-family

route-distinguisher 100:1

vpn-target 100:1 export-extcommunity

vpn-target 100:1 import-extcommunity

[PE1-vpn-instance-b-af-ipv4]dis this

ipv4-family

route-distinguisher 200:1

vpn-target 200:1 export-extcommunity

vpn-target 200:1 import-extcommunity

[PE1-GigabitEthernet0/0/0]dis this

interface GigabitEthernet0/0/0

ip binding vpn-instance a

ip address 10.0.11.2 255.255.255.0

[PE1-GigabitEthernet0/0/2]dis this

interface GigabitEthernet0/0/2

ip binding vpn-instance b

ip address 10.0.13.2 255.255.255.0

[PE2-vpn-instance-a]dis this

ip vpn-instance a

ipv4-family

route-distinguisher 100:1

vpn-target 100:1 export-extcommunity

vpn-target 100:1 import-extcommunity

[PE2-vpn-instance-b]dis this

ip vpn-instance b

ipv4-family

route-distinguisher 200:1

vpn-target 200:1 export-extcommunity

vpn-target 200:1 import-extcommunity

[MCE-vpn-instance-a-af-ipv4]dis this

ipv4-family

route-distinguisher 100:1

vpn-target 100:1 export-extcommunity

vpn-target 100:1 import-extcommunity

[MCE-vpn-instance-b-af-ipv4]dis this

ipv4-family

route-distinguisher 200:1

vpn-target 200:1 export-extcommunity

vpn-target 200:1 import-extcommunity

[MCE-GigabitEthernet0/0/1]dis this

interface GigabitEthernet0/0/1

ip binding vpn-instance a

ip address 10.0.2.2 255.255.255.0

[MCE-GigabitEthernet0/0/2]dis this

interface GigabitEthernet0/0/2

ip binding vpn-instance b

ip address 10.0.4.2 255.255.255.0

5.在CE1和CE3上对PE1分别配置ospf，在CE2和CE4上对PE2分别配置OSPF。

[PE1-ospf-100]dis this

ospf 100 vpn-instance a ##将OSPF的100进程绑定到实例a

area 0.0.0.0

network 10.0.11.0 0.0.0.255

[PE1-ospf-200]dis this

ospf 200 vpn-instance b ##将OSPF的200进程绑定到实例b

area 0.0.0.0

network 10.0.13.0 0.0.0.255

[CE1]int g0/0/0

[CE1-GigabitEthernet0/0/0]ip add 10.0.11.1 24

[CE1-GigabitEthernet0/0/0]int lo 0

[CE1-LoopBack0]ip add 10.10.10.10 32

[CE1-ospf-1-area-0.0.0.0]dis this

area 0.0.0.0

network 10.0.11.0 0.0.0.255

network 10.10.10.10 0.0.0.0

[CE3]int g0/0/0

[CE3-GigabitEthernet0/0/0]ip add 10.0.13.1 24

[CE3-GigabitEthernet0/0/0]int lo 0

[CE3-LoopBack0]ip add 30.30.30.30 32

[CE3-ospf-1-area-0.0.0.0]dis this

area 0.0.0.0

network 10.0.13.0 0.0.0.255

network 30.30.30.30 0.0.0.0

[MCE-ospf-100]dis this

ospf 100 vpn-instance a

area 0.0.0.0

network 10.0.2.0 0.0.0.255

[MCE-ospf-200]dis this

ospf 200 vpn-instance b

area 0.0.0.0

network 10.0.4.0 0.0.0.255

[CE2]int g0/0/0

[CE2-GigabitEthernet0/0/0]ip add 10.0.2.1 24

[CE2-GigabitEthernet0/0/0]int lo 0

[CE2-LoopBack0]ip add 20.20.20.20 32

[CE2-ospf-1]dis this

ospf 1

area 0.0.0.0

network 10.0.2.0 0.0.0.255

network 20.20.20.20 0.0.0.0

[CE4]int g0/0/0

[CE4-GigabitEthernet0/0/0]ip add 10.0.4.1 24

