6.1.6
HoVPN典型配置
以一个包括省骨干和地市的MPLS VPN网络为例:
l
SPE作为省网的PE设备,接入地市的MPLS VPN网络;
l
UPE作为下层地市网络的PE设备,最终接入VPN客户。对UPE的性能要求低于对SPE的性能要求。
#
配置MPLS基本能力和MPLS LDP能力,建立LDP LSP。
<UPE1>
system-view
[UPE1]
interface loopback 0
[UPE1-LoopBack0]
ip address 1.1.1.9 32
[UPE1-LoopBack0]
quit
[UPE1]
mpls lsr-id 1.1.1.9
[UPE1]
mpls
[UPE1-mpls]
lsp-trigger all
[UPE1-mpls]
quit
[UPE1]
mpls ldp
[UPE1-mpls-ldp]
quit
[UPE1]
interface GigabitEthernet
[UPE1-GigabitEthernet4/1/2]
ip address 172.1.1.1 24
[UPE1-GigabitEthernet4/1/2]
mpls
[UPE1-GigabitEthernet4/1/2]
mpls ldp
[UPE1-GigabitEthernet4/1/2]
quit
#
配置IGP协议,以OSPF为例。
[UPE1]
ospf
[UPE1-ospf-1]
area 0
[UPE1-ospf-1-area-0.0.0.0]
network 172.1.1.0 0.0.0.255
[UPE1-ospf-1-area-0.0.0.0]
network 1.1.1.9 0.0.0.0
[UPE1-ospf-1-area-0.0.0.0]
quit
[UPE1-ospf-1]
quit
#
配置VPN实例vpn1和vpn2,将CE 1和CE 2接入UPE 1。
[UPE1]
ip vpn-instance vpn1
[UPE1-vpn-instance-vpn1]
route-distinguisher 100:1
[UPE1-vpn-instance-vpn1]
vpn-target 100:1 both
[UPE1-vpn-instance-vpn1]
quit
[UPE1]
ip vpn-instance vpn2
[UPE1-vpn-instance-vpn2]
route-distinguisher 100:2
[UPE1-vpn-instance-vpn2]
vpn-target 100:2 both
[UPE1-vpn-instance-vpn2]
quit
[UPE1]
interface GigabitEthernet 4/1/1
[UPE1-GigabitEthernet4/1/1]
ip binding vpn-instance vpn1
[UPE1-GigabitEthernet4/1/1]
ip address 10.2.1.2 24
[UPE1-GigabitEthernet4/1/1]
quit
[UPE1]
interface GigabitEthernet 4/1/2
[UPE1-GigabitEthernet4/1/2]
ip binding vpn-instance vpn2
[UPE1-GigabitEthernet4/1/2]
ip address 10.4.1.2 24
[UPE1-GigabitEthernet4/1/2]
quit
#
配置UPE 1与SPE 1建立MP-IBGP对等体,并引入VPN路由。
[UPE1]
bgp 100
[UPE1-bgp]
peer 2.2.2.9 as-number 100
[UPE1-bgp]
import-route direct
[UPE1-bgp]
ipv4-family vpnv4
[UPE1-bgp-af-vpnv4]
peer 2.2.2.9 enable
[UPE1-bgp-af-vpnv4]
quit
[UPE1-bgp]
ipv4-family vpn-instance vpn1
[UPE1-bgp-vpn1]
peer 10.2.1.1 as-number 65410
[UPE1-bgp-vpn1]
import-route direct
[UPE1-bgp-vpn1]
quit
[UPE1-bgp]
ipv4-family vpn-instance vpn2
[UPE1-bgp-vpn1]
peer 10.4.1.1 as-number 65420
[UPE1-bgp-vpn1]
import-route direct
[UPE1-bgp-vpn1]
quit
[UPE1-bgp]
quit
2、配置CE
1
<CE1>
system-view
[CE1]
interface GigabitEthernet 4/1/1
[CE1-GigabitEthernet4/1/1]
ip address 10.2.1.1 255.255.255.0
[CE1-GigabitEthernet4/1/1]
quit
[CE1]
bgp 65410
[CE1-bgp]
peer 10.2.1.2 as-number 100
[CE1-bgp]
import-route direct
[CE1]
quit
3、配置CE 2
<CE2>
system-view
[CE2]
interface GigabitEthernet 4/1/1
[CE2-GigabitEthernet4/1/1]
ip address 10.4.1.1 255.255.255.0
[CE2-GigabitEthernet4/1/1]
quit
[CE2]
bgp 65420
[CE2-bgp]
peer 10.4.1.2 as-number 100
[CE2-bgp]
import-route direct
[CE2]
