目录
拓扑结构:
要求:
1、R1与R5之间使用MPLS VPN,R1与R5使用静态路由的方式向PE传递路由
2、R6与R7之间使用MPLS VPN,R6使用RIP动态路由协议,R7使用OSPF动态路由协议分别向PE传递路由
3、R7可以访问R2/R3/R4的环回(R7有一个公网地址),R1可以访问R5,但不能访问R7,R6可以访问R7,但不能访问R5
使用的设备:7台
路由器
解决网络拓扑:
1、确定广播域的个数
2、分配网段
3、配置IP地址 (优先配置路由器)
确定广播域的个数
根据拓扑结构图以及要求可知,MPLS VPN是要在公网上搭建的,所以中间是公网网段,其他地方为私网网段,私网网段已经给定,公网根据公网IP随意分配。
分配网段
自主分配网段
接口网段:
| 接口 | 分配网段 |
| R1:GE 0/0/0 | 192.168.2.0/30 |
| R2:GE 0/0/0 R2:GE 0/0/1 R2:GE 0/0/2 | 192.168.2.0/30 192.168.2.0/30 23.0.0.0/30 |
| R3:GE 0/0/0 R3:GE 0/0/1 | 23.0.0.0/30 34.0.0.0/30 |
| R4:GE 0/0/0 R4:GE 0/0/1 R4:GE 0/0/2 R4:GE 1/0/0 | 34.0.0.0/30 192.168.3.0/30 47.0.0.0/30 192.168.3.0/30 |
| R5:GE 0/0/0 | 192.168.3.0/30 |
| R6:GE 0/0/0 | 192.168.2.0/30 |
| R7:GE 0/0/0 R7:GE 0/0/1 | 47.0.0.0/30 192.168.3.0/30 |
环回网段:
| 环回 | 分配网段 |
| R1 LoopBack 0 | 192.168.1.0/24 |
| R2 LoopBack 0 | 20.0.0.0/24 |
| R3 LoopBack 0 | 30.0.0.0/24 |
| R4 LoopBack 0 | 40.0.0.0/24 |
| R5 LoopBack 0 | 192.168.4.0/24 |
| R6 LoopBack 0 | 192.168.1.0/24 |
| R7 LoopBack 0 | 192.168.4.0/24 |
配置路由器IP地址
配置顺序为R2、R3、R4,先让公网可以相互通信,然后是客户网络,R1、R5、R6、R7
AR2:
<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname r2
[r2]interface GigabitEthernet 0/0/2
[r2-GigabitEthernet0/0/2]ip address 23.0.0.1 30
May 27 2023 21:08:27-08:00 r2 %%01IFNET/4/LINK_STATE(l)[2]:The line protocol IP on the interface GigabitEthernet0/0/2 has entered the UP state.
[r2-GigabitEthernet0/0/2]q
[r2]interface LoopBack 0
[r2-LoopBack0]ip address 20.0.0.1 24
[r2-LoopBack0]q
[r2]AR3:
<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname r3
[r3]interface GigabitEthernet 0/0/0
[r3-GigabitEthernet0/0/0]ip address 23.0.0.2 30
May 27 2023 21:10:30-08:00 r3 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP on the interface GigabitEthernet0/0/0 has entered the UP state.
[r3-GigabitEthernet0/0/0]q
[r3]interface GigabitEthernet 0/0/1
[r3-GigabitEthernet0/0/1]ip address 34.0.0.1 30
May 27 2023 21:10:42-08:00 r3 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol IP on the interface GigabitEthernet0/0/1 has entered the UP state.
[r3-GigabitEthernet0/0/1]q
[r3]interface LoopBack 0
[r3-LoopBack0]ip address 30.0.0.1 24
[r3-LoopBack0]q
[r3]AR4:
<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname r4
[r4]interface GigabitEthernet 0/0/0
[r4-GigabitEthernet0/0/0]ip address 34.0.0.2 30
May 27 2023 21:16:56-08:00 r4 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP on the interface GigabitEthernet0/0/0 has entered the UP state.
