华为s5700经典配置实例
session 1 mpls-vpn华为
配置步骤思路如下:
1、客户CE网络配置路由协议并宣告内网
2、ISP的PE与P之间配置IGP路由协议保证路由连通
3、ISP的PE针对每一个客户配置一个VRF虚拟路由器,在华为里面叫做vpn instance实例
4、ISP的客户的site所连接的PE之间要创建MP-BGPvpnv4连接,用于传输VRF路由和RT属性
5、PE之间有了MP-BGP_vpn路由后,要把PE上的客户的VRF中的路由重分布到MP-BGP中传输到对端PE
6、PE之间的MP-BGP路由中有了客户的VRF的路由后,PE之间的VRF可以通信,但是客户的CE路由器不知道VRF路由,所以需要在PE上将MP-BGP的路由重分布到客户所使用的协议中去(在PE上配置),让客户的CE能够从PE上学习到VPN的路由条目。达到两端site通信的目的。
配置实例和拓扑:本拓扑中只有一个客户分别有两个site,需要让客户的site之间进行通信,使用mpls-vpn
第一步:客户CE设备配置路由,本例我采用静态
左边site1的CE1
interface GigabitEthernet0/0/0
ip address 12.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 192.168.1.10 255.255.255.0
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
#
ip route-static 0.0.0.0 0.0.0.0 12.1.1.2
#
右边site2的CE2
interface GigabitEthernet0/0/0
ip address 45.1.1.5 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 192.168.2.30 255.255.255.0
#
interface LoopBack0
ip address 5.5.5.5 255.255.255.255
#
ip route-static 0.0.0.0 0.0.0.0 45.1.1.4
#
CE端什么都没有,只有客户自己的路由和一条到达ISP的默认路由
第二步:ISP内部的PE1-P-PE2之间使用IGP连通,并配置MPLS互通
左边PE1的配置
lsp-trigger all //LSP的触发策略:all代表所有静态路由和IGP路由项触发建立LSP
interface GigabitEthernet0/0/0
ip address 23.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
ip binding vpn-instance vpn1 //物理接口划分到vpn-instanc中
ip address 12.1.1.2 255.255.255.0
#
ospf 1 router-id 2.2.2.2
area 0.0.0.0
network 23.1.1.2 0.0.0.0
#
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
ospf enable 1 area 0.0.0.0
#
中间的P路由器的配置
lsp-trigger all
interface GigabitEthernet0/0/0
ip address 23.1.1.3 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
ip address 34.1.1.3 255.255.255.0
mpls
mpls ldp
#
interface LoopBack0
ip address 3.3.3.3 255.255.255.255
ospf enable 1 area 0.0.0.0
#
ospf 1 router-id 3.3.3.3
area 0.0.0.0
network 23.1.1.3 0.0.0.0
network 34.1.1.3 0.0.0.0
#
右边PE2的配置
lsp-trigger all
interface GigabitEthernet0/0/0
ip address 34.1.1.4 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
ip binding vpn-instance vpn1
ip address 45.1.1.4 255.255.255.0
#
ospf 1 router-id 4.4.4.4
area 0.0.0.0
network 34.1.1.4 0.0.0.0
#
interface LoopBack0
ip address 4.4.4.4 255.255.255.255
ospf enable 1 area 0.0.0.0
#
第三步:在PE配置针对于每个客户的vrf虚拟路由表,在华为中是vpan-instance实例,并定义RD和RT
左边PE1
ip vpn-instance 1
#
ip vpn-instance vpn1
ipv4-family
route-distinguisher 1:1
vpn-target 1:1 export-extcommunity
vpn-target 1:1 import-extcommunity
#
右边PE2
ip vpn-instance vpn1
ipv4-family
route-distinguisher 1:1
vpn-target 1:1 export-extcommunity
vpn-target 1:1 import-extcommunity
#
第四步:PE之间创建vpnv4连接,用于相互传递本端vpn-instance中的客户路由
左边PE1的配置
bgp 1
router-id 2.2.2.2
peer 4.4.4.4 as-number 1
peer 4.4.4.4 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
undo peer 4.4.4.4 enable
#
ipv4-family vpnv4
policy vpn-target
peer 4.4.4.4 enable
#
ipv4-family vpn-instance vpn1
import-route static
#
右边PE2的配置
bgp 1
router-id 4.4.4.4
peer 2.2.2.2 as-number 1
peer 2.2.2.2 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
undo peer 2.2.2.2 enable
