HCIP MPLS实验

 要求：
1.R1、R2、R3、R4、R5为运营商，跑MPLS
2.R6、R7、R8为ce端，要求R6使用静态与运营商连接，R7用ospf、R8用rip
3.R6、R7、R8互相可以ping通

根据题目，画好拓扑图

 首先，对粉色区域内的运营商配置ip，并使R1、R2、R3、R4、R5可以相互ip可达。然后再在每个路由器上激活mpls和ldp，在每个接口激活mpls和ldp

我选择在粉色区域里跑rip 2 v2

r1的配置为：

mpls lsr-id 1.1.1.1
mpls

mpls ldp

interface Ethernet4/0/0
 ip address 51.1.1.2 255.255.255.0 
 mpls
 mpls ldp

interface GigabitEthernet0/0/0
 ip address 13.1.1.1 255.255.255.0 
 mpls
 mpls ldp

interface GigabitEthernet0/0/1
 ip address 12.1.1.1 255.255.255.0 
 mpls
 mpls ldp

interface GigabitEthernet0/0/2
 ip address 41.1.1.2 255.255.255.0 
 mpls
 mpls ldp


interface LoopBack0
 ip address 1.1.1.1 255.255.255.255 
 
rip 2
 undo summary
 version 2
 network 41.0.0.0
 network 13.0.0.0
 network 12.0.0.0
 network 1.0.0.0

r2的配置为：

mpls lsr-id 2.2.2.2
mpls

mpls ldp

interface Ethernet4/0/0
 ip address 42.1.1.2 255.255.255.0 
 mpls
 mpls ldp

interface GigabitEthernet0/0/0
 ip address 12.1.1.2 255.255.255.0 
 mpls
 mpls ldp

interface GigabitEthernet0/0/1
 ip address 23.1.1.1 255.255.255.0 
 mpls
 mpls ldp

interface GigabitEthernet0/0/2
 ip address 52.1.1.2 255.255.255.0 
 mpls
 mpls ldp

interface LoopBack0
 ip address 2.2.2.2 255.255.255.255 

rip 2
 undo summary
 version 2
 network 12.0.0.0
 network 52.0.0.0
 network 23.0.0.0
 network 2.0.0.0

r3的配置为

mpls lsr-id 3.3.3.3
mpls
#
mpls ldp

interface GigabitEthernet0/0/0
 ip address 13.1.1.2 255.255.255.0 
 mpls
 mpls ldp

interface GigabitEthernet0/0/1
 ip address 23.1.1.2 255.255.255.0 
 mpls
 mpls ldp

interface GigabitEthernet0/0/2
 ip binding vpn-instance c
 ip address 36.1.1.1 255.255.255.0 

interface LoopBack0
 ip address 3.3.3.3 255.255.255.255 

rip 2
 undo summary
 version 2
 network 13.0.0.0
 network 23.0.0.0
 network 3.0.0.0

r4的配置为

mpls lsr-id 4.4.4.4
mpls

mpls ldp

interface GigabitEthernet0/0/0
 ip address 41.1.1.1 255.255.255.0 
 mpls
 mpls ldp

interface GigabitEthernet0/0/2
 ip address 42.1.1.1 255.255.255.0 
 mpls
 mpls ldp

interface LoopBack0
 ip address 4.4.4.4 255.255.255.255 

rip 2
 version 2
 network 41.0.0.0
 network 42.0.0.0
 network 4.0.0.0

r5的配置为

mpls lsr-id 5.5.5.5
mpls

mpls ldp


interface GigabitEthernet0/0/1
 ip address 52.1.1.1 255.255.255.0 
 mpls
 mpls ldp

interface GigabitEthernet0/0/2
 ip address 51.1.1.1 255.255.255.0 
 mpls
 mpls ldp

interface LoopBack0
 ip address 5.5.5.5 255.255.255.255 

rip 2
 undo summary
 version 2
 network 52.0.0.0
 network 51.0.0.0
 network 5.0.0.0

R1、R2、R3、R4、R5的IP互相可达的时候，并且每个路由器以及物理接口都激活了MPLS和LDP之后，可以开始建立MPLS-BGP区域，R3、R4、R5进行非直连建邻

