在华为设备中配置Hub&Spoke  
如果希望在×××中设置中心访问控制设备,其它用户的互访都通过中心访问控制设备进行,可以使用Hub&Spoke组网方案,使得Spoke站点之间的通信通过Hub站点进行。其中,中心访问控制设备所在站点称为Hub站点,其他用户站点称为Spoke站点。Hub站点侧接入×××骨干网的设备叫Hub-CE;Spoke站点侧接入×××骨干网的设备叫Spoke-CE。×××骨干网侧接入Hub站点的设备叫Hub-PE,接入Spoke站点的设备叫Spoke-PE。
 
  • 每个Spoke-PE上配置一个IPv6 ×××实例;Hub-PE需配置两个IPv6 ×××实例(例如,vpn-in和vpn-out):vpn-in用于接收并维护所有Spoke-PE发布的×××-IPv6路由;vpn-out用于维护Hub站点及所有Spoke站点的路由,并发布给所有Spoke-PE。
  • Hub-PE上需要使用两个接口或子接口:一个绑定vpn-in,另一个绑定vpn-out。
  • ×××-Target的配置规则为:
    • vpn-in的Import ×××-Target属性列表包括所有Spoke-PE的Export ×××-Target属性值。
    • vpn-out的Export ×××-Target属性列表包括所有Spoke-PE的Import ×××-Target属性值。
    • vpn-out的Export ×××-Target属性列表与vpn-in的Import ×××-Target属性列表不能有相同属性值。
    • vpn-out的Import ×××-Target属性列表与vpn-in的Export ×××-Target属性列表也不能有相同的属性值。
建议不配置vpn-in的Export ×××-Target和vpn-out的Import ×××-Target。默认情况下,×××实例没有Export ×××-Target和Import ×××-Target属性。
  • Hub-PE与Spoke-PE之间建立隧道和IBGP对等体关系;Spoke-PE之间不建立隧道和IBGP对等体关系,不交换×××路由信息。
 
注意×××-Target的配置规则。
当Hub-CE与Hub-PE之间使用EBGP时,Hub-PE上必须手工配置允许本地AS编号重复(在BGP-×××v4地址族视图下配置命令peer { ip-address | group-name } allow-as-loop [ number ])。
如果Spoke-PE与Spoke-CE使用EBGP,则Hub-CE与Hub-PE可以使用EBGP或默认路由,但不能使用IGP。
配置实例一 组网需求
如下图,Spoke-CE之间的通信通过中心站点Hub-CE控制,即Spoke-CE之间的流量经过Hub-CE转发,而不是只经过Hub-PE转发。要求Hub-CE与Hub-PE之间,Spoke-PE与Spoke-CE之间都使用EBGP交换路由信息。
在华为/H3C设备中配置Hub&Spoke  _VPN_02
 
适用产品和版本
采用NE系列路由器,版本为(VRP5.30)及后续版本。
说明
  • PE路由器推荐采用NE80E、NE40E、NE80、NE40、NE20E、NE20、NE16E或NE08E。
  • CE路由器推荐采用NE80、NE40、NE20E、NE20、NE16E、NE08E或NE05。
配置步骤
步骤 1     在骨干网上配置IGP协议,实现骨干网Hub-PE和Spoke-PE的互通
本例中采用OSPF,具体配置过程略。
配置完成后,PE之间应能建立OSPF邻居关系,执行display ospf peer命令可以看到邻居状态为Full。执行display ip routing-table命令可以看到PE之间学习到对方的Loopback路由。
步骤 2     在骨干网上配置MPLS基本能力和MPLS LDP,建立LDP LSP
具体配置过程略。
配置完成后,Hub-PE和Spoke-PE之间应该建立起LDP对等体关系,在各路由器上执行display mpls ldp session命令可以看到显示结果中Session State项为“Operational”。
步骤 3     在各PE路由器上配置×××实例,将CE接入PE
说明
注意Hub-PE与Spoke-PE上的××× Target属性设置。
Hub-PE的两个×××实例的×××-target分别为两个Spoke-PE发布的×××-target,且发布的×××-target与接收的×××-target不同。Spoke-PE的×××实例引入的×××-target为Hub-PE发布的×××-target。
# 配置Spoke-PE1。
[Spoke-PE1] ip vpn-instance vpna
[Spoke-PE1-vpn-instance-vpna] route-distinguisher 100:1
[Spoke-PE1-vpn-instance-vpna] vpn-target 100:1 export-extcommunity
[Spoke-PE1-vpn-instance-vpna] vpn-target 200:1 import-extcommunity
[Spoke-PE1-vpn-instance-vpna] quit
[Spoke-PE1] interface gigabitethernet 1/0/0
[Spoke-PE1-GigabitEthernet1/0/0] ip binding vpn-instance vpna
[Spoke-PE1-GigabitEthernet1/0/0] ip address 100.1.1.2 24
[Spoke-PE1-GigabitEthernet1/0/0] quit
# 配置Spoke-PE2。
[Spoke-PE2] ip vpn-instance vpna
[Spoke-PE2-vpn-instance-vpna] route-distinguisher 100:3
[Spoke-PE2-vpn-instance-vpna] vpn-target 100:1 export-extcommunity
