华为MPLS VPN配置实例

总公司与下属分公司需要建立MPLS VPN进行互联,总公司与分公司都包含三个业务,分别为:办公网、财务网、视频网。要求在总公司内部、分公司内部、总公司与分公司之间实现办公网与视频网可互访,财务网与办公网、视频网之间不能互访,总公司财务网只能和分公司的财务网互访。


网络拓扑如图:

image001.png

每个业务对应的VPN实例分别为

1591453967168182.png

Lookback地址规划

2.png

PE1、P、PE2互联地址规划

3.png

PE1与总部各业务CE互联地址规划

4.png

PE2与分公司各业务CE互联地址规划

1591423513382381.png

总公司业务地址规划

6.png

分公司业务地址规划

1591454269878855.png

VPN实例route-distinguisher规划

8.png

VPN实例vpn-target规划

9.png

各业务测试终端地址规划

1591454296967145.png

1、配置MPSL骨干网OSPF协议,使得 PE1、P、PE2之间互通
配置PE1
int loo 0
ip add 1.1.1.1 32
#
interface GigabitEthernet0/0/0
ip add 10.10.10.1 30
ospf network-type p2p
#
ospf
area 0
network 10.10.10.0 0.0.0.3
network 1.1.1.1 0.0.0.0

配置P
int loo 0
ip add 2.2.2.2 32
#
interface GigabitEthernet0/0/0
ip add 10.10.10.2 30
ospf network-type p2p
#
interface GigabitEthernet0/0/1
ip add 20.20.20.2 30
ospf network-type p2p
#
ospf
area 0
network 10.10.10.0 0.0.0.3
network 20.20.20.0 0.0.0.3
network 2.2.2.2 0.0.0.0

配置PE2
int loo 0
ip add 3.3.3.3 32
#
interface GigabitEthernet0/0/1
ip add 20.20.20.1 30
ospf network-type p2p
#
ospf
area 0
network 20.20.20.0 0.0.0.3
network 3.3.3.3 0.0.0.0


完成配置后,查看各设备OSPF邻居状态
PE1上OSPF邻居状态
image003.png
P上OSPF邻居状态
image005.png
PE2上OSPF邻居状态
image007.png
在P上测试路由联通
image009.png

2、配置MPLS骨干网上配置MPLS LDP,建立LSP标签转发通道

配置PE1
mpls lsr-id 1.1.1.1
mpls
mpls ldp
#
interface GigabitEthernet0/0/0
mpls
mpls ldp


配置P
mpls lsr-id 2.2.2.2
mpls
mpls ldp
#
interface GigabitEthernet0/0/0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
mpls
mpls ldp


配置PE2
mpls lsr-id 3.3.3.3
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
mpls
mpls ldp


在P上查看MPLS LDP会话与LSP建立信息
image011.png
image013.png

3、配置PE1与PE2之间的MP-IBGP,建立对等体关系

配置PE1
bgp 100
peer 3.3.3.3 as-number 100
peer 3.3.3.3 connect-interface LoopBack0
ipv4-family vpnv4
 peer 3.3.3.3 enable


配置PE2
bgp 100
peer 1.1.1.1 as-number 100
peer 1.1.1.1 connect-interface LoopBack0
ipv4-family vpnv4
 peer 1.1.1.1 enable


查看BGP对等体建立情况
image015.png

4、配置PE1、PE2上的VPN实例
配置PE1
ip vpn-instance VPN-A
ipv4-family
 route-distinguisher 10:100
 vpn-target 10:100 export-extcommunity
 vpn-target 10:100 import-extcommunity
 vpn-target 30:300 import-extcommunity
#
ip vpn-instance VPN-B
ipv4-family
 route-distinguisher 20:200
 vpn-target 20:200 export-extcommunity
 vpn-target 20:200 import-extcommunity
#
ip vpn-instance VPN-C
ipv4-family
 route-distinguisher 30:300
 vpn-target 30:300 export-extcommunity
 vpn-target 30:300 import-extcommunity
 vpn-target 10:100 import-extcommunity

配置PE2
ip vpn-instance VPN-A
ipv4-family
 route-distinguisher 10:100
 vpn-target 10:100 export-extcommunity
 vpn-target 10:100 import-extcommunity
 vpn-target 30:300 import-extcommunity
#
ip vpn-instance VPN-B
ipv4-family
 route-distinguisher 20:200
 vpn-target 20:200 export-extcommunity
 vpn-target 20:200 import-extcommunity
#
ip vpn-instance VPN-C
ipv4-family
 route-distinguisher 30:300
 vpn-target 30:300 export-extcommunity
 vpn-target 30:300 import-extcommunity
 vpn-target 10:100 import-extcommunity

