好消息,超酷的在线虚拟网络实验室上线了!点击开始实验

为获得更好的浏览效果,建议您使用 Firefox 或者 Chrome 浏览器



 

6.1.6 HoVPN典型配置

 

组网需求

以一个包括省骨干和地市的MPLS VPN网络为例:

l                            SPE作为省网的PE设备,接入地市的MPLS VPN网络;

l                            UPE作为下层地市网络的PE设备,最终接入VPN客户。对UPE的性能要求低于对SPE的性能要求。

 

组网图

 

配置步骤

1、配置UPE 1

# 配置MPLS基本能力和MPLS LDP能力,建立LDP LSP。

<UPE1> system-view

[UPE1] interface loopback 0

[UPE1-LoopBack0] ip address 1.1.1.9 32

[UPE1-LoopBack0] quit

[UPE1] mpls lsr-id 1.1.1.9

[UPE1] mpls

[UPE1-mpls] lsp-trigger all

[UPE1-mpls] quit

[UPE1] mpls ldp

[UPE1-mpls-ldp] quit

[UPE1] interface GigabitEthernet 4/1/2

[UPE1-GigabitEthernet4/1/2] ip address 172.1.1.1 24

[UPE1-GigabitEthernet4/1/2] mpls

[UPE1-GigabitEthernet4/1/2] mpls ldp

[UPE1-GigabitEthernet4/1/2] quit

 

# 配置IGP协议,以OSPF为例。

[UPE1] ospf

[UPE1-ospf-1] area 0

[UPE1-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255

[UPE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0

[UPE1-ospf-1-area-0.0.0.0] quit

[UPE1-ospf-1] quit

 

# 配置VPN实例vpn1和vpn2,将CE 1和CE 2接入UPE 1。

[UPE1] ip vpn-instance vpn1

[UPE1-vpn-instance-vpn1] route-distinguisher 100:1

[UPE1-vpn-instance-vpn1] vpn-target 100:1 both

[UPE1-vpn-instance-vpn1] quit

[UPE1] ip vpn-instance vpn2

[UPE1-vpn-instance-vpn2] route-distinguisher 100:2

[UPE1-vpn-instance-vpn2] vpn-target 100:2 both

[UPE1-vpn-instance-vpn2] quit

[UPE1] interface GigabitEthernet 4/1/1

[UPE1-GigabitEthernet4/1/1] ip binding vpn-instance vpn1

[UPE1-GigabitEthernet4/1/1] ip address 10.2.1.2 24

[UPE1-GigabitEthernet4/1/1] quit

[UPE1] interface GigabitEthernet 4/1/2

[UPE1-GigabitEthernet4/1/2] ip binding vpn-instance vpn2

[UPE1-GigabitEthernet4/1/2] ip address 10.4.1.2 24

[UPE1-GigabitEthernet4/1/2] quit

 

# 配置UPE 1与SPE 1建立MP-IBGP对等体,并引入VPN路由。

[UPE1] bgp 100

[UPE1-bgp] peer 2.2.2.9 as-number 100

[UPE1-bgp] import-route direct

[UPE1-bgp] ipv4-family vpnv4

[UPE1-bgp-af-vpnv4] peer 2.2.2.9 enable

[UPE1-bgp-af-vpnv4] quit

[UPE1-bgp] ipv4-family vpn-instance vpn1

[UPE1-bgp-vpn1] peer 10.2.1.1 as-number 65410

[UPE1-bgp-vpn1] import-route direct

[UPE1-bgp-vpn1] quit

[UPE1-bgp] ipv4-family vpn-instance vpn2

[UPE1-bgp-vpn1] peer 10.4.1.1 as-number 65420

[UPE1-bgp-vpn1] import-route direct

[UPE1-bgp-vpn1] quit

[UPE1-bgp] quit

 

2、配置CE 1

<CE1> system-view

[CE1] interface GigabitEthernet 4/1/1

[CE1-GigabitEthernet4/1/1] ip address 10.2.1.1 255.255.255.0

[CE1-GigabitEthernet4/1/1] quit

[CE1] bgp 65410

[CE1-bgp] peer 10.2.1.2 as-number 100

[CE1-bgp] import-route direct

[CE1] quit

 

3、配置CE 2

<CE2> system-view

[CE2] interface GigabitEthernet 4/1/1

[CE2-GigabitEthernet4/1/1] ip address 10.4.1.1 255.255.255.0

[CE2-GigabitEthernet4/1/1] quit

[CE2] bgp 65420

[CE2-bgp] peer 10.4.1.2 as-number 100

[CE2-bgp] import-route direct

[CE2] quit

 