[Spoke-PE2-vpn-instance-vpna] vpn-target 200:1 import-extcommunity
[Spoke-PE2-vpn-instance-vpna] quit
[Spoke-PE2] interface gigabitethernet 1/0/0
[Spoke-PE2-GigabitEthernet1/0/0] ip binding vpn-instance vpna
[Spoke-PE2-GigabitEthernet1/0/0] ip address 120.1.1.2 24
[Spoke-PE2-GigabitEthernet1/0/0] quit
# 配置Hub-PE。
[Hub-PE] ip vpn-instance vpn_in
[Hub-PE-vpn-instance-vpn_in] route-distinguisher 100:21
[Hub-PE-vpn-instance-vpn_in] vpn-target 100:1 import-extcommunity
[Hub-PE-vpn-instance-vpn_in] quit
[Hub-PE] ip vpn-instance vpn_out
[Hub-PE-vpn-instance-vpn_out] route-distinguisher 100:22
[Hub-PE-vpn-instance-vpn_out] vpn-target 200:1 export-extcommunity
[Hub-PE-vpn-instance-vpn_out] quit
[Hub-PE] interface gigabitethernet 3/0/0
[Hub-PE-GigabitEthernet3/0/0] ip binding vpn-instance vpn_in
[Hub-PE-GigabitEthernet3/0/0] ip address 110.1.1.2 24
[Hub-PE-GigabitEthernet3/0/0] quit
[Hub-PE] interface gigabitethernet 4/0/0
[Hub-PE-GigabitEthernet4/0/0] ip binding vpn-instance vpn_out
[Hub-PE-GigabitEthernet4/0/0] ip address 110.2.1.2 24
[Hub-PE-GigabitEthernet4/0/0] quit
# 按图1-1配置各CE的接口IP地址,配置过程略。
配置完成后,在PE路由器上执行display ip vpn-instance verbose命令可以看到×××实例的配置情况。各PE能用命令ping -vpn-instance vpn-name ip-address ping通自己接入的CE。
说明
当PE上有多个绑定了同一个×××的接口,则使用ping -vpn-instance 命令ping对端PE接入的CE时,要指定源IP地址,即要指定ping -vpn-instance vpn-instance-name -a source-ip-address dest-ip-address命令中的参数-a source-ip-address,否则可能ping不通。
步骤 4     在PE与CE之间建立EBGP对等体关系,引入×××路由
说明
Hub-PE上需要配置允许AS号重复一次,以接收Hub-CE发布的路由。
# 配置Spoke-CE1。
[Spoke-CE1] bgp 65410
[Spoke-CE1-bgp] peer 100.1.1.2 as-number 100
[Spoke-CE1-bgp] import-route direct
[Spoke-CE1-bgp] quit
# 配置Spoke-PE1。
[Spoke-PE1] bgp 100
[Spoke-PE1-bgp] ipv4-family vpn-instance vpna
[Spoke-PE1-bgp-vpna] peer 100.1.1.1 as-number 65410
[Spoke-PE1-bgp-vpna] import-route direct
[Spoke-PE1-bgp-vpna] quit
[Spoke-PE1-bgp] quit
# 配置Spoke-CE2。
[Spoke-CE2] bgp 65420
[Spoke-CE2-bgp] peer 120.1.1.2 as-number 100
[Spoke-CE2-bgp] import-route direct
[Spoke-CE2-bgp] quit
# 配置Spoke-PE2。
[Spoke-PE2] bgp 100
[Spoke-PE2-bgp] ipv4-family vpn-instance vpna
[Spoke-PE2-bgp-vpna] peer 120.1.1.1 as-number 65420
[Spoke-PE2-bgp-vpna] import-route direct
[Spoke-PE2-bgp-vpna] quit
[Spoke-PE2-bgp] quit
# 配置Hub-CE。
[Hub-CE] bgp 65430
[Hub-CE-bgp] peer 110.1.1.2 as-number 100
[Hub-CE-bgp] peer 110.2.1.2 as-number 100
[Hub-CE-bgp] import-route direct
[Hub-CE-bgp] quit
# 配置Hub-PE。
[Hub-PE] bgp 100
[Hub-PE-bgp] ipv4-family vpn-instance vpn_in
[Hub-PE-bgp-vpn_in] peer 110.1.1.1 as-number 65430
[Hub-PE-bgp-vpn_in] import-route direct
[Hub-PE-bgp-vpn_in] quit
[Hub-PE-bgp] ipv4-family vpn-instance vpn_out
[Hub-PE-bgp-vpn_out] peer 110.2.1.1 as-number 65430