R3的配置为

bgp 100
 router-id 3.3.3.3
 peer 4.4.4.4 as-number 100 
 peer 4.4.4.4 connect-interface LoopBack0
 peer 5.5.5.5 as-number 100 
 peer 5.5.5.5 connect-interface LoopBack0

R4的配置为

bgp 100
 router-id 4.4.4.4
 peer 3.3.3.3 as-number 100 
 peer 3.3.3.3 connect-interface LoopBack0
 peer 5.5.5.5 as-number 100 
 peer 5.5.5.5 connect-interface LoopBack0

R5的配置为

bgp 100
 router-id 5.5.5.5
 peer 3.3.3.3 as-number 100 
 peer 3.3.3.3 connect-interface LoopBack0
 peer 4.4.4.4 as-number 100 
 peer 4.4.4.4 connect-interface LoopBack0

MPLS-BGP建立完成之后，创建vrf虚拟空间，再根据题目要求进行配置接口

其中R3的配置为

ip vpn-instance c
 ipv4-family
  route-distinguisher 3:3
  vpn-target 3:3 export-extcommunity
  vpn-target 1:1 2:2 import-extcommunity   //配rd值和rt值

interface GigabitEthernet0/0/2
 ip binding vpn-instance c
 ip address 36.1.1.1 255.255.255.0   //vpn c绑定接口的ip

ip route-static vpn-instance c 6.6.6.6 255.255.255.255 36.1.1.2 //配置静态

R4的配置为

ip vpn-instance a
 ipv4-family
  route-distinguisher 1:1
  vpn-target 1:1 export-extcommunity
  vpn-target 2:2 3:3 import-extcommunity   //配置rd值和rt值

interface GigabitEthernet0/0/1
 ip binding vpn-instance a
 ip address 74.1.1.2 255.255.255.0     //vpn绑定接口的ip地址
 
ospf 100 vpn-instance a
 default-route-advertise always
 area 0.0.0.0 
  network 74.1.1.2 0.0.0.0      //配置ospf协议，并下放缺省

R5的配置为

ip vpn-instance b
 ipv4-family
  route-distinguisher 2:2
  vpn-target 2:2 export-extcommunity
  vpn-target 1:1 3:3 import-extcommunity

interface GigabitEthernet0/0/0
 ip binding vpn-instance b
 ip address 85.1.1.2 255.255.255.0 

rip 1 vpn-instance b
 default-route originate
 network 85.0.0.0

配置完之后，进行重发布

R3

 ipv4-family vpn-instance c 
  import-route direct
  import-route static

R4

 ipv4-family vpn-instance a 
  import-route direct
  import-route ospf 100

ospf 100 vpn-instance a
 import-route direct
 import-route bgp

R5

rip 1 vpn-instance b
 import-route direct
 import-route bgp

 ipv4-family vpn-instance b 
  import-route direct
  import-route rip 1

重发布后，发送社团属性

R3

 ipv4-family vpnv4
  policy vpn-target
  peer 4.4.4.4 enable
  peer 4.4.4.4 advertise-community
  peer 5.5.5.5 enable
  peer 5.5.5.5 advertise-community

R4

 ipv4-family vpnv4
  policy vpn-target
  peer 3.3.3.3 enable
  peer 3.3.3.3 advertise-community
  peer 5.5.5.5 enable
  peer 5.5.5.5 advertise-community

R5

 ipv4-family vpnv4
  policy vpn-target
  peer 3.3.3.3 enable
  peer 3.3.3.3 advertise-community
  peer 4.4.4.4 enable
  peer 4.4.4.4 advertise-community

配置完后用R6、R7、R8互相进行ping

 

 

 

 

 

 R6、R7、R8可以互相ping通

最后在R6上用acl做nat，使r9可以ping通r7和r8

r6上的配置为

[r6]acl 2000	
[r6-acl-basic-2000]rule permit source any

[r6]int g0/0/0	
[r6-GigabitEthernet0/0/0]nat outbound 2000

在r9上配置缺省

[r9]ip route-static 0.0.0.0 0 69.1.1.1

用r9 ping r7

 用r9 ping r8

 至此，实验要求完成，实验结束