【HCIE】MPLS-VPN MCE(多CE) 组网

sxhuafeng

已于 2023-09-26 11:02:33 修改

阅读量481

点赞数 1

文章标签：网络运维网络协议华为

于 2023-09-23 14:45:33 首次发布

本文链接：https://blog.csdn.net/sxhuafeng/article/details/133203881

版权

实验要求：

R1&R2可以和R7&R8&R9通讯

说明：

Ra、Rb直连IP设置为ab.1.1.a/24与ab.1.1.b/24

例：R3的g0/0/0设为34.1.1.3/24 ；R4的g0/0/0设为34.1.1.4/24

R5/R6之间运行ospf实例；R5只有vpn实例6；R6有vpn实例7、vpn实例8、vpn实例9

配置步骤：

1.配置各接口与环回口IP（略）

2.R3/R4/R5配置IGP（采用ISIS）

R3:

isis 1
is-level level-2
network-entity 49.0345.0000.0000.0003.00
is-name R3

R4：

isis 1
is-level level-2
network-entity 49.0345.0000.0000.0004.00
is-name R4

R5：

isis 1
is-level level-2
network-entity 49.0345.0000.0000.0005.00
is-name R5

配置完成后检查邻居关系,并进行ping测试。命令：dis isis peer

3.配置MPLS LDP （mpls lsr-id 使用lo0地址）

R3--5：

mpls lsr-id x.x.x.x \\R3: mpls lsr-id 3.3.3.3

mpls

mpls ldp

int g0/0/x \\在合适的接口上配置

mpls

mpls ldp

配置完成后检查各设备的T标签。命令：dis mpls lsp

4.建立R3与R5的vpnv4邻居

R3：

bgp 345
router-id 3.3.3.3
undo default ipv4-unicast
peer 5.5.5.5 as-number 345
peer 5.5.5.5 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
undo peer 5.5.5.5 enable
#
ipv4-family vpnv4
policy vpn-target
peer 5.5.5.5 enable

R5：

bgp 345
router-id 5.5.5.5
undo default ipv4-unicast
peer 3.3.3.3 as-number 345
peer 3.3.3.3 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
undo peer 3.3.3.3 enable
#
ipv4-family vpnv4
policy vpn-target
peer 3.3.3.3 enable

配置完成后检查邻居关系。命令：dis bgp vpnv4 all peer

5.建立vpn实例

R3：

ip vpn-instance 1
ipv4-family
route-distinguisher 1:1
vpn-target 1:6 export-extcommunity
vpn-target 6:1 import-extcommunity
#
ip vpn-instance 2
ipv4-family
route-distinguisher 2:2
vpn-target 2:6 export-extcommunity
vpn-target 6:2 import-extcommunity

R5：

ip vpn-instance 6
ipv4-family
route-distinguisher 6:6
vpn-target 6:1 6:2 export-extcommunity
vpn-target 1:6 2:6 import-extcommunity

R6：

ip vpn-instance 7
ipv4-family
route-distinguisher 7:7
#
ip vpn-instance 8
ipv4-family
route-distinguisher 8:8
#
ip vpn-instance 9
ipv4-family
route-distinguisher 9:9

6.在接口上绑定vpn实例

R3：

interface GigabitEthernet0/0/1
ip binding vpn-instance 1
ip address 13.1.1.3 255.255.255.0
#
interface GigabitEthernet0/0/2
ip binding vpn-instance 2
ip address 23.1.1.3 255.255.255.0

R5：

interface GigabitEthernet0/0/1.10
dot1q termination vid 10
ip binding vpn-instance 6
ip address 192.168.10.5 255.255.255.0
arp broadcast enable
#
interface GigabitEthernet0/0/1.20
dot1q termination vid 20
ip binding vpn-instance 6
ip address 192.168.20.5 255.255.255.0
arp broadcast enable
#
interface GigabitEthernet0/0/1.30
dot1q termination vid 30
ip binding vpn-instance 6
ip address 192.168.30.5 255.255.255.0
arp broadcast enable