[Hub-PE-bgp-vpn_out] peer 110.2.1.1 allow-as-loop 1
[Hub-PE-bgp-vpn_out] import-route direct
[Hub-PE-bgp-vpn_out] quit
[Hub-PE-bgp] quit
配置完成后,在各PE路由器上执行display bgp vpnv4 all peer命令,可以看到PE与CE之间的BGP对等体关系已建立,并达到Established状态。
步骤 5     在PE之间建立MP-IBGP对等体关系
说明
Spoke-PE上不需要配置允许AS号重复一次,因为路由器接收IBGP对等体发布的路由时并不检查其中的AS-PATH属性。
# 配置Spoke-PE1。
[Spoke-PE1] bgp 100
[Spoke-PE1-bgp] peer 2.2.2.9 as-number 100
[Spoke-PE1-bgp] peer 2.2.2.9 connect-interface loopback 1
[Spoke-PE1-bgp] ipv4-family vpnv4
[Spoke-PE1-bgp-af-vpnv4] peer 2.2.2.9 enable
[Spoke-PE1-bgp-af-vpnv4] quit
# 配置Spoke-PE2。
[Spoke-PE2] bgp 100
[Spoke-PE2-bgp] peer 2.2.2.9 as-number 100
[Spoke-PE2-bgp] peer 2.2.2.9 connect-interface loopback 1
[Spoke-PE2-bgp] ipv4-family vpnv4
[Spoke-PE2-bgp-af-vpnv4] peer 2.2.2.9 enable
[Spoke-PE2-bgp-af-vpnv4] quit
# 配置Hub-PE。
[Hub-PE] bgp 100
[Hub-PE-bgp] peer 1.1.1.9 as-number 100
[Hub-PE-bgp] peer 1.1.1.9 connect-interface loopback 1
[Hub-PE-bgp] peer 3.3.3.9 as-number 100
[Hub-PE-bgp] peer 3.3.3.9 connect-interface loopback 1
[Hub-PE-bgp] ipv4-family vpnv4
[Hub-PE-bgp-af-vpnv4] peer 1.1.1.9 enable
[Hub-PE-bgp-af-vpnv4] peer 3.3.3.9 enable
[Hub-PE-bgp-af-vpnv4] quit
配置完成后,在各PE路由器上执行display bgp peerdisplay bgp vpnv4 all peer命令,可以看到PE之间的BGP对等体关系已建立,并达到Established状态。
验证结果
完成上述配置后,Spoke-CE之间可以相互Ping通,使用Tracert可以看到Spoke-CE之间的流量经过Hub-CE转发,也可以通过Ping结果中的TTL值推算Spoke-CE之间经过的转发设备数目。
以Spoke-CE1的显示为例:
[Spoke-CE1] ping 120.1.1.1
  PING 120.1.1.1: 56  data bytes, press CTRL_C to break
    Reply from 120.1.1.1: bytes=56 Sequence=1 ttl=250 time=80 ms
    Reply from 120.1.1.1: bytes=56 Sequence=2 ttl=250 time=129 ms
    Reply from 120.1.1.1: bytes=56 Sequence=3 ttl=250 time=132 ms
    Reply from 120.1.1.1: bytes=56 Sequence=4 ttl=250 time=92 ms
    Reply from 120.1.1.1: bytes=56 Sequence=5 ttl=250 time=126 ms
  --- 120.1.1.1 ping statistics ---
    5 packet(s) transmitted
    5 packet(s) received
    0.00% packet loss
    round-trip min/avg/max = 80/111/132 ms
[Spoke-CE1] tracert 120.1.1.1
traceroute to  120.1.1.1(120.1.1.1) 30 hops max,40 bytes packet
1 100.1.1.2 24 ms  19 ms  11 ms
2 110.2.1.2 87 ms  60 ms  58 ms
3 110.2.1.1 59 ms  27 ms  53 ms
4 110.1.1.2 41 ms  34 ms  56 ms
5 120.1.1.2 90 ms  66 ms  75 ms
6 120.1.1.1 143 ms  96 ms  90 ms
在Spoke-CE上执行display bgp routing-table命令,可以看到去往对端Spoke-CE的BGP路由的AS路径中存在重复的AS号。
以Spoke-CE1的显示为例:
[Spoke-CE1] display bgp routing-table
Total Number of Routes: 6
BGP Local router ID is 100.1.1.1
Status codes: * - valid, > - best, d - damped,
              h - history,  i - internal, s - suppressed, S - Stale
              Origin : i - IGP, e - EGP, ? - incomplete