[r4-GigabitEthernet0/0/0]q
[r4]interface GigabitEthernet 0/0/2
[r4-GigabitEthernet0/0/2]ip address 47.0.0.1 30
May 27 2023 21:17:23-08:00 r4 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol IP on the interface GigabitEthernet0/0/2 has entered the UP state.
[r4-GigabitEthernet0/0/2]q
[r4]interface LoopBack 0
[r4-LoopBack0]ip address 40.0.0.1 24
[r4-LoopBack0]q
[r4]AR7:
<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname r7
[r7]interface GigabitEthernet 0/0/0
[r7-GigabitEthernet0/0/0]ip address 47.0.0.2 30
[r7-GigabitEthernet0/0/0]
May 27 2023 21:23:59-08:00 r7 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP on the interface GigabitEthernet0/0/0 has entered the UP state.
[r7-GigabitEthernet0/0/0]q
[r7]
# 写一条指向公网的缺省路由
[r7]ip route-static 0.0.0.0 0 47.0.0.1 配置OSPF动态路由协议
先在公网内部运行OSPF动态路由协议,将公网配置完成,使其相互通信,在接口配置认证,保证更新安全
AR2:
[r2]ospf 1 router-id 2.2.2.2
[r2-ospf-1]area 0
[r2-ospf-1-area-0.0.0.0]network 23.0.0.0 0.0.0.3
[r2-ospf-1-area-0.0.0.0]network 20.0.0.0 0.0.0.255
[r2-ospf-1-area-0.0.0.0]q
[r2-ospf-1]q
[r2]interface GigabitEthernet 0/0/2
[r2-GigabitEthernet0/0/2]ospf authentication-mode md5 1 cipher 123456
[r2-GigabitEthernet0/0/2]q
[r2]AR3:
[r3]ospf 1 router-id 3.3.3.3
[r3-ospf-1]area 0
[r3-ospf-1-area-0.0.0.0]network 23.0.0.0 0.0.0.3
[r3-ospf-1-area-0.0.0.0]network 30.0.0.0 0.0.0.255
[r3-ospf-1-area-0.0.0.0]network 34.0.0.0 0.0.0.3
[r3-ospf-1-area-0.0.0.0]q
[r3-ospf-1]q
[r3]interface GigabitEthernet 0/0/0
[r3-GigabitEthernet0/0/0]ospf authentication-mode md5 1 cipher 123456
[r3-GigabitEthernet0/0/0]q
[r3]interface GigabitEthernet 0/0/1
[r3-GigabitEthernet0/0/1]ospf authentication-mode md5 1 cipher 123456
[r3-GigabitEthernet0/0/1]q
[r3]AR4:在连接R7的公网接口上配置沉默接口
[r4]ospf 1 router-id 4.4.4.4
[r4-ospf-1]area 0
[r4-ospf-1-area-0.0.0.0]network 34.0.0.0 0.0.0.3
[r4-ospf-1-area-0.0.0.0]network 40.0.0.0 0.0.0.255
[r4-ospf-1-area-0.0.0.0]network 47.0.0.0 0.0.0.3
[r4-ospf-1-area-0.0.0.0]q
# 沉默接口
[r4-ospf-1]silent-interface GigabitEthernet 0/0/2
[r4-ospf-1]q
[r4]interface GigabitEthernet 0/0/0
[r4-GigabitEthernet0/0/0]ospf authentication-mode md5 1 cipher 123456
[r4-GigabitEthernet0/0/0]q
[r4]配置MPLS
配置完OSPF协议之后公网可以正常通信,然后配置多标签协议交换(MPLS)
AR2:
[r2]mpls lsr-id 20.0.0.1
[r2]mpls
Info: Mpls starting, please wait... OK!
