实验要求
- R1与R5间MPLS VPN,使用静态路由
- R6与R7间MPLS VPN,R6使用RIP,R7使用OSPF
- R7可以访问R2\3\4的环回接口
实验思路
IP地址规划
- 配置公网IP:R2-R3:23.1.1.0/24,R3-R4:34.1.1.0/24,R2、R3、R4各有一个环回
- 私网1IP:R1-R2:192.168.1.0/24,R1环回:192.168.2.1/24,R4-R5:192.168.3.0/24,R5环回:192.168.4.1/24
- 私网2IP:R6-R2:192.168.1.0/24,R1环回:192.168.2.1/24,R7环回:192.168.4.1/24
- 由于在搭建MPLS VPN时CE与PE设备连接的私网网段进入PE设备的VRF空间里,没有公网路由,所以如果R7想访问公网需要在与R4连接一根具有公网网段的链路,这段链路的IP为47.1.1.1/24
- CE与PE设备间的链路IP须在绑定VRF空间后配置
路由
- 公网:R2-R3-R4启动OSPF,并宣告相连的接口和各自的环回接口;R2-R3-R4间启动MPLS LDP
- 私网:R1静态缺省指向R2,R2访问2.0静态指向R1,R5同理;R6-R2启动RIP宣告相连接口,并且R6宣告环回,R7-R4启动OSPF宣告相连接口,R7宣告环回接口
MPLS VPN
- 在R2和R4各创建两个VRF空间,分别命名为a、b,单个PE设备上的多个VRF空间的RD值不能相同
- R2和R4启动MP-BGP并建立邻居关系
- R2与R4进入aVRF空间宣告静态与直连;R2进入bVRF空间配置RIP和BGP双向重发布,R4进入bVRF空间配置OSPF和BGP双向重发布
NAT
- 在R7上配置NAT和指向R4的缺省路由,使R7可以访问R2\3\4的环回
实验配置
R1配置
# 配置接口IP
interface GigabitEthernet0/0/0
ip address 192.168.1.2 255.255.255.0
#
interface LoopBack0
ip address 192.168.2.1 255.255.255.0
# 缺省路由
ip route-static 0.0.0.0 0.0.0.0 192.168.1.1
#
R2配置
# 创建VRF空间a
ip vpn-instance a
ipv4-family
route-distinguisher 1:1
vpn-target 1:1 export-extcommunity
vpn-target 1:1 import-extcommunity
# 创建VRF空间b
ip vpn-instance b
ipv4-family
route-distinguisher 1:2
vpn-target 1:2 export-extcommunity
vpn-target 1:2 import-extcommunity
# 全局启动MPLS
mpls lsr-id 2.2.2.2
mpls
#
mpls ldp
# 配置接口IP
interface GigabitEthernet0/0/0
ip binding vpn-instance a # 与VRF空间a绑定
ip address 192.168.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 23.1.1.1 255.255.255.0
mpls # 接口启动MPLS
mpls ldp
#
interface GigabitEthernet0/0/2
ip binding vpn-instance b # 与VRF空间b绑定
ip address 192.168.1.1 255.255.255.0
#
interface LoopBack0
ip address 2.2.2.2 255.255.255.0
# 启动BGP
bgp 1
router-id 2.2.2.2
peer 4.4.4.4 as-number 1
peer 4.4.4.4 connect-interface LoopBack0
#
ipv4-family vpnv4
peer 4.4.4.4 enable
# a空间发布路由
ipv4-family vpn-instance a
import-route direct
import-route static
# b空间重发布
ipv4-family vpn-instance b
import-route rip 1
# 启动OSPF,学习公网IP
ospf 1 router-id 2.2.2.2
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 23.1.1.1 0.0.0.0
# b空间启动RIP,学习私网IP
rip 1 vpn-instance b
undo summary
version 2
network 192.168.1.0
import-route bgp
# a空间静态路由
ip route-static vpn-instance a 192.168.2.0 255.255.255.0 192.168.2.2
ip route-static vpn-instance a 192.168.2.0 255.255.255.0 192.168.1.2
#
R3配置
# 全局启动MPLS
mpls lsr-id 3.3.3.3
mpls
#
mpls ldp
# 配置接口IP
interface GigabitEthernet0/0/0
ip address 23.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