quit
4.配置UPE 2
#
配置MPLS基本能力和MPLS LDP能力,建立LDP LSP。
<UPE2>
system-view
[UPE2]
interface loopback 0
[UPE2-LoopBack0]
ip address 4.4.4.9 32
[UPE2-LoopBack0]
quit
[UPE2]
mpls lsr-id 4.4.4.9
[UPE2]
mpls
[UPE2-mpls]
lsp-trigger all
[UPE2-mpls]
quit
[UPE2]
mpls ldp
[UPE2-mpls-ldp]
quit
[UPE2]
interface GigabitEthernet
[UPE2-GigabitEthernet4/1/1]
ip address 172.2.1.1 24
[UPE2-GigabitEthernet4/1/1]
mpls
[UPE2-GigabitEthernet4/1/1]
mpls ldp
[UPE2-GigabitEthernet4/1/1]
quit
#
配置IGP协议,以OSPF为例。
[UPE2]
ospf
[UPE2-ospf-1]
area 0
[UPE2-ospf-1-area-0.0.0.0]
network 172.2.1.0 0.0.0.255
[UPE2-ospf-1-area-0.0.0.0]
network 4.4.4.9 0.0.0.0
[UPE2-ospf-1-area-0.0.0.0]
quit
[UPE2-ospf-1]
quit
#
配置VPN实例vpn1和vpn2,将CE 3和CE 4接入UPE 2。
[UPE2]
ip vpn-instance vpn1
[UPE2-vpn-instance-vpn1]
route-distinguisher 300:1
[UPE2-vpn-instance-vpn1]
vpn-target 100:1 both
[UPE2-vpn-instance-vpn1]
quit
[UPE2]
ip vpn-instance vpn2
[UPE2-vpn-instance-vpn2]
route-distinguisher 400:2
[UPE2-vpn-instance-vpn2]
vpn-target 100:2 both
[UPE2-vpn-instance-vpn2]
quit
[UPE2]
interface GigabitEthernet 4/1/2
[UPE2-GigabitEthernet4/1/2]
ip binding vpn-instance vpn1
[UPE2-GigabitEthernet4/1/2]
ip address 10.1.1.2 24
[UPE2-GigabitEthernet4/1/2]
quit
[UPE2]
interface GigabitEthernet 4/1/3
[UPE2-GigabitEthernet4/1/3]
ip binding vpn-instance vpn2
[UPE2-GigabitEthernet4/1/3]
ip address 10.3.1.2 24
[UPE2-GigabitEthernet4/1/3]
quit
#
配置UPE 2与SPE 2建立MP-IBGP对等体,并引入VPN路由。
[UPE2]
bgp 100
[UPE2-bgp]
peer 3.3.3.9 as-number 100
[UPE2-bgp]
import-route direct
[UPE2-bgp]
ipv4-family vpnv4
[UPE2-bgp-af-vpnv4]
peer 3.3.3.9 enable
[UPE2-bgp-af-vpnv4]
quit
[UPE2-bgp]
ipv4-family vpn-instance vpn1
[UPE2-bgp-vpn1]
peer 10.1.1.1 as-number 65430
[UPE2-bgp-vpn1]
import-route direct
[UPE2-bgp-vpn1]
quit
[UPE2-bgp]
ipv4-family vpn-instance vpn2
[UPE2-bgp-vpn1]
peer 10.3.1.1 as-number 65440
[UPE2-bgp-vpn1]
import-route direct
[UPE2-bgp-vpn1]
quit
[UPE2-bgp]
quit
5、配置CE 3
<CE3>
system-view
[CE3]
interface GigabitEthernet 4/1/1
[CE3-GigabitEthernet4/1/1]
ip address 10.1.1.1 255.255.255.0
[CE3-GigabitEthernet4/1/1]
quit
[CE3]
bgp 65430
[CE3-bgp]
peer 10.1.1.2 as-number 100
[CE3-bgp]
import-route direct
[CE3]
quit
6、配置CE 4
<CE4>
system-view
[CE4]
interface GigabitEthernet 4/1/1
[CE4-GigabitEthernet4/1/1]
ip address 10.3.1.1 255.255.255.0
[CE4-GigabitEthernet4/1/1]
quit
[CE4]
bgp 65440
[CE4-bgp]
peer 10.3.1.2 as-number 100
[CE4-bgp]
import-route direct
[CE4]
quit
7、配置SPE 1
#
配置MPLS基本能力和MPLS LDP能力,建立LDP LSP。
<SPE1>
system-view
[SPE1]
interface loopback 0
