一、实验要求
1,R1和R5是客户A两个站点的CE设备,R6和R7是客户B两个站点的CE设备。通过MPLS VPN
骨干网络分别连接不同客户的不同站点
2,R1和R5采用静态路由的方式传递私网路由;R6通过RIP将私网路由传递给PE设备;R7通
过OSPF将私网路由传递给PE设备
3,R7单独一根网线保证可以访问公网,R7可以访问R2/R3/R4环回
二、配置思路
1,规划网段
2,骨干网络配IP ,启动OSPF,MPLS ,LDP
3,PE设备上创建VRF空间
4,将接口划分到对应的VRF空间中
5,CE设备配IP
6,CE,PE路由
7,骨干运行BGP
8,发布路由(rip ospf 双向重发布)
9,R7单独一根网线保证可以访问公网,R7可以访问R2/R3/R4环回
三、配置命令
1,骨干网络配IP ,启动OSPF,MPLS ,LDP
R2
[r2]interface g0/0/1
[r2-GigabitEthernet0/0/1]ip address 23.0.0.1 24
[r2-GigabitEthernet0/0/1]interface loopback 0
[r2-LoopBack0]ip address 2.2.2.2 24
[r2]ospf 1 router-id 2.2.2.2
[r2-ospf-1]area 0
[r2-ospf-1-area-0.0.0.0]network 2.2.2.2 0.0.0.0
[r2-ospf-1-area-0.0.0.0]network 23.0.0.0 0.0.0.255
[r2]mpls lsr-id 2.2.2.2
[r2]mpls
[r2-mpls]mpls ldp
[r2-mpls-ldp]interface g0/0/1
[r2-GigabitEthernet0/0/1]mpls
[r2-GigabitEthernet0/0/1]mpls ldp
R3
[r3]interface g0/0/0
[r3-GigabitEthernet0/0/0]ip address 23.0.0.2 24
[r3-GigabitEthernet0/0/0]interface g0/0/1
[r3-GigabitEthernet0/0/1]ip address 34.0.0.1 24
[r3-GigabitEthernet0/0/1]interface loopback 0
[r3-LoopBack0]ip address 3.3.3.3 24
[r3]ospf 1 router-id 3.3.3.3
[r3-ospf-1]area 0
[r3-ospf-1-area-0.0.0.0]network 3.3.3.3 0.0.0.0
[r3-ospf-1-area-0.0.0.0]network 23.0.0.0 0.0.0.255
[r3-ospf-1-area-0.0.0.0]network 34.0.0.0 0.0.0.255
[r3]mpls lsr-id 3.3.3.3
[r3]mpls
[r3-mpls]mpls ldp
[r3-mpls-ldp]interface g0/0/0
[r3-GigabitEthernet0/0/0]mpls
[r3-GigabitEthernet0/0/0]mpls ldp
[r3-GigabitEthernet0/0/0]interface g0/0/1
[r3-GigabitEthernet0/0/1]mpls
[r3-GigabitEthernet0/0/1]mpls ldp
R4
[r4]interface g0/0/0
[r4-GigabitEthernet0/0/0]ip address 34.0.0.2 24
[r4-GigabitEthernet0/0/0]interface loopback 0
[r4-LoopBack0]ip address 4.4.4.4 24
[r4]ospf 1 router-id 4.4.4.4
[r4-ospf-1]area 0
[r4-ospf-1-area-0.0.0.0]network 4.4.4.4 0.0.0.0
[r4-ospf-1-area-0.0.0.0]network 34.0.0.0 0.0.0.255
[r4]mpls lsr-id 4.4.4.4
[r4]mpls
[r4-mpls]mpls ldp
[r4-mpls-ldp]interface g0/0/0
[r4-GigabitEthernet0/0/0]mpls
[r4-GigabitEthernet0/0/0]mpls ldp
2,PE设备上创建VRF空间
1,客户A站点1创建VRF a,定义RD,RT值
[r2]ip vpn-instance a
[r2-vpn-instance-a]route-distinguisher 100:1[r2-vpn-instance-a-af-ipv4]vpn-target 100:2 export-extcommunity
[r2-vpn-instance-a-af-ipv4]vpn-target 100:3 import-extcommunity
将G0/0/0接口划分到VRF a ,并配IP
[r2]interface g0/0/0
[r2-GigabitEthernet0/0/0]ip binding vpn-instance a
[r2-GigabitEthernet0/0/0]ip address 192.168.2.2 24
2,客户B站点1创建VRF b,定义RD,RT值
[r2]ip vpn-instance b
[r2-vpn-instance-b]route-distinguisher 200:1
[r2-vpn-instance-b-af-ipv4]vpn-target 200:2 export-extcommunity
[r2-vpn-instance-b-af-ipv4]vpn-target 200:3 import-extcommunity
将G0/0/2接口划分到VRF b ,并配IP
[r2]interface g0/0/2
[r2-GigabitEthernet0/0/2]ip binding vpn-instance b
[r2-GigabitEthernet0/0/2]ip address 192.168.6.1 24
3,客户A站点2创建VRF a,定义RD,RT值
[r4]ip vpn-instance a
[r4-vpn-instance-a]route-distinguisher 100:1
[r4-vpn-instance-a-af-ipv4]vpn-target 100:3 export-extcommunity
[r4-vpn-instance-a-af-ipv4]vpn-target 100:2 import-extcommunity
将G0/0/1接口划分到VRF a ,并配IP
[r4]interface g0/0/1
[r4-GigabitEthernet0/0/1]ip binding vpn-instance a
