MPLS VPN 实验

❸杨开泰

已于 2025-01-18 20:12:05 修改

阅读量576

点赞数 27

CC 4.0 BY-SA版权

分类专栏：华为数通文章标签：网络

于 2025-01-18 20:10:47 首次发布

本文链接：https://blog.youkuaiyun.com/shangdichengfo/article/details/145231671

华为数通专栏收录该内容

21 篇文章

订阅专栏

P互联地址、BGP AS号如图所示。R3为VPN路由反射器，R2、R4为R3的客户端。BGP AS 65100内通过IS-IS构建底层网络。R2、R4是MPLS VPN网络的PE设备，R1、R5为Finance VPN的CE设备，R1、R6、R7为OA VPN的CE设备。

实验要求

某企业网络有一个总部（Headquarter）与3个分支，其中分支一（Branch1）的主要业务是财务，分支二（Branch2）与分支三（Branch3）的主要业务是企业办公业务。

企业总部需要接收分支一、分支二、分支三的路由条目，分支一不允许接收分支二与分支三的路由条目。该企业骨干网规模较大，所以需要使用VPN RR简化配置。

R1配置

[BEGIN] 2025-01-18 20:07:40
<R1>DIS CU
#
sysname R1
#
router id 10.10.10.1
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher OOCM4m($F4ajUn1vMEIBNUw#
local-user admin service-type http
#
firewall zone Local
priority 16
#
interface Ethernet0/0/0
#
interface Ethernet0/0/1
#
interface Serial0/0/0
link-protocol ppp
#
interface Serial0/0/1
link-protocol ppp
#
interface Serial0/0/2
link-protocol ppp
#
interface Serial0/0/3
link-protocol ppp
#
interface GigabitEthernet0/0/0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
ip address 10.0.12.1 255.255.255.0
#
interface GigabitEthernet0/0/3
#
wlan
#
interface NULL0
#
interface LoopBack0
ip address 10.10.10.1 255.255.255.255
#
ospf 1
area 0.0.0.0
network 10.10.10.1 0.0.0.0
network 10.0.12.0 0.0.0.255
#
user-interface con 0
user-interface vty 0 4
user-interface vty 16 20
#
return

[END] 2025-01-18 20:07:50

R2配置.

[BEGIN] 2025-01-18 20:07:14

<R2>DIS CU
#
sysname R2
#
router id 10.10.10.2
#
ip vpn-instance Finance&OA
ipv4-family
route-distinguisher 65100:12
vpn-target 65100:12 65001:65002 export-extcommunity
vpn-target 65100:12 65001:65002 import-extcommunity
#
ip vpn-instance OA
ipv4-family
route-distinguisher 65001:2
vpn-target 65001:65002 export-extcommunity
vpn-target 65001:65002 import-extcommunity
#
mpls lsr-id 10.10.10.2
mpls
#
mpls ldp
#
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher OOCM4m($F4ajUn1vMEIBNUw#
local-user admin service-type http
#
isis 1
is-level level-2
cost-style wide
network-entity 49.0001.0100.1001.0002.00
is-name R2
#
firewall zone Local
priority 16
#
monitor-group ldp
#
interface Ethernet0/0/0
#
interface Ethernet0/0/1
#
interface Serial0/0/0
link-protocol ppp
#
interface Serial0/0/1
link-protocol ppp
#
interface Serial0/0/2
link-protocol ppp
#
interface Serial0/0/3
link-protocol ppp
#
interface GigabitEthernet0/0/0
ip binding vpn-instance OA
ip address 10.0.27.2 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 10.0.24.2 255.255.255.0
isis enable 1
mpls
mpls ldp
#
interface GigabitEthernet0/0/2
ip address 10.0.23.2 255.255.255.0
isis enable 1
mpls
mpls ldp
#
interface GigabitEthernet0/0/3
ip binding vpn-instance Finance&OA
ip address 10.0.12.2 255.255.255.0
#
wlan
#
interface NULL0
#
interface LoopBack0
ip address 10.10.10.2 255.255.255.255
isis enable 1
#
bgp 65100
undo default ipv4-unicast
peer 10.10.10.3 as-number 65100
peer 10.10.10.3 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
undo peer 10.10.10.3 enable
#
ipv4-family vpnv4
policy vpn-target
peer 10.10.10.3 enable
#
ipv4-family vpn-instance Finance&OA
network 10.10.10.1 255.255.255.255
#
ipv4-family vpn-instance OA
peer 10.0.27.7 as-number 65001
#
ospf 1 vpn-instance Finance&OA
import-route bgp
area 0.0.0.0
network 10.0.12.0 0.0.0.255
#
user-interface con 0
user-interface vty 0 4
user-interface vty 16 20
#
return