[SPE1-LoopBack0]
ip address 2.2.2.9 32
[SPE1-LoopBack0]
quit
[SPE1]
mpls lsr-id 2.2.2.9
[SPE1]
mpls
[SPE1-mpls]
lsp-trigger all
[SPE1-mpls]
quit
[SPE1]
mpls ldp
[SPE1-mpls-ldp]
quit
[SPE1]
interface GigabitEthernet
[SPE1-GigabitEthernet4/1/1]
ip address 172.1.1.2 24
[SPE1-GigabitEthernet4/1/1]
mpls
[SPE1-GigabitEthernet4/1/1]
mpls ldp
[SPE1-GigabitEthernet4/1/1]
quit
[SPE1]
interface GigabitEthernet
[SPE1-GigabitEthernet4/1/2]
ip address 180.1.1.1 24
[SPE1-GigabitEthernet4/1/2]
mpls
[SPE1-GigabitEthernet4/1/2]
mpls ldp
[SPE1-GigabitEthernet4/1/2]
quit
#
配置IGP协议,以OSPF为例。
[SPE1]
ospf
[SPE1-ospf-1]
area 0
[SPE1-ospf-1-area-0.0.0.0]
network 2.2.2.9 0.0.0.0
[SPE1-ospf-1-area-0.0.0.0]
network 172.1.1.0 0.0.0.255
[SPE1-ospf-1-area-0.0.0.0]
network 180.1.1.0 0.0.0.255
[SPE1-ospf-1-area-0.0.0.0]
quit
[SPE1-ospf-1]
quit
#
配置VPN实例vpn1和vpn2。
[SPE1]
ip vpn-instance vpn1
[SPE1-vpn-instance-vpn1]
route-distinguisher 500:1
[SPE1-vpn-instance-vpn1
] vpn-target 100:1 both
[SPE1-vpn-instance-vpn1]
quit
[SPE1]
ip vpn-instance vpn2
[SPE1-vpn-instance-vpn2]
route-distinguisher 700:1
[SPE1-vpn-instance-vpn2]
vpn-target 100:2 both
[SPE1-vpn-instance-vpn2]
quit
#
配置SPE 1与UPE 1建立MP-IBGP对等体,指定UPE 1,并引入VPN路由。
[SPE1]
bgp 100
[SPE1-bgp]
peer 1.1.1.9 as-number 100
[SPE1-bgp]
peer 1.1.1.9 connect-interface loopback 0
[SPE1-bgp]
peer 1.1.1.9 next-hop-local
[SPE1-bgp]
peer 3.3.3.9 as-number 100
[SPE1-bgp]
peer 3.3.3.9 connect-interface loopback 0
[SPE1-bgp]
ipv4-family vpnv4
[SPE1-bgp-af-vpnv4]
peer 3.3.3.9 enable
[SPE1-bgp-af-vpnv4]
peer 1.1.1.9 enable
[SPE1-bgp-af-vpnv4]
peer 1.1.1.9 upe
[SPE1-bgp-af-vpnv4]
peer 1.1.1.9 default-route-advertise vpn-instance vpn1
[SPE1-bgp-af-vpnv4]
peer 1.1.1.9 default-route-advertise vpn-instance vpn2
[SPE1-bgp-af-vpnv4]
quit
[SPE1-bgp]ipv4-family
vpn-instance vpn1
[SPE1-bgp-vpn1]
quit
[SPE1-bgp]ipv4-family
vpn-instance vpn2
[SPE1-bgp-vpn2]
quit
[SPE1-bgp]
quit
8、配置SPE 2
#
配置MPLS基本能力和MPLS LDP能力,建立LDP LSP。
<SPE2>
system-view
[SPE2]
interface loopback 0
[SPE2-LoopBack0]
ip address 3.3.3.9 32
[SPE2-LoopBack0]
quit
[SPE2]
mpls lsr-id 3.3.3.9
[SPE2]
mpls
[SPE2-mpls]
lsp-trigger all
[SPE2-mpls]
quit
[SPE2]
mpls ldp
[SPE2-mpls-ldp]
quit
[SPE2]
interface GigabitEthernet
[SPE2-GigabitEthernet4/1/1]
ip address 180.1.1.2 24
[SPE2-GigabitEthernet4/1/1]
mpls
[SPE2-GigabitEthernet4/1/1]
mpls ldp
[SPE2-GigabitEthernet4/1/1]
quit
[SPE2]
interface GigabitEthernet
[SPE2-GigabitEthernet4/1/2]
ip address 172.2.1.2 24
[SPE2-GigabitEthernet4/1/2]
mpls
[SPE2-GigabitEthernet4/1/2]
mpls ldp