     Network         NextHop      MED    LocPrf    PrefVal Path/Ogn
*>  100.1.1.0/24    0.0.0.0       0                 0      ?
*                   100.1.1.2     0                 0      100?
*>  100.1.1.1/32    0.0.0.0       0                 0      ?
*>  110.1.1.0/24    100.1.1.2                       0      100 65430?
*>  110.2.1.0/24    100.1.1.2                       0      100?
*>  120.1.1.0/24    100.1.1.2                       0      100 65430 100?
配置文件
  • Hub-CE的配置文件
#
sysname Hub-CE
#
interface GigabitEthernet1/0/0
ip address 110.1.1.1 255.255.255.0
#
interface GigabitEthernet2/0/0
ip address 110.2.1.1 255.255.255.0
#
bgp 65430
peer 110.1.1.2 as-number 100
peer 110.2.1.2 as-number 100
#
ipv4-family unicast
  undo synchronization
  import-route direct
  peer 110.2.1.2 enable
  peer 110.1.1.2 enable
#
return
  • Hub-PE的配置文件
#
sysname Hub-PE
#
ip vpn-instance vpn_in
route-distinguisher 100:21
vpn-target 100:1 import-extcommunity
#
ip vpn-instance vpn_out
route-distinguisher 100:22
vpn-target 200:1 export-extcommunity
#
mpls lsr-id 2.2.2.9
mpls
  lsp-trigger all
#
mpls ldp
#
interface GigabitEthernet3/0/0
ip binding vpn-instance vpn_in
ip address 110.1.1.2 255.255.255.0
#
interface GigabitEthernet4/0/0
ip binding vpn-instance vpn_out
ip address 110.2.1.2 255.255.255.0
#
interface Pos1/0/0
link-protocol ppp
ip address 10.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Pos2/0/0
link-protocol ppp
ip address 11.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
bgp 100
peer 1.1.1.9 as-number 100
peer 3.3.3.9 as-number 100
peer 1.1.1.9 connect-interface LoopBack1
peer 3.3.3.9 connect-interface LoopBack1
#
ipv4-family unicast
  undo synchronization
  peer 1.1.1.9 enable
  peer 3.3.3.9 enable
#
ipv4-family vpnv4
  policy vpn-target
  peer 1.1.1.9 enable
  peer 3.3.3.9 enable
#
ipv4-family vpn-instance vpn_in
  peer 110.1.1.1 as-number 65430
  import-route direct
#
ipv4-family vpn-instance vpn_out
  peer 110.2.1.1 as-number 65430
  peer 110.2.1.1 allow-as-loop
  import-route direct
#
ospf 1
area 0.0.0.0
  network 2.2.2.9 0.0.0.0
  network 10.1.1.0 0.0.0.255
  network 11.1.1.0 0.0.0.255
#
return
  • Spoke-CE1的配置文件
#
sysname Spoke-CE1
#
interface GigabitEthernet1/0/0
ip address 100.1.1.1 255.255.255.0
#
interface NULL0
#
bgp 65410
peer 100.1.1.2 as-number 100
#
ipv4-family unicast
  undo synchronization
  import-route direct
  peer 100.1.1.2 enable
#
return
  • Spoke-PE1的配置文件
#
sysname Spoke-PE1
#
ip vpn-instance vpna
route-distinguisher 100:1
vpn-target 100:1 export-extcommunity
vpn-target 200:1 import-extcommunity
#
mpls lsr-id 1.1.1.9
mpls
  lsp-trigger all
#
mpls ldp
#
interface GigabitEthernet1/0/0
ip binding vpn-instance vpna