[END] 2025-01-18 20:07:28
R3配置

[BEGIN] 2025-01-18 20:06:52
<R3>DIS CU
#
sysname R3
#
mpls lsr-id 10.10.10.3
mpls
#
mpls ldp
#
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher OOCM4m($F4ajUn1vMEIBNUw#
local-user admin service-type http
#
isis 1
is-level level-2
cost-style wide
network-entity 49.0001.0100.1001.0003.00
is-name R3
#
firewall zone Local
priority 16
#
interface Ethernet0/0/0
#
interface Ethernet0/0/1
#
interface Serial0/0/0
link-protocol ppp
#
interface Serial0/0/1
link-protocol ppp
#
interface Serial0/0/2
link-protocol ppp
#
interface Serial0/0/3
link-protocol ppp
#
interface GigabitEthernet0/0/0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
ip address 10.0.34.3 255.255.255.0
isis enable 1
mpls
mpls ldp
#
interface GigabitEthernet0/0/3
ip address 10.0.23.3 255.255.255.0
isis enable 1
mpls
mpls ldp
#
wlan
#
interface NULL0
#
interface LoopBack0
ip address 10.10.10.3 255.255.255.255
isis enable 1
#
bgp 65100
undo default ipv4-unicast
peer 10.10.10.2 as-number 65100
peer 10.10.10.2 connect-interface LoopBack0
peer 10.10.10.4 as-number 65100
peer 10.10.10.4 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
undo peer 10.10.10.2 enable
undo peer 10.10.10.4 enable
#
ipv4-family vpnv4
undo policy vpn-target
peer 10.10.10.2 enable
peer 10.10.10.2 reflect-client
peer 10.10.10.4 enable
peer 10.10.10.4 reflect-client
#
user-interface con 0
user-interface vty 0 4
user-interface vty 16 20
#
return

[END] 2025-01-18 20:07:03

R4配置

[BEGIN] 2025-01-18 20:06:27
<R4>
<R4>DIS CU
#
sysname R4
#
router id 10.10.10.4
#
ip vpn-instance Finance
ipv4-family
route-distinguisher 65100:1
vpn-target 65100:12 export-extcommunity
vpn-target 65100:12 import-extcommunity
#
ip vpn-instance OA
ipv4-family
route-distinguisher 65002:2
vpn-target 65001:65002 export-extcommunity
vpn-target 65001:65002 import-extcommunity
#
mpls lsr-id 10.10.10.4
mpls
#
mpls ldp
#
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher OOCM4m($F4ajUn1vMEIBNUw#
local-user admin service-type http
#
isis 1
is-level level-2
cost-style wide
network-entity 49.0001.0100.1001.0004.00
is-name R4
#
firewall zone Local
priority 16
#
interface Ethernet0/0/0
#
interface Ethernet0/0/1
#
interface Serial0/0/0
link-protocol ppp
#
interface Serial0/0/1
link-protocol ppp
#
interface Serial0/0/2
link-protocol ppp
#
interface Serial0/0/3
link-protocol ppp
#
interface GigabitEthernet0/0/0
ip binding vpn-instance OA
ip address 10.0.46.4 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 10.0.24.4 255.255.255.0
isis enable 1
mpls
mpls ldp
#
interface GigabitEthernet0/0/2
ip binding vpn-instance Finance
ip address 10.0.45.4 255.255.255.0
#
interface GigabitEthernet0/0/3
ip address 10.0.34.4 255.255.255.0
isis enable 1
mpls
mpls ldp
#
wlan
#
interface NULL0
#
interface LoopBack0
ip address 10.10.10.4 255.255.255.255
isis enable 1
#
bgp 65100
undo default ipv4-unicast
peer 10.10.10.3 as-number 65100
peer 10.10.10.3 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
undo peer 10.10.10.3 enable
#
ipv4-family vpnv4
undo policy vpn-target
peer 10.10.10.3 enable
#
ipv4-family vpn-instance Finance
network 10.10.10.5 255.255.255.255
#
ipv4-family vpn-instance OA
peer 10.0.46.6 as-number 65002
#
ospf 1 vpn-instance Finance
import-route bgp
area 0.0.0.0
network 10.0.45.0 0.0.0.255
#
user-interface con 0
user-interface vty 0 4
user-interface vty 16 20
#
return

