基于eNSP的MPLS仿真

一、介绍

传统的VPN一般是通过GRE、L2TP、PPTP、IPSec协议等隧道协议来实现私有网络间数据流在公网上的传送。而LSP本身就是公网上的隧道，所以用MPLS来实现VPN有天然的优势。
基于MPLS的VPN就是通过LSP将私有网络的不同分支联结起来，形成一个统一的网络。基于MPLS的VPN还支持对不同VPN间的互通控制。
CE：是用户边缘设备，可以是路由器，也可以是交换机或主机。
PE：是服务商边缘路由器，位于骨干网络。
在骨干网络中，还存在Provider，是服务提供商网络中的骨干路由器，不与CE直接相连。P设备只需要具备基本MPLS转发能力，可以将其配置为M-BGP的路由反射器，不维护VPN信息。

基于MPLS的VPN具有以下特点：

1、PE负责对VPN用户进行管理、建立各PE间LSP连接、同一VPN用户各分支间路由分派。
2、PE间的路由分派通常是用LDP或扩展的BGP协议实现。 3、支持不同分支间IP地址复用和不同VPN间互通。
4、减化了寻路步骤，提高了设备性能，加快了报文转发。

二、仿真软件

eNSP

三、仿真要求

1、AR1 与 AR5在同一 MPLS、VPN，能互通
2、AR6 与 AR7在同一 MPLS、VPN，能互通
3、AR2、 AR3、AR4形成环路，AR7可以访问这个环路

四、拓扑图

五、实验配置

（一）规划

AR2/3/4的环回均为x.x.x.x
AR1/5环回分别为192.168.1.1/192.168.4.1
AR6/7环回分别为192.168.1.2/192.168.4.2
AR7的公网分配地址为47.1.1.2

（二）配置思路

1、搭建实验，配置公网地址
3、在AR2/3/4上配置MPLS
4、在AR2/4上配置bgp
5、运用静态路由 AR2/4上重发布
6、AR2/6上开启RIP,AR4/7上开启OSPF
7、AR2/4上再进行重发布

（三）配置
AR1:

#
interface GigabitEthernet0/0/0
 ip address 192.168.2.1 255.255.255.0 
#
interface LoopBack0
 ip address 192.168.1.1 255.255.255.0 
#
ip route-static 192.168.3.0 255.255.255.0 192.168.2.2
ip route-static 192.168.4.0 255.255.255.0 192.168.2.2

AR2:

#
ip vpn-instance a
 ipv4-family
  route-distinguisher 1:1
  vpn-target 1:1 export-extcommunity
  vpn-target 1:1 import-extcommunity
#
ip vpn-instance b
 ipv4-family
  route-distinguisher 2:2
  vpn-target 2:2 export-extcommunity
  vpn-target 2:2 import-extcommunity
#
mpls lsr-id 2.2.2.2
mpls
#
mpls ldp
#
interface GigabitEthernet0/0/0
 ip address 23.1.1.1 255.255.255.0 
 mpls
 mpls ldp
#
interface GigabitEthernet0/0/1
 ip binding vpn-instance a
 ip address 192.168.2.2 255.255.255.0 
 mpls
#
interface GigabitEthernet0/0/2
 ip binding vpn-instance b
 ip address 192.168.2.2 255.255.255.0 
 mpls
#
interface LoopBack0
 ip address 2.2.2.2 255.255.255.0 
#
bgp 1
 peer 4.4.4.4 as-number 1 
 peer 4.4.4.4 connect-interface LoopBack0
 #
 ipv4-family unicast
  undo synchronization
  peer 4.4.4.4 enable
  peer 4.4.4.4 next-hop-local 
 # 
 ipv4-family vpnv4
  policy vpn-target
  peer 4.4.4.4 enable
 #
 ipv4-family vpn-instance a 
  import-route direct
  import-route static
 #
 ipv4-family vpn-instance b 
  import-route rip 1
#
ospf 1 router-id 2.2.2.2 
 area 0.0.0.0 
  network 2.2.2.2 0.0.0.0 
  network 23.1.0.0 0.0.255.255 
#
rip 1 vpn-instance b
 undo summary
 version 2
 network 192.168.2.0
 import-route bgp
#
ip route-static vpn-instance a 192.168.1.0 255.255.255.0 192.168.2.1
#
route recursive-lookup tunnel

