配置思路:
- 先配置设备的互联地址,以及MPLS VPN区域内的lookback接口地址(用于建立BGP邻居关系),CE设备内部的地址(可为lookback地址),如需建立isis则使用接口地址
- AR1的g0/0/0创建两个子接口,AR2的g0/0/1也创建两个子接口
- 必须先建立lookback口和接口地址的isis(或者其他路由协议,需保证地址可达),作用为:
- 首先,建立LDP关系的LSR ID必须使用可达的IP地址,且最好为lookbacp地址
- 其次BGP关系的建立也最好为lookbacp地址,且路由要可达(详细原因可见BGP理论知识)
- R2上创建VPN实例,一个入一个出,配置RT值,R3和R4也创建VPN实例
- RT值有三种方案
- 第一种,AR3出入全为10:10,AR4出入全为20:20,此时AR2的入VPN为入的10:10和20:20,出VPN为出的10:10和20:20
- 第二种,AR3和AR4出都是10:10,入都是20:20,此时AR2为入VPN为 入10:10,出VPN为出20:20
- 第三种方案不推荐,AR2创建两个VPN实例,都设置出和入,这样的话有多少分公司就要设置多少个VPN实例,不推荐
- 注意:要保证AR3的出不能和AR4的入一致,要不然有可能不经过AR1直接转到AR4?(会这样吗?什么情况下会这样)
- MP-BGP配置,PE之间建立BGP邻居关系,AR2分别和AR3和AR4建立邻居关系
- PE和CE之间建立ospf,AR2中在入VPN实例由BGP引入到OSPF,在出VPN实例中由OSPF引入到BGP中(因为入VPN实例只进不出,出VPN实例只出不进)
- AR1的ospf进程号可以一样,AR2的ospf进程号必须不同,因为对AR1来说,是跟两个设备建立ospf邻居关系
- ospf必须宣告接口地址不然建立不起来,另外还需宣告业务地址(lookback地址)
- AR3和AR4双向引入
- 注:直连路由的下一跳为直连对端设备的IP地址,流量的走向的反方向就是路由传递的方向!!
- 在R2上取消ospf防环机制,DN置位和tag值
AR1:
[V200R003C00]
#
interface GigabitEthernet0/0/0
#
interface GigabitEthernet0/0/0.1
dot1q termination vid 10
ip address 10.1.5.2 255.255.255.0
ospf enable 1 area 0.0.0.0
arp broadcast enable
#
interface GigabitEthernet0/0/0.2
dot1q termination vid 20
ip address 10.1.6.1 255.255.255.0
ospf enable 1 area 0.0.0.0
arp broadcast enable
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
#
ospf 1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 10.1.5.0 0.0.0.255
network 10.1.6.0 0.0.0.255
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
AR2:
[V200R003C00]
#
ip vpn-instance ex
ipv4-family
route-distinguisher 22:22
vpn-target 20:20 export-extcommunity
#
ip vpn-instance im
ipv4-family
route-distinguisher 12:12
vpn-target 10:10 import-extcommunity
#
mpls lsr-id 2.2.2.2
mpls
#
mpls ldp
#
#
isis 1
is-level level-2
network-entity 49.0000.0000.0010.00
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 10.1.3.1 255.255.255.0
isis enable 1
isis circuit-level level-2
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/1.1
dot1q termination vid 10
ip binding vpn-instance im
ip address 10.1.5.1 255.255.255.0
ospf enable 1 area 0.0.0.0
arp broadcast enable
#
interface GigabitEthernet0/0/1.2
dot1q termination vid 20
ip binding vpn-instance ex
ip address 10.1.6.2 255.255.255.0
ospf enable 2 area 0.0.0.0
arp broadcast enable
#
interface GigabitEthernet0/0/2
ip address 10.1.2.2 255.255.255.0
isis enable 1
isis circuit-level level-2
mpls
mpls ldp
#
interface NULL0
#
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
isis enable 1
isis circuit-level level-2
#
bgp 100
peer 3.3.3.3 as-number 100
peer 3.3.3.3 connect-interface LoopBack0
peer 4.4.4.4 as-number 100
peer 4.4.4.4 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
peer 3.3.3.3 enable
peer 4.4.4.4 enable
#
ipv4-family vpnv4
policy vpn-target
peer 3.3.3.3 enable
peer 4.4.4.4 enable
#
ipv4-family vpn-instance ex
import-route ospf 2
#
ipv4-family vpn-instance im
#
ospf 1 vpn-instance im
import-route bgp
dn-bit-set disable summary
dn-bit-set disable ase
area 0.0.0.0
network 10.1.5.0 0.0.0.255
#
ospf 2 vpn-instance ex
route-tag disable
area 0.0.0.0
network 10.1.6.0 0.0.0.255
#
wlan ac
#
return
AR3:
[V200R003C00]
#
ip vpn-instance a
ipv4-family
route-distinguisher 33:33
vpn-target 10:10 export-extcommunity
vpn-target 20:20 import-extcommunity
#
mpls lsr-id 3.3.3.3
mpls
#
mpls ldp
#
#
isis 1
is-level level-2
network-entity 49.0000.0000.0001.00
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 10.1.2.1 255.255.255.0
isis enable 1
isis circuit-level level-2
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
ip binding vpn-instance a
ip address 10.1.1.2 255.255.255.0
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 3.3.3.3 255.255.255.255
isis enable 1
isis circuit-level level-2
#
bgp 100
peer 2.2.2.2 as-number 100
peer 2.2.2.2 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
peer 2.2.2.2 enable
#
ipv4-family vpnv4
policy vpn-target
peer 2.2.2.2 enable
#
ipv4-family vpn-instance a
import-route ospf 1
#
ospf 1 vpn-instance a
import-route bgp
area 0.0.0.0
network 10.1.1.0 0.0.0.255
#
return
AR4:
[V200R003C00]
#
ip vpn-instance b
ipv4-family
route-distinguisher 14:14
vpn-target 10:10 export-extcommunity
vpn-target 20:20 import-extcommunity
#
mpls lsr-id 4.4.4.4
mpls
#
mpls ldp
#
#
isis 1
is-level level-2
network-entity 49.0000.0000.0011.00
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip binding vpn-instance b
ip address 10.1.4.1 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 10.1.3.2 255.255.255.0
isis enable 1
isis circuit-level level-2
mpls
mpls ldp
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 4.4.4.4 255.255.255.255
isis enable 1
isis circuit-level level-2
#
bgp 100
peer 2.2.2.2 as-number 100
peer 2.2.2.2 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
peer 2.2.2.2 enable
#
ipv4-family vpnv4
policy vpn-target
peer 2.2.2.2 enable
#
ipv4-family vpn-instance b
import-route ospf 1
#
ospf 1 vpn-instance b
import-route bgp
area 0.0.0.0
network 10.1.4.0 0.0.0.255
#
AR5:
[V200R003C00]
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 10.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 5.5.5.5 255.255.255.255
#
ospf 1
area 0.0.0.0
network 5.5.5.5 0.0.0.0
network 10.1.1.0 0.0.0.255
#
return
AR6:
[V200R003C00]
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 10.1.4.2 255.255.255.0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 6.6.6.6 255.255.255.255
#
ospf 1
area 0.0.0.0
network 6.6.6.6 0.0.0.0
network 10.1.4.0 0.0.0.255
#
return
