组网需求
- PE1和PE2位于一级运营商的MPLS骨干网
- VPN2属于二级运营商的一个VPN,其CE1与一级运营商的PE1相连
- CE2和CE3属于用户设备,CE2与一级运营商的PE2相连,CE3与二级运营商的CE1相连
- CE2和CE3属于同一个VPN,为VPN1,要求他们之间互通
- PE1上没有与CE3的直连的接口,无法将VPN实例与物理接口进行绑定,通过建立GRE隧道实现
组网拓扑
配置思路
- 在一级运营商的骨干网设备PE1和PE2上运行OSPF协议(进程为10)实现互通,使能MPLS
- PE1上配置VPN2,PE1、CE1、CE2上运行OSPF协议(进程为20)实现互通
- CE3与PE1之间建立隧道
- PE1与PE2之间建立VPN1实例,并绑定PE1的GRE隧道接口,PE2上绑定与CE2连接的物理接口
- 配置CE与PE间路由,使用IS-IS协议
- 在PE之间配置BGP,实现CE2与CE3之间互通
配置命令
配置路由器基本功能以及各个接口IP地址
PE1配置
1
2
3
4
5
6
7
8
9sys
sys PE1
int g0/0/0
ip add 110.1.1.1 30
int g0/0/1
ip add 50.1.1.1 30
int LoopBack 0
ip add 1.1.1.9 32
PE2配置
1
2
3
4
5
6
7
8
9sys
sys PE2
int g0/0/0
ip add 110.1.1.2 30
int g0/0/1
ip add 11.1.1.1 30
int LoopBack 0
ip add 3.3.3.9 32
CE1配置
1
2
3
4
5
6
7sys
sys CE1
int g0/0/0
ip add 30.1.1.2 30
int g0/0/1
ip add 50.1.1.2 30
CE2配置
1
2
3
4
5
6
7sys
sys CE2
int g0/0/0
ip add 41.1.1.1 30
int g0/0/1
ip add 11.1.1.2 30
CE3配置
1
2
3
4
5
6
7sys
sys CE3
int g0/0/0
ip add 30.1.1.1 30
int g0/0/1
ip add 21.1.1.1 30
配置PE1与PE2之间OSPF协议,进程为10,实现互通,并使能MPLS
PE1配置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16sys
ospf 10
area 0
network 1.1.1.9 0.0.0.0
network 110.1.1.0 0.0.0.3
mpls lsr-id 1.1.1.9
mpls
lsp-trigger all
quit
mpls ldp
int g0/0/0
mpls
mpls ldp
PE2配置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15sys
ospf 10
area 0
network 3.3.3.9 0.0.0.0
network 110.1.1.0 0.0.0.3
mpls lsr-id 3.3.3.9
mpls
lsp-trigger all
mpls ldp
int g0/0/0
mpls
mpls ldp
PE1与PE2上配置VPN实例并绑定相应接口
PE1配置
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19sys
ip vpn-instance vpn2
route-distinguisher 100:2
vpn-tartget 222:2 export-excommunity
vpn-tartget 222:2 import-excommunity
quit
int g0/0/1
ip binding vpn-instance vpn2
ip add 50.1.1.1 30
ip vpn-instance vpn1
route-distinguisher 100:1
vpn-target 111:1 export-excommunity
vpn-target 111:1 import-excommunity
int Tunnel 0/0/0
ip binding vpn-instance vpn1
PE2配置
1
2
3
4
5
6
7
8
9
10sys
ip vpn-instance vpn1
route-distinguisher 200:1
vpn-target 111:1 export-excommunity
vpn-target 111:1 import-excommunity
int g0/0/1
ip binding vpn-instance vpn1
ip add 11.1.1.1 30
配置PE1、CE1、CE3之间网络互通(OSPF协议,进程为20)
PE1配置
1
2
3
4
5sys
ospf 20 vpn-instance vpn2
area 0
network 50.1.1.0 0.0.0.3
CE1配置
1
2
3
4
5
6sys
ospf 20
area 0
network 50.1.1.0 0.0.0.3
network 30.1.1.0 0.0.0.3
CE3配置
1
2
3
4
5sys
ospf 20
area 0
network 30.1.1.0 0.0.0.3
配置PE2、CE2之间网络互通(IS-IS协议,区域为50)
PE2配置
1
2
3
4
5
6
7
8sys
isis 50 vpn-instance vpn1
network-entity 50.0000.0000.0003.00
int g0/0/1
isis enable 50
isis small-hello
CE2配置
1
2
3
4
5
6
7
8
9
10
11
12sys
isis 50
network-entity 50.0000.0000.0004.00
int g0/0/0
isis enable 50
isis small-hello
int g0/0/1
isis enable 50
isis small-hello
