华为mpls vpn hub&spoke经典案例组网_ci

AR4总部CE和isp的R1用一条物理链路,做成两条线连接,一条用子接口,2条一个是进入的流量,一个是出去的流量

主要是靠RT和RD来实现,有两种方法:
第一种:
原理是AR5和AR6发出的RT export报文全部对应R1上面的RT import,也就是说R1上面RT import设个队列(本身RT就可以设置多个),一个对应R5的出RT,一个对应R6的出RT,AR1上面的出RT export思路刚好相反,同样配置。

第二种:
如果R5和R6都设置相同的出和入RT,那R1就只设备一个出和入RT就可以了,同时可以接收和发送给两台设备,本案例配置就是这样,这样最简单。

分部R6的as号和总部重复了,用sub替换AS号解决,isp区域R1和总部R4用双线in和out也有as重复的问题,一个口子用sub替换as号做,一个口子用allow-so-loop来允许重复次数来做,思路是所有的as冲突问题都在isp部分来做,ce客户端不做配置。

ospf在发布loopback口子网络时,只支持32位,不支持24位,要支持就得打一条命令:
ospf network-type broadcast

实现效果:AR5和AR6的bgp路由来回都走总部AR4绕行

R1配置:

router id 1.1.1.1

wlan ac-global carrier id other ac id 0

set cpu-usage threshold 80 restore 75

ip vpn-instance in
ipv4-family
route-distinguisher 100:1
vpn-target 100:101 import-extcommunity

ip vpn-instance out
ipv4-family
route-distinguisher 100:11
vpn-target 100:100 export-extcommunity

mpls lsr-id 1.1.1.1
mpls

mpls ldp

isis 1
is-level level-2
cost-style wide
network-entity 49.0001.0000.0000.0001.00
is-name r1

firewall zone Local
priority 15

interface GigabitEthernet0/0/0
ip binding vpn-instance out
ip address 172.16.1.1 255.255.255.0

interface GigabitEthernet0/0/0.10
dot1q termination vid 10
ip binding vpn-instance in
ip address 172.16.10.1 255.255.255.0
arp broadcast enable

interface GigabitEthernet0/0/1
ip address 10.0.12.1 255.255.255.0
isis enable 1
isis circuit-type p2p
isis ppp-negotiation 3-way only
mpls
mpls ldp

interface GigabitEthernet0/0/2
ip address 10.0.13.1 255.255.255.0
isis enable 1
isis circuit-type p2p
isis ppp-negotiation 3-way only
mpls
mpls ldp

interface NULL0

interface LoopBack0
ip address 1.1.1.1 255.255.255.255
isis enable 1

bgp 100
peer 2.2.2.2 as-number 100
peer 2.2.2.2 connect-interface LoopBack0
peer 3.3.3.3 as-number 100
peer 3.3.3.3 connect-interface LoopBack0

ipv4-family unicast
undo synchronization
peer 2.2.2.2 enable
peer 3.3.3.3 enable

ipv4-family vpnv4
policy vpn-target
peer 2.2.2.2 enable
peer 3.3.3.3 enable

ipv4-family vpn-instance in
peer 172.16.10.2 as-number 65000
peer 172.16.10.2 substitute-as

ipv4-family vpn-instance out
peer 172.16.1.2 as-number 65000
peer 172.16.1.2 allow-as-loop 2

R2

router id 2.2.2.2

wlan ac-global carrier id other ac id 0

set cpu-usage threshold 80 restore 75

ip vpn-instance vpn
ipv4-family
route-distinguisher 100:2
vpn-target 100:101 export-extcommunity
vpn-target 100:100 import-extcommunity

mpls lsr-id 2.2.2.2
mpls

mpls ldp

isis 1
is-level level-2
cost-style wide
network-entity 49.0001.0000.0000.0002.00
is-name r2

firewall zone Local
priority 15

interface GigabitEthernet0/0/0
ip address 10.0.12.2 255.255.255.0
isis enable 1
isis circuit-type p2p
isis ppp-negotiation 3-way only
mpls
mpls ldp

interface GigabitEthernet0/0/1
ip binding vpn-instance vpn
ip address 172.16.2.1 255.255.255.0