4.配置UPE 2

# 配置MPLS基本能力和MPLS LDP能力,建立LDP LSP。

<UPE2> system-view

[UPE2] interface loopback 0

[UPE2-LoopBack0] ip address 4.4.4.9 32

[UPE2-LoopBack0] quit

[UPE2] mpls lsr-id 4.4.4.9

[UPE2] mpls

[UPE2-mpls] lsp-trigger all

[UPE2-mpls] quit

[UPE2] mpls ldp

[UPE2-mpls-ldp] quit

[UPE2] interface GigabitEthernet 4/1/1

[UPE2-GigabitEthernet4/1/1] ip address 172.2.1.1 24

[UPE2-GigabitEthernet4/1/1] mpls

[UPE2-GigabitEthernet4/1/1] mpls ldp

[UPE2-GigabitEthernet4/1/1] quit

 

# 配置IGP协议,以OSPF为例。

[UPE2] ospf

[UPE2-ospf-1] area 0

[UPE2-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255

[UPE2-ospf-1-area-0.0.0.0] network 4.4.4.9 0.0.0.0

[UPE2-ospf-1-area-0.0.0.0] quit

[UPE2-ospf-1] quit

 

# 配置VPN实例vpn1和vpn2,将CE 3和CE 4接入UPE 2。

[UPE2] ip vpn-instance vpn1

[UPE2-vpn-instance-vpn1] route-distinguisher 300:1

[UPE2-vpn-instance-vpn1] vpn-target 100:1 both

[UPE2-vpn-instance-vpn1] quit

[UPE2] ip vpn-instance vpn2

[UPE2-vpn-instance-vpn2] route-distinguisher 400:2

[UPE2-vpn-instance-vpn2] vpn-target 100:2 both

[UPE2-vpn-instance-vpn2] quit

[UPE2] interface GigabitEthernet 4/1/2

[UPE2-GigabitEthernet4/1/2] ip binding vpn-instance vpn1

[UPE2-GigabitEthernet4/1/2] ip address 10.1.1.2 24

[UPE2-GigabitEthernet4/1/2] quit

[UPE2] interface GigabitEthernet 4/1/3

[UPE2-GigabitEthernet4/1/3] ip binding vpn-instance vpn2

[UPE2-GigabitEthernet4/1/3] ip address 10.3.1.2 24

[UPE2-GigabitEthernet4/1/3] quit

 

# 配置UPE 2与SPE 2建立MP-IBGP对等体,并引入VPN路由。

[UPE2] bgp 100

[UPE2-bgp] peer 3.3.3.9 as-number 100

[UPE2-bgp] import-route direct

[UPE2-bgp] ipv4-family vpnv4

[UPE2-bgp-af-vpnv4] peer 3.3.3.9 enable

[UPE2-bgp-af-vpnv4] quit

[UPE2-bgp] ipv4-family vpn-instance vpn1

[UPE2-bgp-vpn1] peer 10.1.1.1 as-number 65430

[UPE2-bgp-vpn1] import-route direct

[UPE2-bgp-vpn1] quit

[UPE2-bgp] ipv4-family vpn-instance vpn2

[UPE2-bgp-vpn1] peer 10.3.1.1 as-number 65440

[UPE2-bgp-vpn1] import-route direct

[UPE2-bgp-vpn1] quit

[UPE2-bgp] quit

 

5、配置CE 3

<CE3> system-view

[CE3] interface GigabitEthernet 4/1/1

[CE3-GigabitEthernet4/1/1] ip address 10.1.1.1 255.255.255.0

[CE3-GigabitEthernet4/1/1] quit

[CE3] bgp 65430

[CE3-bgp] peer 10.1.1.2 as-number 100

[CE3-bgp] import-route direct

[CE3] quit

 

6、配置CE 4

<CE4> system-view

[CE4] interface GigabitEthernet 4/1/1

[CE4-GigabitEthernet4/1/1] ip address 10.3.1.1 255.255.255.0

[CE4-GigabitEthernet4/1/1] quit

[CE4] bgp 65440

[CE4-bgp] peer 10.3.1.2 as-number 100

[CE4-bgp] import-route direct

[CE4] quit

 