[SPE2-GigabitEthernet4/1/2]
quit
#
配置IGP协议,以OSPF为例。
[SPE2]
ospf
[SPE2-ospf-1]
area 0
[SPE2-ospf-1-area-0.0.0.0]
network 3.3.3.9 0.0.0.0
[SPE2-ospf-1-area-0.0.0.0]
network 172.2.1.0 0.0.0.255
[SPE2-ospf-1-area-0.0.0.0]
network 180.1.1.0 0.0.0.255
[SPE2-ospf-1-area-0.0.0.0]
quit
[SPE2-ospf-1]
quit
#
配置VPN实例vpn1和vpn2。
[SPE2]
ip vpn-instance vpn1
[SPE2-vpn-instance-vpn1]
route-distinguisher 600:1
[SPE2-vpn-instance-vpn1
] vpn-target 100:1 both
[SPE2-vpn-instance-vpn1]
quit
[SPE2]
ip vpn-instance vpn2
[SPE2-vpn-instance-vpn2]
route-distinguisher 800:1
[SPE2-vpn-instance-vpn2]
vpn-target 100:2 both
[SPE2-vpn-instance-vpn2]
quit
#
配置SPE 2与UPE 2建立MP-IBGP对等体,指定UPE 2,并引入VPN路由。
[SPE2]
bgp 100
[SPE2-bgp]
peer 4.4.4.9 as-number 100
[SPE2-bgp]
peer 4.4.4.9 connect-interface loopback 0
[SPE2-bgp]
peer 4.4.4.9 next-hop-local
[SPE2-bgp]
peer 2.2.2.9 as-number 100
[SPE2-bgp]
peer 2.2.2.9 connect-interface loopback 0
[SPE2-bgp]
ipv4-family vpnv4
[SPE2-bgp-af-vpnv4]
peer 2.2.2.9 enable
[SPE2-bgp-af-vpnv4]
peer 4.4.4.9 enable
[SPE2-bgp-af-vpnv4]
peer 4.4.4.9 upe
[SPE2-bgp-af-vpnv4]
peer 4.4.4.9 default-route-advertise vpn-instance vpn1
[SPE2-bgp-af-vpnv4]
peer 4.4.4.9 default-route-advertise vpn-instance vpn2
[SPE2-bgp-af-vpnv4]
quit
[SPE2-bgp]ipv4-family
vpn-instance vpn1
[SPE2-bgp-vpn1]
quit
[SPE2-bgp]ipv4-family
vpn-instance vpn2
[SPE2-bgp-vpn2]
quit
[SPE2-bgp]
quit
1、UPE
1 配置
#
ip
vpn-instance vpn1
route-distinguisher
100:1
vpn-target
100:1 export-extcommunity
vpn-target
100:1 import-extcommunity
#
ip
vpn-instance vpn2
route-distinguisher
100:2
vpn-target
100:2 export-extcommunity
vpn-target
100:2 import-extcommunity
#
mpls
lsr-id 1.1.1.9
#
mpls
lsp-trigger
all
#
mpls
ldp
#
interface
loopback 0
ip
address 1.1.1.9 255.255.255.255
#
interface
GigabitEthernet
ip
binding vpn-instance vpn1
ip
address 10.2.1.2 255.255.255.0
#
interface
GigabitEthernet4/1/2
ip
binding vpn-instance vpn2
ip
address 10.4.1.2 255.255.255.0
#
interface
GigabitEthernet4/1/3
ip
address 172.1.1.1 255.255.255.0
mpls
mpls
ldp
#
bgp
100
peer
2.2.2.9 as-number 100
peer
2.2.2.9 connect-interface loopback 0
#
ipv4-family
vpnv4
peer
2.2.2.9 enable
#
ipv4-family
vpn-instance vpn1
import-route
direct
peer
10.2.1.1 as-number 65410
#
ipv4-family
vpn-instance vpn2
import-route
direct
peer
10.4.1.1 as-number 65420
#
ospf
1
area
0.0.0.0
network
172.1.1.0 0.0.0.255
network
1.1.1.9 0.0.0.0
#
2、CE 1
配置
#
interface
GigabitEthernet
ip
address 10.2.1.1 255.255.255.0
#
bgp
65410
import-route
direct
peer
10.2.1.2 as-number 100
#
3、CE 2
配置
#
interface