interface GigabitEthernet0/0/2

interface NULL0

interface LoopBack0
ip address 2.2.2.2 255.255.255.255
isis enable 1

bgp 100
peer 1.1.1.1 as-number 100
peer 1.1.1.1 connect-interface LoopBack0
peer 3.3.3.3 as-number 100
peer 3.3.3.3 connect-interface LoopBack0

ipv4-family unicast
undo synchronization
peer 1.1.1.1 enable
peer 3.3.3.3 enable

ipv4-family vpnv4
policy vpn-target
peer 1.1.1.1 enable
peer 3.3.3.3 enable

ipv4-family vpn-instance vpn
import-route ospf 1 route-policy test

ospf 1 vpn-instance vpn
import-route bgp
area 0.0.0.0
network 172.16.2.1 0.0.0.0

route-policy test permit node 10
if-match ip-prefix test

ip ip-prefix test index 10 permit 5.5.5.0 24

R3:

router id 3.3.3.3

wlan ac-global carrier id other ac id 0

set cpu-usage threshold 80 restore 75

ip vpn-instance vpn
ipv4-family
route-distinguisher 100:3
vpn-target 100:101 export-extcommunity
vpn-target 100:100 import-extcommunity

mpls lsr-id 3.3.3.3
mpls

mpls ldp

isis 1
is-level level-2
cost-style wide
network-entity 49.0001.0000.0000.0003.00
is-name r3

firewall zone Local
priority 15

interface GigabitEthernet0/0/0
ip address 10.0.13.3 255.255.255.0
isis enable 1
isis circuit-type p2p
isis ppp-negotiation 3-way only
mpls
mpls ldp

interface GigabitEthernet0/0/1
ip binding vpn-instance vpn
ip address 172.16.3.1 255.255.255.0

interface GigabitEthernet0/0/2

interface NULL0

interface LoopBack0
ip address 3.3.3.3 255.255.255.255
isis enable 1

bgp 100
peer 1.1.1.1 as-number 100
peer 1.1.1.1 connect-interface LoopBack0
peer 2.2.2.2 as-number 100
peer 2.2.2.2 connect-interface LoopBack0

ipv4-family unicast
undo synchronization
peer 1.1.1.1 enable
peer 2.2.2.2 enable

ipv4-family vpnv4
policy vpn-target
peer 1.1.1.1 enable
peer 2.2.2.2 enable

ipv4-family vpn-instance vpn
peer 172.16.3.2 as-number 65000
peer 172.16.3.2 substitute-as

R4

router id 4.4.4.4

wlan ac-global carrier id other ac id 0

set cpu-usage threshold 80 restore 75

firewall zone Local
priority 15

interface GigabitEthernet0/0/0
ip address 172.16.1.2 255.255.255.0

interface GigabitEthernet0/0/0.10
dot1q termination vid 10
ip address 172.16.10.2 255.255.255.0
arp broadcast enable

interface GigabitEthernet0/0/1

interface GigabitEthernet0/0/2

interface NULL0

interface LoopBack0
ip address 10.0.4.4 255.255.255.0

bgp 65000
peer 172.16.1.1 as-number 100
peer 172.16.10.1 as-number 100

ipv4-family unicast
undo synchronization
network 10.0.4.0 255.255.255.0
peer 172.16.1.1 enable
peer 172.16.10.1 enable

R5:

interface GigabitEthernet0/0/0
ip address 172.16.2.2 255.255.255.0

interface GigabitEthernet0/0/1

interface GigabitEthernet0/0/2

interface NULL0

interface LoopBack0
ip address 5.5.5.5 255.255.255.0
ospf network-type broadcast
ospf enable 1 area 0.0.0.0

ospf 1
area 0.0.0.0
network 172.16.2.2 0.0.0.0

R6

router id 6.6.6.6

interface GigabitEthernet0/0/0
ip address 172.16.3.2 255.255.255.0

interface GigabitEthernet0/0/1

interface GigabitEthernet0/0/2

interface NULL0

interface LoopBack0
ip address 6.6.6.6 255.255.255.255

bgp 65000
peer 172.16.3.1 as-number 100

ipv4-family unicast
undo synchronization
network 6.6.6.6 255.255.255.255
peer 172.16.3.1 enable