7、配置SPE 1

# 配置MPLS基本能力和MPLS LDP能力,建立LDP LSP。

<SPE1> system-view

[SPE1] interface loopback 0

[SPE1-LoopBack0] ip address 2.2.2.9 32

[SPE1-LoopBack0] quit

[SPE1] mpls lsr-id 2.2.2.9

[SPE1] mpls

[SPE1-mpls] lsp-trigger all

[SPE1-mpls] quit

[SPE1] mpls ldp

[SPE1-mpls-ldp] quit

[SPE1] interface GigabitEthernet 4/1/1

[SPE1-GigabitEthernet4/1/1] ip address 172.1.1.2 24

[SPE1-GigabitEthernet4/1/1] mpls

[SPE1-GigabitEthernet4/1/1] mpls ldp

[SPE1-GigabitEthernet4/1/1] quit

[SPE1] interface GigabitEthernet 4/1/2

[SPE1-GigabitEthernet4/1/2] ip address 180.1.1.1 24

[SPE1-GigabitEthernet4/1/2] mpls

[SPE1-GigabitEthernet4/1/2] mpls ldp

[SPE1-GigabitEthernet4/1/2] quit

 

# 配置IGP协议,以OSPF为例。

[SPE1] ospf

[SPE1-ospf-1] area 0

[SPE1-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0

[SPE1-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255

[SPE1-ospf-1-area-0.0.0.0] network 180.1.1.0 0.0.0.255

[SPE1-ospf-1-area-0.0.0.0] quit

[SPE1-ospf-1] quit

 

# 配置VPN实例vpn1和vpn2。

[SPE1] ip vpn-instance vpn1

[SPE1-vpn-instance-vpn1] route-distinguisher 500:1

[SPE1-vpn-instance-vpn1 ] vpn-target 100:1 both

[SPE1-vpn-instance-vpn1] quit

[SPE1] ip vpn-instance vpn2

[SPE1-vpn-instance-vpn2] route-distinguisher 700:1

[SPE1-vpn-instance-vpn2] vpn-target 100:2 both

[SPE1-vpn-instance-vpn2] quit

 

# 配置SPE 1与UPE 1建立MP-IBGP对等体,指定UPE 1,并引入VPN路由。

[SPE1] bgp 100

[SPE1-bgp] peer 1.1.1.9 as-number 100

[SPE1-bgp] peer 1.1.1.9 connect-interface loopback 0

[SPE1-bgp] peer 1.1.1.9 next-hop-local

[SPE1-bgp] peer 3.3.3.9 as-number 100

[SPE1-bgp] peer 3.3.3.9 connect-interface loopback 0

[SPE1-bgp] ipv4-family vpnv4

[SPE1-bgp-af-vpnv4] peer 3.3.3.9 enable

[SPE1-bgp-af-vpnv4] peer 1.1.1.9 enable

[SPE1-bgp-af-vpnv4] peer 1.1.1.9 upe

[SPE1-bgp-af-vpnv4] peer 1.1.1.9 default-route-advertise vpn-instance vpn1

[SPE1-bgp-af-vpnv4] peer 1.1.1.9 default-route-advertise vpn-instance vpn2

[SPE1-bgp-af-vpnv4] quit

[SPE1-bgp]ipv4-family vpn-instance vpn1

[SPE1-bgp-vpn1] quit

[SPE1-bgp]ipv4-family vpn-instance vpn2

[SPE1-bgp-vpn2] quit

[SPE1-bgp] quit

 

8、配置SPE 2

# 配置MPLS基本能力和MPLS LDP能力,建立LDP LSP。

<SPE2> system-view

[SPE2] interface loopback 0

[SPE2-LoopBack0] ip address 3.3.3.9 32

[SPE2-LoopBack0] quit

[SPE2] mpls lsr-id 3.3.3.9

[SPE2] mpls

[SPE2-mpls] lsp-trigger all

[SPE2-mpls] quit

[SPE2] mpls ldp

[SPE2-mpls-ldp] quit

[SPE2] interface GigabitEthernet 4/1/1

[SPE2-GigabitEthernet4/1/1] ip address 180.1.1.2 24

[SPE2-GigabitEthernet4/1/1] mpls

[SPE2-GigabitEthernet4/1/1] mpls ldp

[SPE2-GigabitEthernet4/1/1] quit

[SPE2] interface GigabitEthernet 4/1/2

[SPE2-GigabitEthernet4/1/2] ip address 172.2.1.2 24

[SPE2-GigabitEthernet4/1/2] mpls

[SPE2-GigabitEthernet4/1/2] mpls ldp

[SPE2-GigabitEthernet4/1/2] quit

 

