实验要求:
R1&R2可以和R7&R8&R9通讯
说明:
Ra、Rb直连IP设置为ab.1.1.a/24与ab.1.1.b/24
例:R3的g0/0/0设为34.1.1.3/24 ;R4的g0/0/0设为34.1.1.4/24
R5/R6之间运行ospf实例;R5只有vpn实例6;R6有vpn实例7、vpn实例8、vpn实例9
配置步骤:
1.配置各接口与环回口IP(略)
2.R3/R4/R5配置IGP(采用ISIS)
R3:
isis 1
is-level level-2
network-entity 49.0345.0000.0000.0003.00
is-name R3
R4:
isis 1
is-level level-2
network-entity 49.0345.0000.0000.0004.00
is-name R4
R5:
isis 1
is-level level-2
network-entity 49.0345.0000.0000.0005.00
is-name R5
配置完成后检查邻居关系,并进行ping测试。命令:dis isis peer
3.配置MPLS LDP (mpls lsr-id 使用lo0地址)
R3--5:
mpls lsr-id x.x.x.x \\R3: mpls lsr-id 3.3.3.3
mpls
mpls ldp
#
int g0/0/x \\在合适的接口上配置
mpls
mpls ldp
配置完成后检查各设备的T标签。命令:dis mpls lsp
4.建立R3与R5的vpnv4邻居
R3:
bgp 345
router-id 3.3.3.3
undo default ipv4-unicast
peer 5.5.5.5 as-number 345
peer 5.5.5.5 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
undo peer 5.5.5.5 enable
#
ipv4-family vpnv4
policy vpn-target
peer 5.5.5.5 enable
R5:
bgp 345
router-id 5.5.5.5
undo default ipv4-unicast
peer 3.3.3.3 as-number 345
peer 3.3.3.3 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
undo peer 3.3.3.3 enable
#
ipv4-family vpnv4
policy vpn-target
peer 3.3.3.3 enable
配置完成后检查邻居关系。命令:dis bgp vpnv4 all peer
5.建立vpn实例
R3:
ip vpn-instance 1
ipv4-family
route-distinguisher 1:1
vpn-target 1:6 export-extcommunity
vpn-target 6:1 import-extcommunity
#
ip vpn-instance 2
ipv4-family
route-distinguisher 2:2
vpn-target 2:6 export-extcommunity
vpn-target 6:2 import-extcommunity
R5:
ip vpn-instance 6
ipv4-family
route-distinguisher 6:6
vpn-target 6:1 6:2 export-extcommunity
vpn-target 1:6 2:6 import-extcommunity
R6:
ip vpn-instance 7
ipv4-family
route-distinguisher 7:7
#
ip vpn-instance 8
ipv4-family
route-distinguisher 8:8
#
ip vpn-instance 9
ipv4-family
route-distinguisher 9:9
6.在接口上绑定vpn实例
R3:
interface GigabitEthernet0/0/1
ip binding vpn-instance 1
ip address 13.1.1.3 255.255.255.0
#
interface GigabitEthernet0/0/2
ip binding vpn-instance 2
ip address 23.1.1.3 255.255.255.0
R5:
interface GigabitEthernet0/0/1.10
dot1q termination vid 10
ip binding vpn-instance 6
ip address 192.168.10.5 255.255.255.0
arp broadcast enable
#
interface GigabitEthernet0/0/1.20
dot1q termination vid 20
ip binding vpn-instance 6
ip address 192.168.20.5 255.255.255.0
arp broadcast enable
#
interface GigabitEthernet0/0/1.30
dot1q termination vid 30
ip binding vpn-instance 6
ip address 192.168.30.5 255.255.255.0
arp broadcast enable
R6:
interface GigabitEthernet0/0/0.10
dot1q termination vid 10
ip binding vpn-instance 7
ip address 192.168.10.6 255.255.255.0
arp broadcast enable