AR3:

#
mpls lsr-id 3.3.3.3
mpls
#
mpls ldp
#
interface GigabitEthernet0/0/0
 ip address 34.1.1.1 255.255.255.0 
 mpls
 mpls ldp
#
interface GigabitEthernet0/0/1
 ip address 23.1.1.2 255.255.255.0 
 mpls
 mpls ldp
#
interface LoopBack0
 ip address 3.3.3.3 255.255.255.0 
#
ospf 1 router-id 3.3.3.3 
 area 0.0.0.0 
  network 3.3.3.3 0.0.0.0 
  network 23.1.0.0 0.0.255.255 
  network 34.1.0.0 0.0.255.255 
#
route recursive-lookup tunnel

AR4:

#
ip vpn-instance a
 ipv4-family
  route-distinguisher 1:1
  vpn-target 1:1 export-extcommunity
  vpn-target 1:1 import-extcommunity
#
ip vpn-instance b
 ipv4-family
  route-distinguisher 2:2
  vpn-target 2:2 export-extcommunity
  vpn-target 2:2 import-extcommunity
#
mpls lsr-id 4.4.4.4
mpls
 lsp-trigger all 
#
mpls ldp
#
acl number 2000  
 rule 5 permit source 47.1.1.0 0.0.0.255 
#
firewall zone Local
 priority 15
#
interface GigabitEthernet0/0/0
 ip binding vpn-instance a
 ip address 192.168.3.2 255.255.255.0 
#
interface GigabitEthernet0/0/1
 ip address 34.1.1.2 255.255.255.0 
 mpls
 mpls ldp
 nat outbound 2000
#
interface GigabitEthernet0/0/2
 ip binding vpn-instance b
 ip address 192.168.3.2 255.255.255.0 
 mpls
#
interface GigabitEthernet4/0/0
 ip address 47.1.1.1 255.255.255.0 
#
interface LoopBack0
 ip address 4.4.4.4 255.255.255.0 
#
bgp 1
 peer 2.2.2.2 as-number 1 
 peer 2.2.2.2 connect-interface LoopBack0
 #
 ipv4-family unicast
  undo synchronization
  peer 2.2.2.2 enable
  peer 2.2.2.2 next-hop-local 
 # 
 ipv4-family vpnv4
  policy vpn-target
  peer 2.2.2.2 enable
 #
 ipv4-family vpn-instance a 
  import-route direct
  import-route static
 #
 ipv4-family vpn-instance b 
  import-route ospf 2
#
ospf 1 router-id 4.4.4.4 
 area 0.0.0.0 
  network 4.4.4.4 0.0.0.0 
  network 34.1.0.0 0.0.255.255 
#
ospf 2 vpn-instance b
 import-route bgp
 area 0.0.0.0 
  network 192.168.3.0 0.0.0.255 
#
ip route-static vpn-instance a 192.168.4.0 255.255.255.0 192.168.3.1
#
route recursive-lookup tunnel

AR5:

#
interface GigabitEthernet0/0/1
 ip address 192.168.3.1 255.255.255.0 
#
interface LoopBack0
 ip address 192.168.4.1 255.255.255.0 
#
ip route-static 192.168.1.0 255.255.255.0 192.168.3.2
ip route-static 192.168.2.0 255.255.255.0 192.168.3.2

AR6:

#
interface GigabitEthernet0/0/1
 ip address 192.168.2.1 255.255.255.0 
#
interface LoopBack0
 ip address 192.168.1.1 255.255.255.0 
#
rip 1
 undo summary
 version 2
 network 192.168.1.0
 network 192.168.2.0

AR7:

#
interface GigabitEthernet0/0/0
 ip address 192.168.3.1 255.255.255.0 
#
interface GigabitEthernet0/0/1
 ip address 47.1.1.2 255.255.255.0 
#
interface LoopBack0
 ip address 192.168.4.2 255.255.255.0 
#
ospf 1 
 area 0.0.0.0 
  network 192.168.3.0 0.0.0.255 
  network 192.168.4.0 0.0.0.255 
#
ip route-static 0.0.0.0 0.0.0.0 47.1.1.1

至此配置完成！

六、实验结果验证

AR1 能ping通AR5，不能ping通AR7。

AR6能ping通AR7，不能ping通AR5。

AR7能ping通环AR2/3/4环回。