# 配置IGP协议,以OSPF为例。

[SPE2] ospf

[SPE2-ospf-1] area 0

[SPE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0

[SPE2-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255

[SPE2-ospf-1-area-0.0.0.0] network 180.1.1.0 0.0.0.255

[SPE2-ospf-1-area-0.0.0.0] quit

[SPE2-ospf-1] quit

 

# 配置VPN实例vpn1和vpn2。

[SPE2] ip vpn-instance vpn1

[SPE2-vpn-instance-vpn1] route-distinguisher 600:1

[SPE2-vpn-instance-vpn1 ] vpn-target 100:1 both

[SPE2-vpn-instance-vpn1] quit

[SPE2] ip vpn-instance vpn2

[SPE2-vpn-instance-vpn2] route-distinguisher 800:1

[SPE2-vpn-instance-vpn2] vpn-target 100:2 both

[SPE2-vpn-instance-vpn2] quit

 

# 配置SPE 2与UPE 2建立MP-IBGP对等体,指定UPE 2,并引入VPN路由。

[SPE2] bgp 100

[SPE2-bgp] peer 4.4.4.9 as-number 100

[SPE2-bgp] peer 4.4.4.9 connect-interface loopback 0

[SPE2-bgp] peer 4.4.4.9 next-hop-local

[SPE2-bgp] peer 2.2.2.9 as-number 100

[SPE2-bgp] peer 2.2.2.9 connect-interface loopback 0

[SPE2-bgp] ipv4-family vpnv4

[SPE2-bgp-af-vpnv4] peer 2.2.2.9 enable

[SPE2-bgp-af-vpnv4] peer 4.4.4.9 enable

[SPE2-bgp-af-vpnv4] peer 4.4.4.9 upe

[SPE2-bgp-af-vpnv4] peer 4.4.4.9 default-route-advertise vpn-instance vpn1

[SPE2-bgp-af-vpnv4] peer 4.4.4.9 default-route-advertise vpn-instance vpn2

[SPE2-bgp-af-vpnv4] quit

[SPE2-bgp]ipv4-family vpn-instance vpn1

[SPE2-bgp-vpn1] quit

[SPE2-bgp]ipv4-family vpn-instance vpn2

[SPE2-bgp-vpn2] quit

[SPE2-bgp] quit

 