ip address 100.1.1.2 255.255.255.0
#
interface Pos2/0/0
link-protocol ppp
ip address 10.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
bgp 100
peer 2.2.2.9 as-number 100
peer 2.2.2.9 connect-interface LoopBack1
#
ipv4-family unicast
  undo synchronization
  peer 2.2.2.9 enable
#
ipv4-family vpnv4
  policy vpn-target
  peer 2.2.2.9 enable
#
ipv4-family vpn-instance vpna
  peer 100.1.1.1 as-number 65410
  import-route direct
#
ospf 1
area 0.0.0.0
  network 10.1.1.0 0.0.0.255
  network 1.1.1.9 0.0.0.0
#
return
  • Spoke-PE2的配置文件
#
sysname Spoke-PE2
#
ip vpn-instance vpna
route-distinguisher 100:3
vpn-target 100:1 export-extcommunity
vpn-target 200:1 import-extcommunity
#
mpls lsr-id 3.3.3.9
mpls
  lsp-trigger all
#
mpls ldp
#
interface GigabitEthernet1/0/0
ip binding vpn-instance vpna
ip address 120.1.1.2 255.255.255.0
#
interface Pos2/0/0
link-protocol ppp
ip address 11.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
bgp 100
peer 2.2.2.9 as-number 100
peer 2.2.2.9 connect-interface LoopBack1
#
ipv4-family unicast
  undo synchronization
  peer 2.2.2.9 enable
#
ipv4-family vpnv4
  policy vpn-target
  peer 2.2.2.9 enable
#
ipv4-family vpn-instance vpna
  peer 120.1.1.1 as-number 65420
  import-route direct
#
ospf 1
area 0.0.0.0
  network 3.3.3.9 0.0.0.0
  network 11.1.1.0 0.0.0.255
#
return
  • Spoke-CE2的配置文件
#
sysname Spoke-CE2
#
interface GigabitEthernet1/0/0
ip address 120.1.1.1 255.255.255.0
#
bgp 65420
peer 120.1.1.2 as-number 100
#
ipv4-family unicast
  undo synchronization
  import-route direct
  peer 120.1.1.2 enable
#
Return
配置实例二 组网需求
如上例中的图,Spoke-CE之间的通信通过中心站点Hub-CE控制,即Spoke-CE之间的流量经过Hub-CE转发,而不是只经过Hub-PE转发。要求Hub-CE与Hub-PE之间使用默认路由,Spoke-PE与Spoke-CE之间使用EBGP交换路由信息。
适用产品和版本
CE设备使用NE05、NE08E或NE16E;
PE设备使用NE20、NE40N、E40E或NE80E。
配置步骤
步骤 1     在骨干网上配置IGP协议,实现骨干网Hub-PE和Spoke-PE的互通
本例中采用OSPF,具体配置过程略。
配置完成后,PE之间应能建立OSPF邻居关系,执行display ospf peer命令可以看到邻居状态为Full。执行display ip routing-table命令可以看到PE之间学习到对方的Loopback路由。
步骤 2     在骨干网上配置MPLS基本能力和MPLS LDP,建立LDP LSP
具体配置过程略。
配置完成后,Hub-PE和Spoke-PE之间应该建立起LDP对等体关系,在各路由器上执行display mpls ldp session命令可以看到显示结果中Session State项为“Operational”。
步骤 3     在各PE路由器上配置×××实例,将CE接入PE
说明
注意Hub-PE与Spoke-PE上的××× Target属性设置。
Hub-PE的两个×××实例的×××-target分别为两个Spoke-PE发布的×××-target,且发布的×××-target与接收的×××-target不同。Spoke-PE的×××实例引入的×××-target为Hub-PE发布的×××-target。
# 配置Spoke-PE1。
[Spoke-PE1] ip vpn-instance vpna
[Spoke-PE1-vpn-instance-vpna] route-distinguisher 100:1
[Spoke-PE1-vpn-instance-vpna] vpn-target 100:1 export-extcommunity
[Spoke-PE1-vpn-instance-vpna] vpn-target 200:1 import-extcommunity
[Spoke-PE1-vpn-instance-vpna] quit
[Spoke-PE1] interface gigabitethernet 1/0/0