配置GRE隧道,实现PE1与CE3之间直连
PE1配置
1
2
3
4
5
6
7sys
int Tunnel 0/0/0
ip add 2.2.2.2 30
tunnel-protocol gre
soruce 50.1.1.1
destination vpn-instance vpn2 30.1.1.1
CE3配置
1
2
3
4
5
6
7sys
int Tunnel 0/0/0
ip add 2.2.2.1 30
tunnel-protocol gre
source 30.1.1.1
destination 50.1.1.1
配置Tunnel间路由协议
PE1配置
1
2
3
4
5
6
7
8sys
isis 50 vpn-instance vpn1
network-entity 50.0000.0000.0002.00
int Tunnel 0/0/0
isis enable 50
isis small-hello
CE3配置
1
2
3
4
5
6
7
8sys
isis 50
network-entity 50.0000.0000.0001.00
int Tunnel 0/0/0
isis enable 50
isis small-hello
配置PE1与PE2之间的BGP协议,实现MP-BGP(VPNv4),并在VPN实例中引入到CE的路由
PE1配置
1
2
3
4
5
6
7
8
9
10
11sys
bgp 100
peer 3.3.3.9 as-number 100
peer 3.3.3.9 connetct-interface LoopBack 0
ipv4-family vpnv4
peer 3.3.3.9 enable
ipv4-family vpn-instance vpn1
import-route isis 50
PE2配置
1
2
3
4
5
6
7
8
9
10
11sys
bgp 100
peer 1.1.1.9 as-number 100
peer 1.1.1.9 connect-interface LoopBack 0
ipv4-family vpnv4
peer 1.1.1.9 enable
ipv4-family vpn-instance vpn1
import-route isis 50
在PE与CE间网络引入BGP
PE1配置
1
2
3
4sys
isis 50
import-route bgp
PE2配置
1
2
3
4sys
isis 50
import-route bgp
查看结果
查看VPN路由表
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19display ip routing-table vpn-instance vpn1
<PE1>dis ip routing-table vpn-instance vpn1
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: vpn1
Destinations : 7 Routes : 7
Destination/Mask Proto Pre Cost Flags NextHop Interface
2.2.2.0/30 Direct 0 0 D 2.2.2.2 Tunnel0/0/0
2.2.2.2/32 Direct 0 0 D 127.0.0.1 Tunnel0/0/0
2.2.2.3/32 Direct 0 0 D 127.0.0.1 Tunnel0/0/0
11.1.1.0/30 IBGP 255 0 RD 3.3.3.9 GigabitEthernet
0/0/0
21.1.1.0/30 ISIS-L1 15 20 D 2.2.2.1 Tunnel0/0/0
41.1.1.0/30 IBGP 255 20 RD 3.3.3.9 GigabitEthernet
0/0/0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoo
查看IP路由表
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33dis ip routing-table
<CE3>dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 16 Routes : 16
Destination/Mask Proto Pre Cost Flags NextHop Interface
2.2.2.0/30 Direct 0 0 D 2.2.2.1 Tunnel0/0/0
2.2.2.1/32 Direct 0 0 D 127.0.0.1 Tunnel0/0/0
2.2.2.3/32 Direct 0 0 D 127.0.0.1 Tunnel0/0/0
11.1.1.0/30 ISIS-L2 15 74 D 2.2.2.2 Tunnel0/0/0
21.1.1.0/30 Direct 0 0 D 21.1.1.1 GigabitEthernet
0/0/1
21.1.1.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
21.1.1.3/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
30.1.1.0/30 Direct 0 0 D 30.1.1.1 GigabitEthernet
0/0/0
30.1.1.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
30.1.1.3/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
41.1.1.0/30 ISIS-L2 15 74 D 2.2.2.2 Tunnel0/0/0
50.1.1.0/30 OSPF 10 2 D 30.1.1.2 GigabitEthernet
0/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