配置文件

1UPE 1 配置

#

ip vpn-instance vpn1

route-distinguisher 100:1

vpn-target 100:1 export-extcommunity

vpn-target 100:1 import-extcommunity

#

ip vpn-instance vpn2

route-distinguisher 100:2

vpn-target 100:2 export-extcommunity

vpn-target 100:2 import-extcommunity

#

mpls lsr-id 1.1.1.9

#

mpls

lsp-trigger all

#

mpls ldp

#

interface loopback 0

ip address 1.1.1.9 255.255.255.255

#

interface GigabitEthernet 4/1/1

ip binding vpn-instance vpn1

ip address 10.2.1.2 255.255.255.0

#

interface GigabitEthernet4/1/2

ip binding vpn-instance vpn2

ip address 10.4.1.2 255.255.255.0

#

interface GigabitEthernet4/1/3

ip address 172.1.1.1 255.255.255.0

mpls

mpls ldp

#

bgp 100

peer 2.2.2.9 as-number 100

peer 2.2.2.9 connect-interface loopback 0

#

ipv4-family vpnv4

peer 2.2.2.9 enable

#

ipv4-family vpn-instance vpn1

import-route direct

peer 10.2.1.1 as-number 65410

#

ipv4-family vpn-instance vpn2

import-route direct

peer 10.4.1.1 as-number 65420

#

ospf 1

area 0.0.0.0

network 172.1.1.0 0.0.0.255

network 1.1.1.9 0.0.0.0

#

2CE 1 配置

#

interface GigabitEthernet 4/1/1

ip address 10.2.1.1 255.255.255.0

#

bgp 65410

import-route direct

peer 10.2.1.2 as-number 100

#

3CE 2 配置

#

interface GigabitEthernet 4/1/1

ip address 10.4.1.1 255.255.255.0

#

bgp 65420

import-route direct

peer 10.4.1.2 as-number 100

#

4UPE 2 配置

#

ip vpn-instance vpn1

route-distinguisher 300:1

vpn-target 100:1 export-extcommunity

vpn-target 100:1 import-extcommunity

#

ip vpn-instance vpn2

route-distinguisher 400:2

vpn-target 100:2 export-extcommunity

vpn-target 100:2 import-extcommunity

#

mpls lsr-id 4.4.4.9

#

mpls

lsp-trigger all

#

mpls ldp

#

interface loopback 0

ip address 4.4.4.9 255.255.255.255

#

interface GigabitEthernet 4/1/1

ip address 172.2.1.1 255.255.255.0

mpls

mpls ldp

#

interface GigabitEthernet4/1/2

ip binding vpn-instance vpn1

ip address 10.1.1.2 255.255.255.0

#

interface GigabitEthernet4/1/3

ip binding vpn-instance vpn2

ip address 10.3.1.2 255.255.255.0

#

bgp 100

peer 3.3.3.9 as-number 100

peer 3.3.3.9 connect-interface loopback 0

#

ipv4-family vpnv4

peer 3.3.3.9 enable

#

ipv4-family vpn-instance vpn1

import-route direct

peer 10.1.1.1 as-number 65430

#

ipv4-family vpn-instance vpn2

import-route direct

peer 10.3.1.1 as-number 65440

#

ospf 1

area 0.0.0.0

network 172.2.1.0 0.0.0.255

network 4.4.4.9 0.0.0.0

#

5CE 3 配置

#

interface GigabitEthernet 4/1/1

ip address 10.1.1.1 255.255.255.0

#

bgp 65430

import-route direct

peer 10.1.1.2 as-number 100

#

6CE 4 配置

#

interface GigabitEthernet 4/1/1

ip address 10.3.1.1 255.255.255.0

#

bgp 65440

import-route direct

peer 10.3.1.2 as-number 100

#

7SPE 1 配置

#

ip vpn-instance vpn1

route-distinguisher 500:1

vpn-target 100:1 export-extcommunity

vpn-target 100:1 import-extcommunity

#

ip vpn-instance vpn2

route-distinguisher 700:1

vpn-target 100:2 export-extcommunity

vpn-target 100:2 import-extcommunity

#

mpls lsr-id 2.2.2.9

#

mpls

lsp-trigger all

#

mpls ldp

#

interface loopback 0

ip address 2.2.2.9 255.255.255.255

#

interface GigabitEthernet 4/1/1

ip address 172.1.1.2 255.255.255.0

mpls

mpls ldp

#

interface GigabitEthernet4/1/2

ip address 180.1.1.1 255.255.255.0

mpls

mpls ldp

#

bgp 100

peer 1.1.1.9 as-number 100

peer 3.3.3.9 as-number 100

peer 1.1.1.9 connect-interface loopback 0

peer 3.3.3.9 connect-interface loopback 0

#

ipv4-family vpnv4

peer 3.3.3.9 enable

peer 1.1.1.9 enable

peer 1.1.1.9 upe

peer 1.1.1.9 default-route-advertise vpn-instance vpn1

peer 1.1.1.9 default-route-advertise vpn-instance vpn2

#

ipv4-family vpn-instance vpn1

#

ipv4-family vpn-instance vpn2

#

ospf 1

area 0.0.0.0

network 180.1.1.0 0.0.0.255

network 172.1.1.0 0.0.0.255

network 2.2.2.9 0.0.0.0

#

 

9SPE 2 配置

#

ip vpn-instance vpn1

route-distinguisher 600:1

vpn-target 100:1 export-extcommunity

vpn-target 100:1 import-extcommunity

#

ip vpn-instance vpn2

route-distinguisher 800:1

vpn-target 100:2 export-extcommunity

vpn-target 100:2 import-extcommunity

#

mpls lsr-id 3.3.3.9

#

mpls

lsp-trigger all

#

mpls ldp

#

interface loopback 0

ip address 3.3.3.9 255.255.255.255

#

interface GigabitEthernet 4/1/1

ip address 180.1.1.2 255.255.255.0

mpls

mpls ldp

#

interface GigabitEthernet4/1/2

ip address 172.2.1.2 255.255.255.0

mpls

mpls ldp

#

bgp 100

peer 2.2.2.9 as-number 100

peer 4.4.4.9 as-number 100

peer 2.2.2.9 connect-interface loopback 0

peer 4.4.4.9 connect-interface loopback 0

#

ipv4-family vpnv4

peer 2.2.2.9 enable

peer 4.4.4.9 enable

peer 4.4.4.9 upe

peer 4.4.4.9 default-route-advertise vpn-instance vpn1

peer 4.4.4.9 default-route-advertise vpn-instance vpn2

#

ipv4-family vpn-instance vpn1

#

ipv4-family vpn-instance vpn2

#

ospf 1

area 0.0.0.0

network 180.1.1.0 0.0.0.255

network 172.2.1.0 0.0.0.255

network 3.3.3.9 0.0.0.0

#

 

 

 

 

X Close
X Close