将与业务CE互联端口绑定到对应的VPN实例上

配置PE1

int g0/0/1
ip binding vpn-instance VPN-A
ip add 70.70.70.1 30
#
int g0/0/2
ip binding vpn-instance VPN-B
ip add 60.60.60.1 30
#
int g3/0/0
ip binding vpn-instance VPN-C
ip add 50.50.50.1 30

配置PE2
int g0/0/0
ip binding vpn-instance VPN-A
ip add 80.80.80.1 30
#
int g0/0/2
ip binding vpn-instance VPN-B
ip add 30.30.30.1 30
#
int g3/0/0
ip binding vpn-instance VPN-C
ip add 40.40.40.1 30


5、配置PE与各业务CE互联

把从对端PE学到的VPNv4路由引入到OSPF中,发布给本端CE
配置PE1
ospf 100 vpn-instance VPN-A
import-route bgp
area 0
network 70.70.70.0 0.0.0.3
#
ospf 200 vpn-instance VPN-B
import-route bgp
area 0
network 60.60.60.0 0.0.0.3
#
ospf 300 vpn-instance VPN-C
import-route bgp
area 0
network 50.50.50.0 0.0.0.3

配置PE2
ospf 100 vpn-instance VPN-A
import-route bgp
area 0
network 80.80.80.0 0.0.0.3
#
ospf 200 vpn-instance VPN-B
import-route bgp
area 0
network 30.30.30.0 0.0.0.3
#
ospf 300 vpn-instance VPN-C
import-route bgp
area 0
network 40.40.40.0 0.0.0.3


把从本端CE学到的VPN路由引入BGP中,形成VPNv4路由发布给对端PE
配置PE1
bgp 100
ipv4-family vpn-instance VPN-A
import-route ospf 100
ipv4-family vpn-instance VPN-B
import-route ospf 200
ipv4-family vpn-instance VPN-C
import-route ospf 300

配置PE2
bgp 100
ipv4-family vpn-instance VPN-A
import-route ospf 100
ipv4-family vpn-instance VPN-B
import-route ospf 200
ipv4-family vpn-instance VPN-C
import-route ospf 300


配置总部办公网CE与PE1互联
int g0/0/0
ip add 70.70.70.2 30
#
int g0/0/1
ip add 171.7.7.254 24
#
ospf 100
area 0
network 70.70.70.0 0.0.0.3
network 171.7.7.0 0.0.0.255


配置总部财务网CE与PE1互联
int g0/0/0
ip add 60.60.60.2 30
#
int g0/0/1
ip add 161.6.6.254 24
#
ospf 200
area 0
network 60.60.60.0 0.0.0.3
network 161.6.6.0 0.0.0.255


配置总部视频网CE与PE1互联
int g0/0/0
ip add 50.50.50.2 30
#
int g0/0/1
ip add 151.5.5.254 24
#
ospf 300
area 0
network 50.50.50.0 0.0.0.3
network 151.5.5.0 0.0.0.255

配置分公司办公网CE与PE2互联
int g0/0/0
ip add 80.80.80.2 30
#
int g0/0/1
ip add 181.8.8.254 24
#
ospf 100
area 0
network 80.80.80.0 0.0.0.3
network 181.8.8.0 0.0.0.255


配置分公司财务网CE与PE2互联
int g0/0/0
ip add 30.30.30.2 30
#
int g0/0/1
ip add 131.3.3.254 24
#
ospf 200
area 0
network 30.30.30.0 0.0.0.3
network 131.3.3.0 0.0.0.255


配置分公司视频网CE与PE2互联
int g0/0/0
ip add 40.40.40.2 30
#
int g0/0/1
ip add 141.4.4.254 24
#
ospf 300
area 0
network 40.40.40.0 0.0.0.3
network 141.4.4.0 0.0.0.255


6、测试结果
查看PE上各VPN实例路由表
PE1办公网VPN实例路由表
image017.png
PE1财务网VPN实例路由表
image019.png
PE1视频网VPN实例路由表
image021.png
PE2办公网VPN实例路由表
image023.png
PE2财务网VPN实例路由表
image025.png
PE2视频网VPN实例路由表
image027.png
终端互访测试
根据预期规划,总部办公网可访问总部的视频网,分公司的办公网、视频网三个业务。总部财务网只能与分公司财务网能互访

总部办公网与总部的视频网
image029.png
总部办公网与分公司办公网
21312312.png
总部办公网与分公司视频网
image031.png
总部财务网与分公司财务网
image033.png
总部财务网与其他业务网
image035.png
测试结果符合预期规划

标签: 华为, MPLS, MPLS VPN, 配置, BGP

添加新评论

captcha

请输入验证码