[r2-mpls]mpls ldp
[r2-mpls-ldp]q
[r2]interface GigabitEthernet 0/0/2
[r2-GigabitEthernet0/0/2]mpls
[r2-GigabitEthernet0/0/2]mpls ldp
[r2-GigabitEthernet0/0/2]q
[r2]AR3:
[r3]mpls lsr-id 30.0.0.1
[r3]mpls
Info: Mpls starting, please wait... OK!
[r3-mpls]mpls ldp
[r3-mpls-ldp]q
[r3]interface GigabitEthernet 0/0/0
[r3-GigabitEthernet0/0/0]mpls
[r3-GigabitEthernet0/0/0]mpls ldp
[r3-GigabitEthernet0/0/0]q
[r3]interface GigabitEthernet 0/0/1
[r3-GigabitEthernet0/0/1]mpls
[r3-GigabitEthernet0/0/1]mpls ldp
[r3-GigabitEthernet0/0/1]q
[r3]AR4:
[r4]mpls lsr-id 40.0.0.1
[r4]mpls
Info: Mpls starting, please wait... OK!
[r4-mpls]mpls ldp
[r4-mpls-ldp]q
[r4]interface GigabitEthernet 0/0/0
[r4-GigabitEthernet0/0/0]mpls
[r4-GigabitEthernet0/0/0]mpls ldp
[r4-GigabitEthernet0/0/0]q
[r4]配置MPLS-VPN
然后在配置完多协议标签交换(MPLS)的基础上配置MPLS-VPN,开启VPN空间,配置相应的RD值和RT值,并将空间关联到相应的接口上
AR2:
[r2]ip vpn-instance b1
[r2-vpn-instance-b1]ipv4-family
[r2-vpn-instance-b1-af-ipv4]route-distinguisher 1:1
[r2-vpn-instance-b1-af-ipv4]vpn-target 1:1
IVT Assignment result:
Info: VPN-Target assignment is successful.
EVT Assignment result:
Info: VPN-Target assignment is successful.
[r2-vpn-instance-b1-af-ipv4]q
[r2-vpn-instance-b1]q
[r2]ip vpn-instance a1
[r2-vpn-instance-a1]ipv4-family
[r2-vpn-instance-a1-af-ipv4]route-distinguisher 2:2
[r2-vpn-instance-a1-af-ipv4]vpn-target 2:2
IVT Assignment result:
Info: VPN-Target assignment is successful.
EVT Assignment result:
Info: VPN-Target assignment is successful.
[r2-vpn-instance-a1-af-ipv4]q
[r2-vpn-instance-a1]q
[r2]interface GigabitEthernet 0/0/0
[r2-GigabitEthernet0/0/0]ip binding vpn-instance b1
Info: All IPv4 related configurations on this interface are removed!
Info: All IPv6 related configurations on this interface are removed!
[r2-GigabitEthernet0/0/0]ip address 192.168.2.2 30
May 27 2023 21:46:29-08:00 r2 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP on the interface GigabitEthernet0/0/0 has entered the UP state.
[r2-GigabitEthernet0/0/0]q
[r2]interface GigabitEthernet 0/0/1
[r2-GigabitEthernet0/0/1]ip binding vpn-instance a1
Info: All IPv4 related configurations on this interface are removed!
Info: All IPv6 related configurations on this interface are removed!
[r2-GigabitEthernet0/0/1]q
[r2]interface GigabitEthernet 0/0/1
[r2-GigabitEthernet0/0/1]ip address 192.168.2.2 30
[r2-GigabitEthernet0/0/1]
May 27 2023 21:48:10-08:00 r2 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol IP on the interface GigabitEthernet0/0/1 has entered the UP state.
[r2-GigabitEthernet0/0/1]q
[r2]AR4:
[r4]ip vpn-instance b2
[r4-vpn-instance-b2]ipv4-family
[r4-vpn-instance-b2-af-ipv4]route-distinguisher 1:1
[r4-vpn-instance-b2-af-ipv4]vpn-target 1:1
IVT Assignment result:
Info: VPN-Target assignment is successful.