#
interface GigabitEthernet0/0/0.20
dot1q termination vid 20
ip binding vpn-instance 8
ip address 192.168.20.6 255.255.255.0
arp broadcast enable
#
interface GigabitEthernet0/0/0.30
dot1q termination vid 30
ip binding vpn-instance 9
ip address 192.168.30.6 255.255.255.0
arp broadcast enable
#
interface GigabitEthernet0/0/1
ip binding vpn-instance 7
ip address 192.168.67.6 255.255.255.0
#
interface GigabitEthernet0/0/2
ip binding vpn-instance 8
ip address 192.168.68.6 255.255.255.0
#
interface GigabitEthernet1/0/0
ip binding vpn-instance 9
ip address 192.168.69.6 255.255.255.0
配置完成后进行ping测试 (需要带vpn实例同时带源ping)命令如下图:
7.R5与R6建立ospf实例邻居;R6与R7、R8、R9建立实例邻居
R5:
ospf 1 router-id 5.5.5.5 vpn-instance 6
area 0.0.0.0
network 192.168.10.5 0.0.0.0
network 192.168.20.5 0.0.0.0
network 192.168.30.5 0.0.0.0
R6:
ospf 1 router-id 6.7.7.7 vpn-instance 7
area 0.0.0.0
network 192.168.10.6 0.0.0.0
network 192.168.67.6 0.0.0.0
#
ospf 2 router-id 6.8.8.8 vpn-instance 8
area 0.0.0.0
network 192.168.20.6 0.0.0.0
network 192.168.68.6 0.0.0.0
#
ospf 3 router-id 6.9.9.9 vpn-instance 9
area 0.0.0.0
network 192.168.30.6 0.0.0.0
network 192.168.69.6 0.0.0.0
R7:
ospf 1 router-id 7.7.7.7
area 0.0.0.0
network 192.168.7.7 0.0.0.0
network 192.168.67.7 0.0.0.0
R8:
ospf 2 router-id 8.8.8.8
area 0.0.0.0
network 192.168.8.8 0.0.0.0
network 192.168.68.8 0.0.0.0
R9:
ospf 3 router-id 9.9.9.9
area 0.0.0.0
network 192.168.9.9 0.0.0.0
network 192.168.69.9 0.0.0.0
配置完成后检查ospf邻居关系。命令:dis ospf peer brief
8.R1与R3&R2与R3 建立BGP实例邻居;并发布路由。
R1:
bgp 1
router-id 1.1.1.1
peer 13.1.1.3 as-number 345
#
ipv4-family unicast
undo synchronization
network 192.168.1.1 255.255.255.255
peer 13.1.1.3 enable
R2:
bgp 2
router-id 2.2.2.2
peer 23.1.1.3 as-number 345
#
ipv4-family unicast
undo synchronization
network 192.168.2.2 255.255.255.255
peer 23.1.1.3 enable
9.在R5的实例6中做双向引入
R5:
bgp 345
ipv4-family vpn-instance 6
import-route ospf 1
#
ospf 1 router-id 5.5.5.5 vpn-instance 6
import-route bgp
10.在R5上查看路由,已经收到192.168.1.1/32 192.168.2.2/32路由。
查看命令:dis bgp vpnv4 all rou
在ospf中引入BGP 查看R5 lsdb数据库。 命令:dis ospf lsdb
打开192.168.1.1(带有Dn位和tag防环机制)命令:dis ospf lsdb ase 192.168.1.1
*****11.查看R6(dis ospf rou )没有收到192.168.1.1/32和192.168.2.2/32的路由;当vpn路由引入到ospf实例时,因为有dn防环机制不进行spf路由计算,所以让R6开启不检查vpn路由环路。
R6:
ospf 1 router-id 6.7.7.7 vpn-instance 7
vpn-instance-capability simple \\MCE不检查vpn路由环路
#
ospf 2 router-id 6.8.8.8 vpn-instance 8
vpn-instance-capability simple
#
ospf 3 router-id 6.9.9.9 vpn-instance 9
vpn-instance-capability simple
12.检查R6配置完vpn-instance-capability simple后是否收到路由
13.最后进行ping测试