#
ipv4-family vpnv4
policy vpn-target
peer 2.2.2.2 enable
#
ipv4-family vpn-instance vpn1
import-route static
#
可以用display bgp vpnv4 all peer 查看vpnv4是否成功
BGP local router ID : 2.2.2.2
Local AS number : 1
Total number of peers : 1 Peers in established state : 1
Peer V AS MsgRcvd MsgSent OutQ Up/Down State Pre
fRcv
4.4.4.4 4 1 212 215 0 03:29:28 Established
1
第五步:mpls的vpnv4连接建立后,需要把客户网络的路由通过MP-BGP传递到对端的PE中去形成vpn路由,因为这个时候在PE的vpn路由表中还没有客户的路由条目,可以使用display ip routing-table vpn-instance vpn1 命令查看vpn实例vpn1中的路由条目,所以这个时候PE1的vpn实例中并没有CE1的路由,所以无法通过vpn传递给PE2设备,所以CE1和CE2设备就无法通信。现在需要想办法在PE1的vrf表中添加到达192.168.1.0/24的路由,可以使用静态路由,也可以使用动态路由(使用动态路由,必须PE和CE都要配置相同的IGP路由),本例中使用静态路由添加:
在PE1中:ip route-static vpn-instance vpn1 192.168.1.0 255.255.255.0 12.1.1.1 添加到vrf表
在PE1中查看普通路由和vrf(vpn-instance)中的路由:
display ip routing-table 普通路由表
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 11 Routes : 11
Destination/Mask Proto Pre Cost Flags NextHop Interface
2.2.2.2/32 Direct 0 0 D 127.0.0.1 LoopBack0
3.3.3.3/32 OSPF 10 1 D 23.1.1.3 GigabitEthernet
0/0/0
4.4.4.4/32 OSPF 10 2 D 23.1.1.3 GigabitEthernet
0/0/0
23.1.1.0/24 Direct 0 0 D 23.1.1.2 GigabitEthernet
0/0/0
23.1.1.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
23.1.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
34.1.1.0/24 OSPF 10 2 D 23.1.1.3 GigabitEthernet
0/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
display ip routing-table vpn-instance vpn1 vrf路由表
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: vpn1
Destinations : 6 Routes : 6
Destination/Mask Proto Pre Cost Flags NextHop Interface
12.1.1.0/24 Direct 0 0 D 12.1.1.2 GigabitEthernet
0/0/1
12.1.1.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
12.1.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
192.168.1.0/24 Static 60 0 RD 12.1.1.1 GigabitEthernet
0/0/1
192.168.2.0/24 IBGP 255 0 RD 4.4.4.4 GigabitEthernet
0/0/0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
同理PE2也一样,需要:ip route-static vpn-instance vpn1 192.168.2.0 255.255.255.0 45.1.1.5 添加到达192.168.2.0/24的路由到vrf中
完成后,测试PC1与PC3的通信
PC1>ping 192.168.2.100
Ping 192.168.2.100: 32 data bytes, Press Ctrl_C to break
Request timeout!
From 192.168.2.100: bytes=32 seq=2 ttl=123 time=31 ms
From 192.168.2.100: bytes=32 seq=3 ttl=123 time=31 ms
From 192.168.2.100: bytes=32 seq=4 ttl=123 time=31 ms
From 192.168.2.100: bytes=32 seq=5 ttl=123 time=47 ms
--- 192.168.2.100 ping statistics ---
5 packet(s) transmitted
4 packet(s) received
20.00% packet loss
round-trip min/avg/max = 0/35/47 ms
PC1>
PC1>tracert 192.168.2.100
traceroute to 192.168.2.100, 8 hops max
(ICMP), press Ctrl+C to stop
1 192.168.1.10 16 ms 15 ms 16 ms
2 12.1.1.2 16 ms 15 ms 31 ms
3 23.1.1.3 16 ms 31 ms 31 ms
4 45.1.1.4 32 ms 31 ms 31 ms
5 45.1.1.5 47 ms 31 ms 47 ms
6 192.168.2.100 31 ms 31 ms 16 ms
PC1>
---------------------
版权声明:本文为CSDN博主「alone_map」的原创文章,遵循CC 4.0 by-sa版权协议,转载请附上原文出处链接及本声明。
原文链接:https://blog.csdn.net/alone_map/article/details/52252086