[r4-GigabitEthernet0/0/1]ip address 192.168.4.1 24
4,客户B站点2创建VRF b,定义RD,RT值
[r4]ip vpn-instance b
[r4-vpn-instance-b]route-distinguisher 200:1[r4-vpn-instance-b-af-ipv4]vpn-target 200:3 export-extcommunity
[r4-vpn-instance-b-af-ipv4]vpn-target 200:2 import-extcommunity
将G4/0/0接口划分到VRF a ,并配IP
[r4-vpn-instance-b]interface g4/0/0
[r4-GigabitEthernet4/0/0]ip binding vpn-instance b
[r4-GigabitEthernet4/0/0]ip address 192.168.10.1 24
3,CE设备配IP
R1
[r1]interface g0/0/0
[r1-GigabitEthernet0/0/0]ip add 192.168.2.1 24
[r1-GigabitEthernet0/0/0]interface loopback 0
[r1-LoopBack0]ip address 192.168.1.1 24
R6
[r6]interface g0/0/0
[r6-GigabitEthernet0/0/0]ip add 192.168.6.2 24
[r6-GigabitEthernet0/0/0]int l 0
[r6-LoopBack0]ip address 192.168.5.1 24
R5
[r5]interface g0/0/0
[r5-GigabitEthernet0/0/0]ip address 192.168.4.2 24
[r5-GigabitEthernet0/0/0]int l 0
[r5-LoopBack0]ip add 192.168.3.1 24
R7
[r7]interface g0/0/1
[r7-GigabitEthernet0/0/1]ip address 192.168.10.2 24
[r7-GigabitEthernet0/0/1]int l 0
[r7-LoopBack0]ip add 192.168.7.1 24
4,CE,PE路由
1, R1和R5采用静态路由的方式传递私网路由
[r1]ip route-static 192.168.3.0 24 192.168.2.2
[r1]ip route-static 192.168.4.0 24 192.168.2.2[r2]ip route-static vpn-instance a 192.168.1.0 24 192.168.2.1
[r5]ip route-static 192.168.1.0 24 192.168.4.1
[r5]ip route-static 192.168.2.0 24 192.168.4.1[r4]ip route-static vpn-instance a 192.168.3.0 24 192.168.4.2
2,R6采用RIP方式传递私网路由
[r6]rip 1
[r6-rip-1]version 2
[r6-rip-1]network 192.168.5.0
[r6-rip-1]network 192.168.6.0
[r2]rip 1 vpn-instance b
[r2-rip-1]network 192.168.6.0
3,R7采用OSPF方式传递私网路由
[r7]ospf 1 router-id 7.7.7.7
[r7-ospf-1]area 0
[r7-ospf-1-area-0.0.0.0]network 192.168.7.0 0.0.0.255
[r7-ospf-1-area-0.0.0.0]network 192.168.10.0 0.0.0.255
[r4]ospf 2 vpn-instance b router-id 4.4.4.4
[r4-ospf-2]area 0
[r4-ospf-2-area-0.0.0.0]network 192.168.10.0 0.0.0.255
5,骨干网络运行BGP
R2
[r2]bgp 1
[r2-bgp]router-id 2.2.2.2
[r2-bgp]peer 4.4.4.4 as 1
[r2-bgp]peer 4.4.4.4 connect-interface LoopBack 0[r2-bgp]peer 4.4.4.4 next-hop-local
[r2-bgp]ipv4-family vpnv4
[r2-bgp-af-vpnv4]peer 4.4.4.4 enable
R4
[r4]bgp 1
[r4-bgp]router-id 4.4.4.4
[r4-bgp]peer 2.2.2.2 as 1
[r4-bgp]peer 2.2.2.2 connect-interface loopback 0[r4-bgp]peer 2.2.2.2 next-hop-local
[r4-bgp]ipv4-family vpnv4
[r4-bgp-af-vpnv4]peer 2.2.2.2 enable
6,发布路由
R2静态
[r2]bgp 1
[r2-bgp]ipv4-family vpn-instance a[r2-bgp-a]network 192.168.1.0 24
[r2-bgp-a]network 192.168.2.0 24
R4静态
[r4-bgp]bgp 1
[r4-bgp]ipv4-family vpn-instance a
[r4-bgp-a]network 192.168.3.0 24
[r4-bgp-a]network 192.168.4.0 24
R2上双向重发布
[r2]bgp 1
[r2-bgp]ipv4-family vpn-instance b
[r2-bgp-b]import-route rip 1
[r2]rip 1
[r2-rip-1]version 2
[r2-rip-1]import-route bgp
R4上双向重发布
[r4]bgp 1
[r4-bgp]ipv4-family vpn-instance b
[r4-bgp-b]import-route ospf 2
[r4]ospf 2
[r4-ospf-2]import-route bgp
7,R7单独一根网线保证可以访问公网,R7可以访问R2/R3/R4环回
[r4]int g0/0/2
[r4-GigabitEthernet0/0/2]ip add 47.0.0.1 24
[r7]int g0/0/0
[r7-GigabitEthernet0/0/0]ip add 47.0.0.2 24[r4-ospf-1-area-0.0.0.0]network 47.0.0.0 0.0.0.255
[r7]ip route-static 0.0.0.0 0 47.0.0.1