要求:
1.R1、R2、R3、R4、R5为运营商,跑MPLS
2.R6、R7、R8为ce端,要求R6使用静态与运营商连接,R7用ospf、R8用rip
3.R6、R7、R8互相可以ping通
根据题目,画好拓扑图
首先,对粉色区域内的运营商配置ip,并使R1、R2、R3、R4、R5可以相互ip可达。然后再在每个路由器上激活mpls和ldp,在每个接口激活mpls和ldp
我选择在粉色区域里跑rip 2 v2
r1的配置为:
mpls lsr-id 1.1.1.1
mpls
mpls ldp
interface Ethernet4/0/0
ip address 51.1.1.2 255.255.255.0
mpls
mpls ldp
interface GigabitEthernet0/0/0
ip address 13.1.1.1 255.255.255.0
mpls
mpls ldp
interface GigabitEthernet0/0/1
ip address 12.1.1.1 255.255.255.0
mpls
mpls ldp
interface GigabitEthernet0/0/2
ip address 41.1.1.2 255.255.255.0
mpls
mpls ldp
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
rip 2
undo summary
version 2
network 41.0.0.0
network 13.0.0.0
network 12.0.0.0
network 1.0.0.0
r2的配置为:
mpls lsr-id 2.2.2.2
mpls
mpls ldp
interface Ethernet4/0/0
ip address 42.1.1.2 255.255.255.0
mpls
mpls ldp
interface GigabitEthernet0/0/0
ip address 12.1.1.2 255.255.255.0
mpls
mpls ldp
interface GigabitEthernet0/0/1
ip address 23.1.1.1 255.255.255.0
mpls
mpls ldp
interface GigabitEthernet0/0/2
ip address 52.1.1.2 255.255.255.0
mpls
mpls ldp
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
rip 2
undo summary
version 2
network 12.0.0.0
network 52.0.0.0
network 23.0.0.0
network 2.0.0.0
r3的配置为
mpls lsr-id 3.3.3.3
mpls
#
mpls ldp
interface GigabitEthernet0/0/0
ip address 13.1.1.2 255.255.255.0
mpls
mpls ldp
interface GigabitEthernet0/0/1
ip address 23.1.1.2 255.255.255.0
mpls
mpls ldp
interface GigabitEthernet0/0/2
ip binding vpn-instance c
ip address 36.1.1.1 255.255.255.0
interface LoopBack0
ip address 3.3.3.3 255.255.255.255
rip 2
undo summary
version 2
network 13.0.0.0
network 23.0.0.0
network 3.0.0.0
r4的配置为
mpls lsr-id 4.4.4.4
mpls
mpls ldp
interface GigabitEthernet0/0/0
ip address 41.1.1.1 255.255.255.0
mpls
mpls ldp
interface GigabitEthernet0/0/2
ip address 42.1.1.1 255.255.255.0
mpls
mpls ldp
interface LoopBack0
ip address 4.4.4.4 255.255.255.255
rip 2
version 2
network 41.0.0.0
network 42.0.0.0
network 4.0.0.0
r5的配置为
mpls lsr-id 5.5.5.5
mpls
mpls ldp
interface GigabitEthernet0/0/1
ip address 52.1.1.1 255.255.255.0
mpls
mpls ldp
interface GigabitEthernet0/0/2
ip address 51.1.1.1 255.255.255.0
mpls
mpls ldp
interface LoopBack0
ip address 5.5.5.5 255.255.255.255
rip 2
undo summary
version 2
network 52.0.0.0
network 51.0.0.0
network 5.0.0.0
R1、R2、R3、R4、R5的IP互相可达的时候,并且每个路由器以及物理接口都激活了MPLS和LDP之后,可以开始建立MPLS-BGP区域,R3、R4、R5进行非直连建邻
R3的配置为
bgp 100
router-id 3.3.3.3
peer 4.4.4.4 as-number 100
peer 4.4.4.4 connect-interface LoopBack0
peer 5.5.5.5 as-number 100
peer 5.5.5.5 connect-interface LoopBack0
R4的配置为
bgp 100
router-id 4.4.4.4
peer 3.3.3.3 as-number 100
peer 3.3.3.3 connect-interface LoopBack0
peer 5.5.5.5 as-number 100
peer 5.5.5.5 connect-interface LoopBack0
R5的配置为
bgp 100
router-id 5.5.5.5
peer 3.3.3.3 as-number 100
peer 3.3.3.3 connect-interface LoopBack0
peer 4.4.4.4 as-number 100
peer 4.4.4.4 connect-interface LoopBack0
MPLS-BGP建立完成之后,创建vrf虚拟空间,再根据题目要求进行配置接口
其中R3的配置为
ip vpn-instance c
ipv4-family
route-distinguisher 3:3
vpn-target 3:3 export-extcommunity
vpn-target 1:1 2:2 import-extcommunity //配rd值和rt值
interface GigabitEthernet0/0/2
ip binding vpn-instance c
ip address 36.1.1.1 255.255.255.0 //vpn c绑定接口的ip
ip route-static vpn-instance c 6.6.6.6 255.255.255.255 36.1.1.2 //配置静态
R4的配置为
ip vpn-instance a
ipv4-family
route-distinguisher 1:1
vpn-target 1:1 export-extcommunity
vpn-target 2:2 3:3 import-extcommunity //配置rd值和rt值
interface GigabitEthernet0/0/1
ip binding vpn-instance a
ip address 74.1.1.2 255.255.255.0 //vpn绑定接口的ip地址
ospf 100 vpn-instance a
default-route-advertise always
area 0.0.0.0
network 74.1.1.2 0.0.0.0 //配置ospf协议,并下放缺省
R5的配置为
ip vpn-instance b
ipv4-family
route-distinguisher 2:2
vpn-target 2:2 export-extcommunity
vpn-target 1:1 3:3 import-extcommunity
interface GigabitEthernet0/0/0
ip binding vpn-instance b
ip address 85.1.1.2 255.255.255.0
rip 1 vpn-instance b
default-route originate
network 85.0.0.0
配置完之后,进行重发布
R3
ipv4-family vpn-instance c
import-route direct
import-route static
R4
ipv4-family vpn-instance a
import-route direct
import-route ospf 100
ospf 100 vpn-instance a
import-route direct
import-route bgp
R5
rip 1 vpn-instance b
import-route direct
import-route bgp
ipv4-family vpn-instance b
import-route direct
import-route rip 1
重发布后,发送社团属性
R3
ipv4-family vpnv4
policy vpn-target
peer 4.4.4.4 enable
peer 4.4.4.4 advertise-community
peer 5.5.5.5 enable
peer 5.5.5.5 advertise-community
R4
ipv4-family vpnv4
policy vpn-target
peer 3.3.3.3 enable
peer 3.3.3.3 advertise-community
peer 5.5.5.5 enable
peer 5.5.5.5 advertise-community
R5
ipv4-family vpnv4
policy vpn-target
peer 3.3.3.3 enable
peer 3.3.3.3 advertise-community
peer 4.4.4.4 enable
peer 4.4.4.4 advertise-community
配置完后用R6、R7、R8互相进行ping
R6、R7、R8可以互相ping通
最后在R6上用acl做nat,使r9可以ping通r7和r8
r6上的配置为
[r6]acl 2000
[r6-acl-basic-2000]rule permit source any
[r6]int g0/0/0
[r6-GigabitEthernet0/0/0]nat outbound 2000
在r9上配置缺省
[r9]ip route-static 0.0.0.0 0 69.1.1.1
用r9 ping r7
用r9 ping r8
至此,实验要求完成,实验结束