[END] 2025-01-18 20:06:41
R5配置

[BEGIN] 2025-01-18 20:05:55
<R5>DIS CU
#
sysname R5
#
router id 10.10.10.5
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher OOCM4m($F4ajUn1vMEIBNUw#
local-user admin service-type http
#
firewall zone Local
priority 16
#
interface Ethernet0/0/0
#
interface Ethernet0/0/1
#
interface Serial0/0/0
link-protocol ppp
#
interface Serial0/0/1
link-protocol ppp
#
interface Serial0/0/2
link-protocol ppp
#
interface Serial0/0/3
link-protocol ppp
#
interface GigabitEthernet0/0/0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/3
ip address 10.0.45.5 255.255.255.0
#
wlan
#
interface NULL0
#
interface LoopBack0
ip address 10.10.10.5 255.255.255.255
#
ospf 1
area 0.0.0.0
network 10.10.10.5 0.0.0.0
network 10.0.45.0 0.0.0.255
#
user-interface con 0
user-interface vty 0 4
user-interface vty 16 20
#
return

[END] 2025-01-18 20:06:06
R6配置

[BEGIN] 2025-01-18 20:05:31

<R6>DIS CU
#
sysname R6
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher OOCM4m($F4ajUn1vMEIBNUw#
local-user admin service-type http
#
firewall zone Local
priority 16
#
interface Ethernet0/0/0
#
interface Ethernet0/0/1
#
interface Serial0/0/0
link-protocol ppp
#
interface Serial0/0/1
link-protocol ppp
#
interface Serial0/0/2
link-protocol ppp
#
interface Serial0/0/3
link-protocol ppp
#
interface GigabitEthernet0/0/0
ip address 10.0.46.6 255.255.255.0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/3
#
wlan
#
interface NULL0
#
interface LoopBack0
ip address 10.10.10.6 255.255.255.255
#
bgp 65002
peer 10.0.46.4 as-number 65100
#
ipv4-family unicast
undo synchronization
network 10.10.10.6 255.255.255.255
peer 10.0.46.4 enable
#
user-interface con 0
user-interface vty 0 4
user-interface vty 16 20
#
return

[END] 2025-01-18 20:05:42

R7配置

[BEGIN] 2025-01-18 20:05:08
<R7>DIS CU
#
sysname R7
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher OOCM4m($F4ajUn1vMEIBNUw#
local-user admin service-type http
#
firewall zone Local
priority 16
#
interface Ethernet0/0/0
#
interface Ethernet0/0/1
#
interface Serial0/0/0
link-protocol ppp
#
interface Serial0/0/1
link-protocol ppp
#
interface Serial0/0/2
link-protocol ppp
#
interface Serial0/0/3
link-protocol ppp
#
interface GigabitEthernet0/0/0
ip address 10.0.27.7 255.255.255.0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface GigabitEthernet0/0/3
#
wlan
#
interface NULL0
#
interface LoopBack0
ip address 10.10.10.7 255.255.255.255
#
bgp 65001
peer 10.0.27.2 as-number 65100
#
ipv4-family unicast
undo synchronization
network 10.10.10.7 255.255.255.255
peer 10.0.27.2 enable
#
user-interface con 0
user-interface vty 0 4
user-interface vty 16 20
#
return