EVT Assignment result:
Info: VPN-Target assignment is successful.
[r4-vpn-instance-b2-af-ipv4]q
[r4-vpn-instance-b2]q
[r4]ip vpn-instance a2
[r4-vpn-instance-a2]ipv4-family
[r4-vpn-instance-a2-af-ipv4]route-distinguisher 2:2
[r4-vpn-instance-a2-af-ipv4]vpn-target 2:2
IVT Assignment result:
Info: VPN-Target assignment is successful.
EVT Assignment result:
Info: VPN-Target assignment is successful.
[r4-vpn-instance-a2-af-ipv4]q
[r4-vpn-instance-a2]q
[r4]interface GigabitEthernet 0/0/1
[r4-GigabitEthernet0/0/1]ip binding vpn-instance b2
Info: All IPv4 related configurations on this interface are removed!
Info: All IPv6 related configurations on this interface are removed!
[r4-GigabitEthernet0/0/1]ip address 192.168.3.1 30
May 27 2023 21:58:01-08:00 r4 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP on the interface GigabitEthernet0/0/1 has entered the UP state.
[r4-GigabitEthernet0/0/1]q
[r4]interface GigabitEthernet 1/0/0
[r4-GigabitEthernet1/0/0]ip binding vpn-instance a2
Info: All IPv4 related configurations on this interface are removed!
Info: All IPv6 related configurations on this interface are removed!
[r4-GigabitEthernet1/0/0]ip address 192.168.3.1 30
May 27 2023 21:58:29-08:00 r4 %%01IFNET/4/LINK_STATE(l)[1]:The line protocol IP on the interface GigabitEthernet1/0/0 has entered the UP state.
[r4-GigabitEthernet1/0/0]q
[r4]配置BGP协议
在R2和R4上配置BGP协议,建立邻居,传递路由
AR2:
[r2]bgp 1
[r2-bgp]router-id 2.2.2.2
[r2-bgp]peer 40.0.0.1 as-number 1
[r2-bgp]peer 40.0.0.1 connect-interface LoopBack 0
[r2-bgp]ipv4-family vpnv4
[r2-bgp-af-vpnv4]peer 40.0.0.1 enable
[r2-bgp-af-vpnv4]q
[r2-bgp]q
[r2]AR4:
[r4]bgp 1
[r4-bgp]router-id 4.4.4.4
[r4-bgp]peer 20.0.0.1 as-number 1
[r4-bgp]peer 20.0.0.1 connect-interface LoopBack 0
[r4-bgp]ipv4-family vpnv4
[r4-bgp-af-vpnv4]peer 20.0.0.1 enable
[r4-bgp-af-vpnv4]q
[r4-bgp]q
[r4]配置客户的IP地址
AR1:
<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname r1
[r1]interface GigabitEthernet 0/0/0
[r1-GigabitEthernet0/0/0]ip address 192.168.2.1 30
[r1-GigabitEthernet0/0/0]
May 27 2023 22:02:08-08:00 r1 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP on the interface GigabitEthernet0/0/0 has entered the UP state.
[r1-GigabitEthernet0/0/0]q
[r1]interface LoopBack 0
[r1-LoopBack0]ip address 192.168.1.1 24
[r1-LoopBack0]q
[r1]AR5:
<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname r5
[r5]interface GigabitEthernet 0/0/0
[r5-GigabitEthernet0/0/0]ip address 192.168.3.2 30
May 27 2023 22:03:49-08:00 r5 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP on the interface GigabitEthernet0/0/0 has entered the UP state.
[r5-GigabitEthernet0/0/0]q
[r5]interface LoopBack 0
[r5-LoopBack0]ip address 192.168.4.1 24
[r5-LoopBack0]q
[r5]AR6:
<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname r6
[r6]interface GigabitEthernet 0/0/0
[r6-GigabitEthernet0/0/0]ip address 192.168.2.1 30
May 27 2023 22:04:40-08:00 r6 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP on the interface GigabitEthernet0/0/0 has entered the UP state.