R6：

interface GigabitEthernet0/0/0.10
dot1q termination vid 10
ip binding vpn-instance 7
ip address 192.168.10.6 255.255.255.0
arp broadcast enable
#
interface GigabitEthernet0/0/0.20
dot1q termination vid 20
ip binding vpn-instance 8
ip address 192.168.20.6 255.255.255.0
arp broadcast enable
#
interface GigabitEthernet0/0/0.30
dot1q termination vid 30
ip binding vpn-instance 9
ip address 192.168.30.6 255.255.255.0
arp broadcast enable
#
interface GigabitEthernet0/0/1
ip binding vpn-instance 7
ip address 192.168.67.6 255.255.255.0
#
interface GigabitEthernet0/0/2
ip binding vpn-instance 8
ip address 192.168.68.6 255.255.255.0
#
interface GigabitEthernet1/0/0
ip binding vpn-instance 9
ip address 192.168.69.6 255.255.255.0

配置完成后进行ping测试（需要带vpn实例同时带源ping）命令如下图：

7.R5与R6建立ospf实例邻居；R6与R7、R8、R9建立实例邻居

R5：

ospf 1 router-id 5.5.5.5 vpn-instance 6
area 0.0.0.0
network 192.168.10.5 0.0.0.0
network 192.168.20.5 0.0.0.0
network 192.168.30.5 0.0.0.0

R6：

ospf 1 router-id 6.7.7.7 vpn-instance 7
area 0.0.0.0
network 192.168.10.6 0.0.0.0
network 192.168.67.6 0.0.0.0
#
ospf 2 router-id 6.8.8.8 vpn-instance 8
area 0.0.0.0
network 192.168.20.6 0.0.0.0
network 192.168.68.6 0.0.0.0
#
ospf 3 router-id 6.9.9.9 vpn-instance 9
area 0.0.0.0
network 192.168.30.6 0.0.0.0
network 192.168.69.6 0.0.0.0

R7：

ospf 1 router-id 7.7.7.7
area 0.0.0.0
network 192.168.7.7 0.0.0.0
network 192.168.67.7 0.0.0.0

R8：

ospf 2 router-id 8.8.8.8
area 0.0.0.0
network 192.168.8.8 0.0.0.0
network 192.168.68.8 0.0.0.0

R9：

ospf 3 router-id 9.9.9.9
area 0.0.0.0
network 192.168.9.9 0.0.0.0
network 192.168.69.9 0.0.0.0

配置完成后检查ospf邻居关系。命令：dis ospf peer brief

8.R1与R3&R2与R3 建立BGP实例邻居；并发布路由。

R1：

bgp 1
router-id 1.1.1.1
peer 13.1.1.3 as-number 345
#
ipv4-family unicast
undo synchronization
network 192.168.1.1 255.255.255.255
peer 13.1.1.3 enable

R2：

bgp 2
router-id 2.2.2.2
peer 23.1.1.3 as-number 345
#
ipv4-family unicast
undo synchronization
network 192.168.2.2 255.255.255.255
peer 23.1.1.3 enable

9.在R5的实例6中做双向引入

R5：

bgp 345

ipv4-family vpn-instance 6
import-route ospf 1
#
ospf 1 router-id 5.5.5.5 vpn-instance 6
import-route bgp

10.在R5上查看路由，已经收到192.168.1.1/32 192.168.2.2/32路由。

查看命令：dis bgp vpnv4 all rou

在ospf中引入BGP 查看R5 lsdb数据库。命令：dis ospf lsdb

打开192.168.1.1（带有Dn位和tag防环机制）命令：dis ospf lsdb ase 192.168.1.1

*****11.查看R6（dis ospf rou ）没有收到192.168.1.1/32和192.168.2.2/32的路由；当vpn路由引入到ospf实例时，因为有dn防环机制不进行spf路由计算，所以让R6开启不检查vpn路由环路。

R6：

ospf 1 router-id 6.7.7.7 vpn-instance 7
vpn-instance-capability simple \\MCE不检查vpn路由环路

#
ospf 2 router-id 6.8.8.8 vpn-instance 8
vpn-instance-capability simple

#
ospf 3 router-id 6.9.9.9 vpn-instance 9
vpn-instance-capability simple

12.检查R6配置完vpn-instance-capability simple后是否收到路由