[Spoke-PE1-GigabitEthernet1/0/0] ip binding vpn-instance vpna
[Spoke-PE1-GigabitEthernet1/0/0] ip address 100.1.1.2 24
[Spoke-PE1-GigabitEthernet1/0/0] quit
# 配置Spoke-PE2。
[Spoke-PE2] ip vpn-instance vpna
[Spoke-PE2-vpn-instance-vpna] route-distinguisher 100:3
[Spoke-PE2-vpn-instance-vpna] vpn-target 100:1 export-extcommunity
[Spoke-PE2-vpn-instance-vpna] vpn-target 200:1 import-extcommunity
[Spoke-PE2-vpn-instance-vpna] quit
[Spoke-PE2] interface gigabitethernet 1/0/0
[Spoke-PE2-GigabitEthernet1/0/0] ip binding vpn-instance vpna
[Spoke-PE2-GigabitEthernet1/0/0] ip address 120.1.1.2 24
[Spoke-PE2-GigabitEthernet1/0/0] quit
# 配置Hub-PE。
[Hub-PE] ip vpn-instance vpn_in
[Hub-PE-vpn-instance-vpn_in] route-distinguisher 100:21
[Hub-PE-vpn-instance-vpn_in] vpn-target 100:1 import-extcommunity
[Hub-PE-vpn-instance-vpn_in] quit
[Hub-PE] ip vpn-instance vpn_out
[Hub-PE-vpn-instance-vpn_out] route-distinguisher 100:22
[Hub-PE-vpn-instance-vpn_out] vpn-target 200:1 export-extcommunity
[Hub-PE-vpn-instance-vpn_out] quit
[Hub-PE] interface gigabitethernet 3/0/0
[Hub-PE-GigabitEthernet3/0/0] ip binding vpn-instance vpn_in
[Hub-PE-GigabitEthernet3/0/0] ip address 110.1.1.2 24
[Hub-PE-GigabitEthernet3/0/0] quit
[Hub-PE] interface gigabitethernet 4/0/0
[Hub-PE-GigabitEthernet4/0/0] ip binding vpn-instance vpn_out
[Hub-PE-GigabitEthernet4/0/0] ip address 110.2.1.2 24
[Hub-PE-GigabitEthernet4/0/0] quit
# 按上图配置各CE的接口IP地址,配置过程略。
配置完成后,在PE路由器上执行display ip vpn-instance verbose命令可以看到×××实例的配置情况。各PE能用命令ping -vpn-instance vpn-name ip-address ping通自己接入的CE。
说明
当PE上有多个绑定了同一个×××的接口,则使用ping -vpn-instance 命令ping对端PE接入的CE时,要指定源IP地址,即要指定ping -vpn-instance vpn-instance-name -a source-ip-address dest-ip-address命令中的参数-a source-ip-address,否则可能ping不通。
步骤 4     在PE之间建立MP-IBGP对等体关系
说明
Spoke-PE上不需要配置允许AS号重复一次,因为路由器接收IBGP对等体发布的路由时并不检查其中的AS-PATH属性。
# 配置Spoke-PE1。
[Spoke-PE1] bgp 100
[Spoke-PE1-bgp] peer 2.2.2.9 as-number 100
[Spoke-PE1-bgp] peer 2.2.2.9 connect-interface loopback 1
[Spoke-PE1-bgp] ipv4-family vpnv4
[Spoke-PE1-bgp-af-vpnv4] peer 2.2.2.9 enable
[Spoke-PE1-bgp-af-vpnv4] quit
# 配置Spoke-PE2。
[Spoke-PE2] bgp 100
[Spoke-PE2-bgp] peer 2.2.2.9 as-number 100
[Spoke-PE2-bgp] peer 2.2.2.9 connect-interface loopback 1
[Spoke-PE2-bgp] ipv4-family vpnv4
[Spoke-PE2-bgp-af-vpnv4] peer 2.2.2.9 enable
[Spoke-PE2-bgp-af-vpnv4] quit
# 配置Hub-PE。
[Hub-PE] bgp 100
[Hub-PE-bgp] peer 1.1.1.9 as-number 100
[Hub-PE-bgp] peer 1.1.1.9 connect-interface loopback 1
[Hub-PE-bgp] peer 3.3.3.9 as-number 100
[Hub-PE-bgp] peer 3.3.3.9 connect-interface loopback 1
[Hub-PE-bgp] ipv4-family vpnv4
[Hub-PE-bgp-af-vpnv4] peer 1.1.1.9 enable
[Hub-PE-bgp-af-vpnv4] peer 3.3.3.9 enable
[Hub-PE-bgp-af-vpnv4] quit
