MPLS VPN案例

一、实验拓扑：

二、需求概述：

相同公司内网可以通信，公司B分支1和分支2 不能互通！！

三、配置过程：

R1:

sysname R1

undo info-center enable

interface GigabitEthernet0/0/0

 ip address 16.1.1.1 255.255.255.0

interface LoopBack0

 ip address 192.1.1.1 255.255.255.255

ospf 1 router-id 1.1.1.1

 area 0.0.0.0

  network 192.1.1.1 0.0.0.0

  network 16.1.1.0 0.0.0.255

R2:

sysname R2

undo info-center enable

interface GigabitEthernet0/0/0

 ip address 26.1.1.2 255.255.255.0

interface LoopBack0

 ip address 192.2.2.2 255.255.255.255

ospf 1 router-id 192.2.2.2

 area 0.0.0.0

  network 26.1.1.2 0.0.0.0

  network 192.2.2.2 0.0.0.0

ip route-static 0.0.0.0 0.0.0.0 26.1.1.6

R3:

sysname R3

undo info-center enable

interface GigabitEthernet0/0/0

 ip address 36.1.1.3 255.255.255.0

interface LoopBack0

 ip address 192.3.3.3 255.255.255.255

bgp 300

 router-id 3.3.3.3

 peer 36.1.1.6 as-number 400

 ipv4-family unicast

  undo synchronization

  network 36.1.1.0 255.255.255.0

  network 192.3.3.3 255.255.255.255

  peer 36.1.1.6 enable

R4：

sysname R4

undo info-center enable

interface GigabitEthernet0/0/0

 ip address 49.1.1.4 255.255.255.0

interface LoopBack0

 ip address 192.4.4.4 255.255.255.255

ospf 1

 area 0.0.0.0

  network 192.4.4.4 0.0.0.0

  network 49.1.1.0 0.0.0.255

R5:

sysname R5

undo info-center enable

interface GigabitEthernet0/0/0

 ip address 59.1.1.5 255.255.255.0

interface LoopBack0

 ip address 192.5.5.5 255.255.255.255

bgp 500

 router-id 5.5.5.5

 peer 59.1.1.9 as-number 400

 ipv4-family unicast

  undo synchronization

  network 59.1.1.0 255.255.255.0

  network 192.5.5.5 255.255.255.255

  peer 59.1.1.9 enable

R6:

sysname R6

ip vpn-instance s1

 ipv4-family

  route-distinguisher 100:100

  vpn-target 10:10 export-extcommunity

  vpn-target 40:40 import-extcommunity

ip vpn-instance s2

 ipv4-family

  route-distinguisher 200:200

  vpn-target 20:20 export-extcommunity

  vpn-target 40:40 import-extcommunity

ip vpn-instance s3

 ipv4-family

  route-distinguisher 300:300

  vpn-target 30:30 export-extcommunity

  vpn-target 50:50 import-extcommunity

mpls lsr-id 6.6.6.6

mpls

mpls ldp

interface GigabitEthernet0/0/0

 ip binding vpn-instance s1

 ip address 16.1.1.6 255.255.255.0 

interface GigabitEthernet0/0/1

 ip binding vpn-instance s2

 ip address 26.1.1.6 255.255.255.0 

interface GigabitEthernet0/0/2

 ip binding vpn-instance s3

 ip address 36.1.1.6 255.255.255.0 

interface GigabitEthernet3/0/0

 ip address 67.1.1.6 255.255.255.0 

 mpls

 mpls ldp

interface LoopBack0

 ip address 6.6.6.6 255.255.255.255 

bgp 400

 router-id 6.6.6.6

 peer 9.9.9.9 as-number 400 

 peer 9.9.9.9 connect-interface LoopBack0

 ipv4-family unicast

  undo synchronization

  undo peer 9.9.9.9 enable

 ipv4-family vpnv4

  policy vpn-target

  peer 9.9.9.9 enable

 ipv4-family vpn-instance s1 

  import-route ospf 2

 ipv4-family vpn-instance s2 

  import-route ospf 3

 ipv4-family vpn-instance s3 

  peer 36.1.1.3 as-number 300 

ospf 1 router-id 6.6.6.6 

 area 0.0.0.0 

  network 6.6.6.6 0.0.0.0 

  network 67.1.1.6 0.0.0.0 

ospf 2 vpn-instance s1

 import-route bgp

 area 0.0.0.0 

  network 16.1.1.6 0.0.0.0 

ospf 3 vpn-instance s2

 import-route bgp

 area 0.0.0.0 

  network 26.1.1.0 0.0.0.255 

ip route-static vpn-instance s2 192.2.2.0 255.255.255.0 26.1.1.2

R7:

sysname R7

mpls lsr-id 7.7.7.7

mpls

 lsp-trigger all 

mpls ldp

interface GigabitEthernet0/0/0

 ip address 67.1.1.7 255.255.255.0 

 mpls

 mpls ldp

interface GigabitEthernet0/0/1

 ip address 78.1.1.7 255.255.255.0 

 mpls

 mpls ldp

interface LoopBack0

 ip address 7.7.7.7 255.255.255.255 

ospf 1 

 area 0.0.0.0 

  network 7.7.7.7 0.0.0.0 

  network 67.1.1.7 0.0.0.0 

  network 78.1.1.7 0.0.0.0 

R8:

sysname R8

undo info-center enable

mpls lsr-id 8.8.8.8

mpls

 lsp-trigger all

mpls ldp

interface GigabitEthernet0/0/0

 ip address 78.1.1.8 255.255.255.0

 mpls

 mpls ldp

interface GigabitEthernet0/0/1

 ip address 89.1.1.8 255.255.255.0

 mpls

 mpls ldp

interface LoopBack0

 ip address 8.8.8.8 255.255.255.255

ospf 1

 area 0.0.0.0

  network 8.8.8.8 0.0.0.0

  network 78.1.1.8 0.0.0.0

  network 89.1.1.8 0.0.0.0

R9:

sysname R9

ip vpn-instance s4

 ipv4-family

  route-distinguisher 400:400

  vpn-target 40:40 export-extcommunity

  vpn-target 20:20 10:10 import-extcommunity

ip vpn-instance s5

 ipv4-family

  route-distinguisher 500:500

  vpn-target 50:50 export-extcommunity

  vpn-target 30:30 import-extcommunity

mpls lsr-id 9.9.9.9

mpls

 lsp-trigger all 

mpls ldp

interface GigabitEthernet0/0/0

 ip address 89.1.1.9 255.255.255.0 

 ospf enable 1 area 0.0.0.0

 mpls

 mpls ldp

interface GigabitEthernet0/0/1

 ip binding vpn-instance s4

 ip address 49.1.1.9 255.255.255.0 

interface GigabitEthernet0/0/2

 ip binding vpn-instance s5

 ip address 59.1.1.9 255.255.255.0 

interface LoopBack0

 ip address 9.9.9.9 255.255.255.255 

 ospf enable 1 area 0.0.0.0

bgp 400

 router-id 9.9.9.9

 peer 6.6.6.6 as-number 400 

 peer 6.6.6.6 connect-interface LoopBack0

 ipv4-family unicast

  undo synchronization

  undo peer 6.6.6.6 enable

 ipv4-family vpnv4

  undo policy vpn-target

  peer 6.6.6.6 enable

 ipv4-family vpn-instance s4 

  import-route ospf 2

 ipv4-family vpn-instance s5 

  peer 59.1.1.5 as-number 500 

ospf 1 

 area 0.0.0.0 

  network 9.9.9.9 0.0.0.0 

  network 89.1.1.9 0.0.0.0 

ospf 2 vpn-instance s4

 import-route bgp

 area 0.0.0.0 

  network 49.1.1.9 0.0.0.0 

四、测试过程：

查看lDP邻居情况：

查看vpn实例路由情况：

测试公司连通性：

公司B分支1到公司B总部:

公司B分支2到公司B总部：

公司A分支到公司A总部：

测试公司B分支1到公司B分支2：不通是正常现象，实验要求

测试不同公司间能否通信，不通为正常：

公司A分支到公司B总部：

至此实验完成！

实验拓扑点击阅读原文获取：

提取码：x6nz

END

本文分享自微信公众号 - 释然IT杂谈