ip address 34.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface LoopBack0
ip address 3.3.3.3 255.255.255.0
# 启动OSPF
ospf 1 router-id 3.3.3.3
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 23.1.1.2 0.0.0.0
network 34.1.1.1 0.0.0.0
#
R4配置
# 创建VRF空间a
ip vpn-instance a
ipv4-family
route-distinguisher 1:1
vpn-target 1:1 export-extcommunity
vpn-target 1:1 import-extcommunity
# 创建VRF空间b
ip vpn-instance b
ipv4-family
route-distinguisher 1:2
vpn-target 1:2 export-extcommunity
vpn-target 1:2 import-extcommunity
# 全区启动MPLS
mpls lsr-id 4.4.4.4
mpls
#
mpls ldp
#
interface GigabitEthernet0/0/0
ip address 34.1.1.2 255.255.255.0
mpls
mpls ldp
# 配置接口IP
interface GigabitEthernet0/0/1
ip binding vpn-instance a # 绑定空间a
ip address 192.168.3.1 255.255.255.0
#
interface GigabitEthernet0/0/2
ip binding vpn-instance b # 绑定空间b
ip address 192.168.3.1 255.255.255.0
#
interface GigabitEthernet4/0/0
ip address 47.1.1.1 255.255.255.0
#
interface LoopBack0
ip address 4.4.4.4 255.255.255.0
# 启动MG-BGP
bgp 1
router-id 4.4.4.4
peer 2.2.2.2 as-number 1
peer 2.2.2.2 connect-interface LoopBack0
#
ipv4-family vpnv4
peer 2.2.2.2 enable
#
ipv4-family vpn-instance a
import-route direct
import-route static
#
ipv4-family vpn-instance b
import-route ospf 2
# 启动OSPF,学习公网IP
ospf 1 router-id 4.4.4.4
area 0.0.0.0
network 4.4.4.4 0.0.0.0
network 34.1.1.2 0.0.0.0
network 47.1.1.1 0.0.0.0
# 在空间b启动OSPF
ospf 2 vpn-instance b
import-route bgp
area 0.0.0.0
network 192.168.3.1 0.0.0.0
# 静态路由
ip route-static vpn-instance a 192.168.4.0 255.255.255.0 192.168.3.2
#
R5配置
# 配置接口IP
interface GigabitEthernet0/0/0
ip address 192.168.3.2 255.255.255.0
#
interface LoopBack0
ip address 192.168.4.1 255.255.255.0
# 缺省路由
ip route-static 0.0.0.0 0.0.0.0 192.168.3.1
#
R6配置
# 配置接口IP
interface GigabitEthernet0/0/0
ip address 192.168.1.2 255.255.255.0
#
interface LoopBack0
ip address 192.168.2.1 255.255.255.0
# 启动RIP
rip 1
undo summary
version 2
network 192.168.1.0
network 192.168.2.0
#
R7配置
# acl抓取流量用于NAT
acl number 2000
rule 5 permit source 192.168.0.0 0.0.255.255
# 配置接口IP
interface GigabitEthernet0/0/0
ip address 192.168.3.2 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 47.1.1.2 255.255.255.0
nat outbound 2000 # NAT多对一配置
#
interface LoopBack0
ip address 192.168.4.1 255.255.255.0
# 启动OSPF
ospf 1 router-id 7.7.7.7
area 0.0.0.0
network 192.168.3.2 0.0.0.0
network 192.168.4.1 0.0.0.0
# 缺省指向LSP
ip route-static 0.0.0.0 0.0.0.0 47.1.1.1
#
实验测试
-
R7访问R6
-
R7访问R2的环回
-
R5访问R1