[CE4-GigabitEthernet0/0/0]int lo0

[CE4-LoopBack0]ip add 40.40.40.40 32

[CE4-ospf-1-area-0.0.0.0]dis this

area 0.0.0.0

network 10.0.4.0 0.0.0.255

network 40.40.40.40 0.0.0.0

查看ospf邻居关系

6.在PE2和MCE之间配置子接口。

[MCE-GigabitEthernet0/0/0.1]dis this

interface GigabitEthernet0/0/0.1

dot1q termination vid 10 ##两端要打上相同的VID

ip binding vpn-instance a

ip address 192.168.1.2 255.255.255.0

arp broadcast enable

[MCE-GigabitEthernet0/0/0.2]dis this

interface GigabitEthernet0/0/0.2

dot1q termination vid 20

ip binding vpn-instance b

ip address 192.168.2.2 255.255.255.0

arp broadcast enable

[PE2-GigabitEthernet0/0/1.1]dis this

interface GigabitEthernet0/0/1.1

dot1q termination vid 10

ip binding vpn-instance a

ip address 192.168.1.1 255.255.255.0

arp broadcast enable

[PE2-GigabitEthernet0/0/1.2]dis this

interface GigabitEthernet0/0/1.2

dot1q termination vid 20

ip binding vpn-instance b

ip address 192.168.2.1 255.255.255.0

arp broadcast enable

7.配置PE2和MCE之间的OSPF

[PE2-ospf-100]dis this

ospf 100 vpn-instance a

area 0.0.0.0

network 192.168.1.0 0.0.0.255

[PE2-ospf-200]dis this

ospf 200 vpn-instance b

area 0.0.0.0

network 192.168.2.0 0.0.0.255

[MCE-ospf-100]dis this

ospf 100 vpn-instance a

area 0.0.0.0

network 10.0.2.0 0.0.0.255

network 192.168.1.0 0.0.0.255

[MCE-ospf-200]dis this

ospf 200 vpn-instance b

area 0.0.0.0

network 10.0.4.0 0.0.0.255

network 192.168.2.0 0.0.0.255

查看ospf邻居状态

8.配置PE1和PE2之间的MP-BGP邻居关系，传递私网路由

[PE1]bgp 100

[PE1-bgp]peer 3.3.3.3 as-number 100

[PE1-bgp]peer 3.3.3.3 connect-interface LoopBack 0

[PE1-bgp]peer 3.3.3.3 next-hop-local

[PE1-bgp]ipv4-family vpnv4

[PE1-bgp-af-vpnv4]peer 3.3.3.3 enable

[PE2]bgp 100

[PE2-bgp]peer 1.1.1.1 as-number 100

[PE2-bgp]peer 1.1.1.1 connect-interface LoopBack 0

[PE2-bgp]peer 1.1.1.1 next-hop-local

[PE2-bgp]ipv4-family vpnv4

[PE2-bgp-af-vpnv4]peer 1.1.1.1 enable

[PE2-bgp-af-vpnv4]q

查看建立的MP-BGP邻居关系

9.PE1、PE2和CE1、CE2之间运行的是ospf协议，因此需要在PE设备将ospf的路由进行双向引入

[PE1]ospf 100

[PE1-ospf-100]import-route bgp

[PE1]ospf 200

[PE1-ospf-200]import-route bgp

[PE1-bgp]ipv4-family vpn-instance a

[PE1-bgp-a]import-route ospf 100

[PE1-bgp]ipv4-family vpn-instance b

[PE1-bgp-b]import-route ospf 200

[PE2]ospf 100

[PE2-ospf-100]import-route bgp

[PE2-ospf-100]ospf 200

[PE2-ospf-200]import-route bgp

[PE2-bgp-a]import-route ospf 100

[PE2-bgp]ipv4-family vpn-instance b

[PE2-bgp-b]import-route ospf 200

查看PE1的BGP vpnv4路由：

查看vpn实例a的路由表

查看vpn实例b的路由表

PE2同理

10.在MCE当中关闭环路检测

[MCE]ospf 100

[MCE-ospf-100]vpn-instance-capability  simple ##用来禁止路由环路检测，直接进行路由计算。

[MCE]ospf 200

[MCE-ospf-200]vpn-instance-capability simple

11.测试连通性