配置完成后,在各PE路由器上执行display bgp peerdisplay bgp vpnv4 all peer命令,可以看到PE之间的BGP对等体关系已建立,并达到Established状态。
步骤 5     在Spoke-PE与Spoke-CE之间建立EBGP对等体关系,引入×××路由
# 配置Spoke-CE1。
[Spoke-CE1] bgp 65410
[Spoke-CE1-bgp] peer 100.1.1.2 as-number 100
[Spoke-CE1-bgp] import-route direct
[Spoke-CE1-bgp] quit
# 配置Spoke-PE1。
[Spoke-PE1] bgp 100
[Spoke-PE1-bgp] ipv4-family vpn-instance vpna
[Spoke-PE1-bgp-vpna] peer 100.1.1.1 as-number 65410
[Spoke-PE1-bgp-vpna] import-route direct
[Spoke-PE1-bgp-vpna] quit
[Spoke-PE1-bgp] quit
# 配置Spoke-CE2。
[Spoke-CE2] bgp 65420
[Spoke-CE2-bgp] peer 120.1.1.2 as-number 100
[Spoke-CE2-bgp] import-route direct
[Spoke-CE2-bgp] quit
# 配置Spoke-PE2。
[Spoke-PE2] bgp 100
[Spoke-PE2-bgp] ipv4-family vpn-instance vpna
[Spoke-PE2-bgp-vpna] peer 120.1.1.1 as-number 65420
[Spoke-PE2-bgp-vpna] import-route direct
[Spoke-PE2-bgp-vpna] quit
[Spoke-PE2-bgp] quit
配置完成后,在各Spoke-PE路由器上执行display bgp vpnv4 all peer命令,可以看到Spoke-PE与其接入的Spoke-CE之间的EBGP对等体关系已建立,并达到Established状态。
步骤 6     在Hub-PE与Hub-CE上配置默认路由
# 配置Hub-CE。
[Hub-CE] ip route-static 0.0.0.0 0 110.2.1.2
# 配置Hub-PE。
# 为vpn_out配置默认路由,下一跳为Hub-CE。
[Hub-PE] ip route-static vpn-instance vpn_out 0.0.0.0 0 110.2.1.1
# 通过MP-IBGP发布该默认路由。
[Hub-PE] bgp 100
[Hub-PE-bgp] ipv4-family vpn-instance vpn_out
[Hub-PE-bgp-vpn_out] network 0.0.0.0 0
# 通过MP-IBGP发布直连路由。
[Hub-PE-bgp-vpn_out] import-route direct
[Hub-PE-bgp-vpn_out] quit
[Hub-PE-bgp] quit
验证结果
完成上述配置后,在Spoke-PE上执行命令display bgp vpnv4 all routing-table查看BGP ×××-IPv4路由,可以发现Hub-PE上vpn_out的默认路由已发布给各Spoke-PE。
Spoke-CE之间可以相互Ping通,使用Tracert可以看到Spoke-CE之间的流量经过Hub-CE转发,也可以通过Ping结果中的TTL值推算Spoke-CE之间经过的转发设备数目。
在Spoke-CE上执行display bgp ip routing-table命令,可以看到对端Spoke-PE通过BGP发布过来的默认路由。执行display ip routing-table命令,可看到有默认路由,下一跳为对端Spoke-PE。
配置文件
  • Hub-CE的配置文件
#
sysname Hub-CE
#
interface GigabitEthernet1/0/0
ip address 110.1.1.1 255.255.255.0
#
interface GigabitEthernet2/0/0
ip address 110.2.1.1 255.255.255.0
#
ip route-static 0.0.0.0 0 110.2.1.2
#
return
  • Hub-PE的配置文件
#
sysname Hub-PE
#
ip vpn-instance vpn_in
route-distinguisher 100:21
vpn-target 100:1 import-extcommunity
#
ip vpn-instance vpn_out
route-distinguisher 100:22
vpn-target 200:1 export-extcommunity
#
mpls lsr-id 2.2.2.9
mpls
  lsp-trigger all
#
mpls ldp
#
interface GigabitEthernet3/0/0
ip binding vpn-instance vpn_in
ip address 110.1.1.2 255.255.255.0
#
interface GigabitEthernet4/0/0
ip binding vpn-instance vpn_out
ip address 110.2.1.2 255.255.255.0
#
interface Pos1/0/0
link-protocol ppp
ip address 10.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Pos2/0/0
link-protocol ppp
ip address 11.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
bgp 100
peer 1.1.1.9 as-number 100
