实验拓扑
实验需求:如图所示,CE1为某公司的总部,CE2、CE3为某公司的分部,现在要求总部和分部之间通过mpls vpn实现私网的互访,并且要求分部之间互访的流量必须经过总部。
1.配置的IP地址
2.配置PE设备之间的OSPF协议
[pe1-ospf-1]dis this
ospf 1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 10.0.12.0 0.0.0.255
network 10.0.13.0 0.0.0.255
[pe2-ospf-1]dis this
ospf 1
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 10.0.12.0 0.0.0.255
[pe3-ospf-1]dis this
ospf 1
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 10.0.13.0 0.0.0.255
查看ospf 的邻居关系
图中可以看到ospf 的邻居关系已经建立
3.配置PE设备之间的
[pe1]mpls lsr-id 1.1.1.1
[pe1]mpls
[pe1-mpls]mpls ldp
[pe1]int G0/0/2
[pe1-GigabitEthernet0/0/2]MPLS
[pe1-GigabitEthernet0/0/2]MPLS ldp
[pe1-GigabitEthernet0/0/2]int g4/0/0
[pe1-GigabitEthernet4/0/0]mpls .
[pe1-GigabitEthernet4/0/0]mpls ldp
[pe2]mpls lsr-id 2.2.2.2
[pe2]mpls
[pe2-mpls]mpls ldp
[pe2]int g0/0/0
[pe2-GigabitEthernet0/0/0]mpls
[pe2-GigabitEthernet0/0/0]mpls ldp
[pe3]mpls lsr-id 3.3.3.3
[pe3]mpls
[pe3-mpls]mpls ldp
[pe3]int g0/0/0
[pe3-GigabitEthernet0/0/0]mpls
[pe3-GigabitEthernet0/0/0]mpls ldp
查看MPLS LSP的隧道建立的情况
4.配置PE设备上的实例
[pe1-vpn-instance-vpn_in]dis this
ip vpn-instance vpn_in
ipv4-family
route-distinguisher 100:1 ##RD值为100:1
vpn-target 200:1 import-extcommunity ##RT值为200:1
[pe1-vpn-instance-vpn_out]dis this
ip vpn-instance vpn_out
ipv4-family
route-distinguisher 100:2
vpn-target 100:1 export-extcommunity
[pe2-vpn-instance-vpn1]dis this
ip vpn-instance vpn1
ipv4-family
route-distinguisher 100:1
vpn-target 200:1 export-extcommunity
vpn-target 100:1 import-extcommunity
[pe3-vpn-instance-vpn1]dis this
ip vpn-instance vpn1
ipv4-family
route-distinguisher 100:2
vpn-target 200:1 export-extcommunity
vpn-target 100:1 import-extcommunity
5.将接口绑定对应的VPN的实例
[pe1-GigabitEthernet0/0/0]dis this
interface GigabitEthernet0/0/0
ip binding vpn-instance vpn_in
ip address 11.1.1.1 255.255.255.0
[pe1-GigabitEthernet0/0/1]dis this
interface GigabitEthernet0/0/1
ip binding vpn-instance vpn_out
ip address 10.1.1.1 255.255.255.0
[pe2-GigabitEthernet0/0/1]dis this
interface GigabitEthernet0/0/1
ip binding vpn-instance vpn1
ip address 22.1.1.1 255.255.255.0
[pe3-GigabitEthernet0/0/1]dis this
interface GigabitEthernet0/0/1
ip binding vpn-instance vpn1
ip address 22.1.1.1 255.255.255.0
6.配置PE设备和CE设备之间的
[ce1]bgp 100
[ce1-bgp]peer 11.1.1.1 as-number 400
[ce1-bgp]peer 10.1.1.1 as-number 400
[pe1-bgp]dis this
bgp 400
ipv4-family vpn-instance vpn_in
peer 11.1.1.2 as-number 100
ipv4-family vpn-instance vpn_out
peer 10.1.1.2 as-number 100
[ce2-bgp]dis this
bgp 200
peer 22.1.1.1 as-number 400
network 20.20.20.20 255.255.255.255
[pe2-bgp]dis this
bgp 400
ipv4-family vpn-instance vpn1
peer 22.1.1.2 as-number 200
[pe3-bgp]dis this
bgp 400
ipv4-family vpn-instance vpn1
peer 33.1.1.2 as-number 300
[ce3-bgp]dis this
bgp 300
peer 33.1.1.1 as-number 400
network 30.30.30.30 255.255.255.255
查看BGP的邻居关系
7.配置spoke pe和hub pe设备之间的MP BGP协议
[pe1]bgp 400
[pe1-bgp]peer 2.2.2.2 as-number 400
[pe1-bgp]peer 2.2.2.2 connect-interface LoopBack 0
[pe1-bgp]peer 3.3.3.3 as-number 400
[pe1-bgp]peer 3.3.3.3 connect-interface LoopBack 0
[pe1-bgp]ipv4-family vpnv4
[pe1-bgp-af-vpnv4]peer 2.2.2.2 enable
[pe1-bgp-af-vpnv4]peer 3.3.3.3 enable
[pe2]bgp 400
[pe2-bgp]peer 1.1.1.1 as-number 400
[pe2-bgp]peer 1.1.1.1 connect-interface LoopBack 0
[pe2-bgp]ipv4-family vpnv4
[pe2-bgp-af-vpnv4]peer 1.1.1.1 enable
[pe3]bgp 400
[pe3-bgp]peer 1.1.1.1 as-number 400
[pe3-bgp]peer 1.1.1.1 connect-interface LoopBack 0
[pe3-bgp]ipv4-family vpnv4
[pe3-bgp-af-vpnv4]peer 1.1.1.1 enable
8.配置bgp 的本地as号的重复次数
[pe1]bgp 400
[pe1-bgp]ipv4-family vpnv4
[pe1-bgp]ipv4-family vpn-instance vpn_out
[pe1-bgp-vpn_out]peer 10.1.1.2 allow-as-loop