[r6-GigabitEthernet0/0/0]q
[r6]interface LoopBack 0
[r6-LoopBack0]ip address 192.168.1.2 24
[r6-LoopBack0]q
[r6]AR7:
[r7]interface GigabitEthernet 0/0/1
[r7-GigabitEthernet0/0/1]ip address 192.168.3.2 30
[r7-GigabitEthernet0/0/1]
May 27 2023 22:05:37-08:00 r7 %%01IFNET/4/LINK_STATE(l)[0]:The line protocol IP on the interface GigabitEthernet0/0/1 has entered the UP state.
[r7-GigabitEthernet0/0/1]q
[r7]interface LoopBack 0
[r7-LoopBack0]ip address 192.168.4.2 24
[r7-LoopBack0]q
[r7]配置动态路由协议
RIP:
AR6:
[r6]rip 1
[r6-rip-1]version 2
[r6-rip-1]network 192.168.1.0
[r6-rip-1]network 192.168.2.0
[r6-rip-1]q
[r6]AR2:
[r2]rip 1 vpn-instance a1
[r2-rip-1]version 2
[r2-rip-1]network 192.168.2.0
[r2-rip-1]OSPF:
AR4:
[r4]ospf 2 vpn-instance a2
[r4-ospf-2]area 0
[r4-ospf-2-area-0.0.0.0]network 192.168.3.0 0.0.0.3
[r4-ospf-2-area-0.0.0.0]q
[r4-ospf-2]AR7:
[r7]ospf 1 router-id 7.7.7.7
[r7-ospf-1]area 0
[r7-ospf-1-area-0.0.0.0]network 192.168.4.0 0.0.0.255
[r7-ospf-1-area-0.0.0.0]network 192.168.3.0 0.0.0.3
[r7-ospf-1-area-0.0.0.0]q
[r7-ospf-1]q
[r7]双向重发布:
在公网边界网关上进行双向重发布,使双方拥有未知的路由条目
AR2:
[r2]rip 1 vpn-instance a1
[r2-rip-1]import-route bgp
[r2-rip-1]q
[r2]bgp 1
[r2-bgp]ipv4-family vpn-instance a1
[r2-bgp-a1]import-route rip 1
[r2-bgp-a1]q
[r2-bgp]q
[r2]AR4:
[r4]bgp 1
[r4-bgp]ipv4-family vpn-instance a2
[r4-bgp-a2]import-route ospf 2
[r4-bgp-a2]q
[r4-bgp]q
[r4]ospf 2 vpn-instance a2
[r4-ospf-2]import-route bgp
[r4-ospf-2]q
[r4]AR1:
[r1]ip route-static 192.168.3.0 24 192.168.2.2
[r1]ip route-static 192.168.4.0 24 192.168.2.2AR2:
[r2]ip route-static vpn-instance b1 192.168.1.0 24 192.168.2.1
[r2]bgp 1
[r2-bgp]ipv4-family vpn-instance b1
[r2-bgp-b1]import-route static
[r2-bgp-b1]import-route direct
[r2-bgp-b1]q
[r2-bgp]q
[r2]AR4:
[r4]ip route-static vpn-instance b2 192.168.4.0 24 192.168.3.2
[r4]bgp 1
[r4-bgp]ipv4-family vpn-instance b2
[r4-bgp-b2]import-route static
[r4-bgp-b2]import-route direct
[r4-bgp-b2]q
[r4-bgp]q
[r4]AR5:
[r5]ip route-static 192.168.1.0 24 192.168.3.1
[r5]ip route-static 192.168.2.0 24 192.168.3.1最后,进行测试:
R1可以和R5进行通信,但是不能和R7进行通信
R6可以和R7进行通信,但是不能和R5进行通信
R7可以访问公网的环回,实验到此为止,要求全部完成。
391
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