peer 3.3.3.9 as-number 100
peer 1.1.1.9 connect-interface LoopBack1
peer 3.3.3.9 connect-interface LoopBack1
#
ipv4-family unicast
  undo synchronization
  peer 1.1.1.9 enable
  peer 3.3.3.9 enable
#
ipv4-family vpnv4
  policy vpn-target
  peer 1.1.1.9 enable
  peer 3.3.3.9 enable
#
ipv4-family vpn-instance vpn_out
  network 0.0.0.0 0
  import-route direct
#
ospf 1
area 0.0.0.0
  network 2.2.2.9 0.0.0.0
  network 10.1.1.0 0.0.0.255
  network 11.1.1.0 0.0.0.255
#
ip route-static vpn-instance vpn_out 0.0.0.0 0 110.2.1.1
#
return
  • Spoke-CE1的配置文件
#
sysname Spoke-CE1
#
interface GigabitEthernet1/0/0
ip address 100.1.1.1 255.255.255.0
#
interface NULL0
#
bgp 65410
peer 100.1.1.2 as-number 100
#
ipv4-family unicast
  undo synchronization
  import-route direct
  peer 100.1.1.2 enable
#
return
  • Spoke-PE1的配置文件
#
sysname Spoke-PE1
#
ip vpn-instance vpna
route-distinguisher 100:1
vpn-target 100:1 export-extcommunity
vpn-target 200:1 import-extcommunity
#
mpls lsr-id 1.1.1.9
mpls
  lsp-trigger all
#
mpls ldp
#
interface GigabitEthernet1/0/0
ip binding vpn-instance vpna
ip address 100.1.1.2 255.255.255.0
#
interface Pos2/0/0
link-protocol ppp
ip address 10.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
bgp 100
peer 2.2.2.9 as-number 100
peer 2.2.2.9 connect-interface LoopBack1
#
ipv4-family unicast
  undo synchronization
  peer 2.2.2.9 enable
#
ipv4-family vpnv4
  policy vpn-target
  peer 2.2.2.9 enable
#
ipv4-family vpn-instance vpna
  peer 100.1.1.1 as-number 65410
  import-route direct
#
ospf 1
area 0.0.0.0
  network 10.1.1.0 0.0.0.255
  network 1.1.1.9 0.0.0.0
#
return
  • Spoke-PE2的配置文件
#
sysname Spoke-PE2
#
ip vpn-instance vpna
route-distinguisher 100:3
vpn-target 100:1 export-extcommunity
vpn-target 200:1 import-extcommunity
#
mpls lsr-id 3.3.3.9
mpls
  lsp-trigger all
#
mpls ldp
#
interface GigabitEthernet1/0/0
ip binding vpn-instance vpna
ip address 120.1.1.2 255.255.255.0
#
interface Pos2/0/0
link-protocol ppp
ip address 11.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
bgp 100
peer 2.2.2.9 as-number 100
peer 2.2.2.9 connect-interface LoopBack1
#
ipv4-family unicast
  undo synchronization
  peer 2.2.2.9 enable
#
ipv4-family vpnv4
  policy vpn-target
  peer 2.2.2.9 enable
#
ipv4-family vpn-instance vpna
  peer 120.1.1.1 as-number 65420
  import-route direct
#
ospf 1
area 0.0.0.0
  network 3.3.3.9 0.0.0.0
  network 11.1.1.0 0.0.0.255
#
return
  • Spoke-CE2的配置文件
#
sysname Spoke-CE2
#
interface GigabitEthernet1/0/0
ip address 120.1.1.1 255.255.255.0
#
bgp 65420
peer 120.1.1.2 as-number 100
#
ipv4-family unicast
  undo synchronization
  import-route direct
  peer 120.1.1.2 enable
#
return