R2,R3,R4,R5为运营商R1为公司总部R6和R7分别为公司的两个分部
要求
1.R6与R7互相访问时必须经过R1
2.公司总部和分部都可以访问外网1.2.3.4/32
使用mpls VPN的作用节约了R6-R7从公网打通的线路,节约资金
R1
hostname R1
interface Loopback0
ip address 1.1.1.1 255.255.255.255
interface Ethernet0/0
ip address 10.12.1.1 255.255.255.0
interface Ethernet0/0.1
encapsulation dot1Q 1 native
ip address 10.12.2.1 255.255.255.0
ip nat inside
interface Ethernet0/0.2
encapsulation dot1Q 2
ip address 10.12.3.1 255.255.255.0
ip nat inside
interface Ethernet0/0.3
encapsulation dot1Q 3
ip address 172.16.1.1 255.255.255.0
ip nat outside
router bgp 1
bgp log-neighbor-changes
network 0.0.0.0
network 1.1.1.1 mask 255.255.255.255
neighbor 10.12.1.2 remote-as 100
neighbor 10.12.1.2 next-hop-self
neighbor 10.12.2.2 remote-as 100
neighbor 10.12.3.2 remote-as 100
default-information originate
ip nat inside source list 1 interface Ethernet0/0.3 overload
ip route 0.0.0.0 0.0.0.0 172.16.1.2
R2:
interface Loopback0
ip address 2.2.2.2 255.255.255.255
interface Ethernet0/0
ip address 10.12.1.2 255.255.255.0
mpls ip
interface Ethernet0/0.1
encapsulation dot1Q 1 native
ip vrf forwarding in
ip address 10.12.2.2 255.255.255.
interface Ethernet0/0.2
encapsulation dot1Q 2
ip vrf forwarding out
ip address 10.12.3.2 255.255.255
interface Ethernet0/0.3
encapsulation dot1Q 3
ip address 172.16.1.2 255.255.255.0
interface Ethernet0/1
ip address 10.23.1.1 255.255.255.0
mpls ip
router eigrp 1
network 2.2.2.2 0.0.0.0
network 10.23.1.0 0.0.0.255
router bgp 100
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 3.3.3.3 remote-as 100
neighbor 3.3.3.3 update-source Loopback0
neighbor 10.12.1.1 remote-as 1
address-family ipv4
network 172.16.1.0 mask 255.255.255.0
neighbor 3.3.3.3 activate
neighbor 3.3.3.3 next-hop-self
exit-address-family
address-family vpnv4
neighbor 3.3.3.3 activate
neighbor 3.3.3.3 send-community extended
exit-address-family
address-family ipv4 vrf in
network 2.2.2.2 mask 255.255.255.255
neighbor 10.12.2.1 remote-as 1
neighbor 10.12.2.1 activate
neighbor 10.12.2.1 as-override把具有和其他 AS 相同 AS 号的路由放入这个 AS//邻居路由器使用
exit-address-family
address-family ipv4 vrf out
network 2.2.2.2 mask 255.255.255.255
neighbor 10.12.3.1 remote-as 1
neighbor 10.12.3.1 activate
neighbor 10.12.3.1 allowas-in//允许和具有自己相同的 AS 的路由进入本 AS//打破防环(本路由器使用)
R3``
interface Loopback0
ip address 3.3.3.3 255.255.255.255
interface Loopback100
ip address 1.2.3.4 255.255.255.255
interface Ethernet0/0
ip address 10.23.1.2 255.255.255.0
mpls ip
interface Ethernet0/1
ip address 10.34.1.1 255.255.255.0
mpls ip
interface Ethernet0/2
ip address 10.35.1.1 255.255.255.0
mpls ip
router eigrp 1
network 3.3.3.3 0.0.0.0
network 10.23.1.0 0.0.0.255
network 10.34.1.0 0.0.0.255
network 10.35.1.0 0.0.0.255
!
router bgp 100
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor ibgp peer-group
neighbor ibgp remote-as 100
neighbor ibgp update-source Loopback0
neighbor 2.2.2.2 peer-group ibgp
neighbor 4.4.4.4 peer-group ibgp
neighbor 5.5.5.5 peer-group ibgp
!
address-family ipv4
network 1.2.3.4 mask 255.255.255.255
neighbor 2.2.2.2 activate
neighbor 4.4.4.4 activate
neighbor 5.5.5.5 activate
exit-address-family
!
address-family vpnv4
neighbor ibgp send-community extended
neighbor ibgp route-reflector-client
neighbor ibgp next-hop-self
neighbor 2.2.2.2 activate
neighbor 4.4.4.4 activate
neighbor 5.5.5.5 activate
R4
interface Loopback0
ip address 4.4.4.4 255.255.255.255
interface Ethernet0/0
ip address 10.34.1.2 255.255.255.0
mpls ip
interface Ethernet0/1
ip vrf forwarding A
ip address 10.46.1.1 255.255.255.0
mpls ip
router eigrp 1
network 4.4.4.4 0.0.0.0
network 10.34.1.0 0.0.0.255
router bgp 100
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 3.3.3.3 remote-as 100
neighbor 3.3.3.3 update-source Loopback0
address-family ipv4
neighbor 3.3.3.3 activate
neighbor 3.3.3.3 next-hop-self
exit-address-family
address-family vpnv4
neighbor 3.3.3.3 activate
neighbor 3.3.3.3 send-community extended
exit-address-family
address-family ipv4 vrf A
network 4.4.4.4 mask 255.255.255.255
neighbor 10.46.1.2 remote-as 1
neighbor 10.46.1.2 activate
neighbor 10.46.1.2 as-override`
R5
interface Loopback0
ip address 5.5.5.5 255.255.255.255
interface Ethernet0/0
ip address 10.35.1.2 255.255.255.0
mpls ip
interface Ethernet0/1
ip vrf forwarding B
ip address 10.57.1.1 255.255.255.0
mpls ip
router eigrp 1
network 5.5.5.5 0.0.0.0
network 10.35.1.0 0.0.0.255
!
router bgp 100
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 3.3.3.3 remote-as 100
neighbor 3.3.3.3 update-source Loopback0
!
address-family ipv4
neighbor 3.3.3.3 activate
neighbor 3.3.3.3 next-hop-self
exit-address-family
address-family vpnv4
neighbor 3.3.3.3 activate
neighbor 3.3.3.3 send-community extended
exit-address-family
address-family ipv4 vrf B
network 5.5.5.5 mask 255.255.255.255
neighbor 10.57.1.2 remote-as 1
neighbor 10.57.1.2 activate
neighbor 10.57.1.2 as-override
exit-address-family
R6:
interface Loopback0
ip address 6.6.6.6 255.255.255.255
interface Ethernet0/0
ip address 10.46.1.2 255.255.255.0
router bgp 1
bgp log-neighbor-changes
network 6.6.6.6 mask 255.255.255.255
neighbor 10.46.1.1 remote-as 100
R7
interface Loopback0
ip address 7.7.7.7 255.255.255.255
interface Ethernet0/0
ip address 10.57.1.2 255.255.255.0
router bgp 1
bgp log-neighbor-changes
network 7.7.7.7 mask 255.255.255.255
neighbor 10.57.1.1 remote-as 100
查看让R2VRF 表
测试是否可以到达公网
R4 VRF 表
R5的VRF 表
测试环回互通的路径