GigabitEthernet
ip
address 10.4.1.1 255.255.255.0
#
bgp
65420
import-route
direct
peer
10.4.1.2 as-number 100
#
4、UPE 2 配置
#
ip
vpn-instance vpn1
route-distinguisher
300:1
vpn-target
100:1 export-extcommunity
vpn-target
100:1 import-extcommunity
#
ip
vpn-instance vpn2
route-distinguisher
400:2
vpn-target
100:2 export-extcommunity
vpn-target
100:2 import-extcommunity
#
mpls
lsr-id 4.4.4.9
#
mpls
lsp-trigger
all
#
mpls
ldp
#
interface
loopback 0
ip
address 4.4.4.9 255.255.255.255
#
interface
GigabitEthernet
ip
address 172.2.1.1 255.255.255.0
mpls
mpls
ldp
#
interface
GigabitEthernet4/1/2
ip
binding vpn-instance vpn1
ip
address 10.1.1.2 255.255.255.0
#
interface
GigabitEthernet4/1/3
ip
binding vpn-instance vpn2
ip
address 10.3.1.2 255.255.255.0
#
bgp
100
peer
3.3.3.9 as-number 100
peer
3.3.3.9 connect-interface loopback 0
#
ipv4-family
vpnv4
peer
3.3.3.9 enable
#
ipv4-family
vpn-instance vpn1
import-route
direct
peer
10.1.1.1 as-number 65430
#
ipv4-family
vpn-instance vpn2
import-route
direct
peer
10.3.1.1 as-number 65440
#
ospf
1
area
0.0.0.0
network
172.2.1.0 0.0.0.255
network
4.4.4.9 0.0.0.0
#
5、CE 3
配置
#
interface
GigabitEthernet
ip
address 10.1.1.1 255.255.255.0
#
bgp
65430
import-route
direct
peer
10.1.1.2 as-number 100
#
6、CE 4
配置
#
interface
GigabitEthernet
ip
address 10.3.1.1 255.255.255.0
#
bgp
65440
import-route
direct
peer
10.3.1.2 as-number 100
#
7、SPE 1
配置
#
ip
vpn-instance vpn1
route-distinguisher
500:1
vpn-target
100:1 export-extcommunity
vpn-target
100:1 import-extcommunity
#
ip
vpn-instance vpn2
route-distinguisher
700:1
vpn-target
100:2 export-extcommunity
vpn-target
100:2 import-extcommunity
#
mpls
lsr-id 2.2.2.9
#
mpls
lsp-trigger
all
#
mpls
ldp
#
interface
loopback 0
ip
address 2.2.2.9 255.255.255.255
#
interface
GigabitEthernet
ip
address 172.1.1.2 255.255.255.0
mpls
mpls
ldp
#
interface
GigabitEthernet4/1/2
ip
address 180.1.1.1 255.255.255.0
mpls
mpls
ldp
#
bgp
100
peer
1.1.1.9 as-number 100
peer
3.3.3.9 as-number 100
peer
1.1.1.9 connect-interface loopback 0
peer
3.3.3.9 connect-interface loopback 0
#
ipv4-family
vpnv4
peer
3.3.3.9 enable
peer
1.1.1.9 enable
peer
1.1.1.9 upe
peer
1.1.1.9 default-route-advertise vpn-instance vpn1
peer
1.1.1.9 default-route-advertise vpn-instance vpn2
#
ipv4-family
vpn-instance vpn1
#
ipv4-family
vpn-instance vpn2
#
ospf
1
area
0.0.0.0
network
180.1.1.0 0.0.0.255
network
172.1.1.0 0.0.0.255
network
2.2.2.9 0.0.0.0
#
9、SPE 2
配置
#
ip
vpn-instance vpn1
route-distinguisher
600:1
vpn-target
100:1 export-extcommunity
vpn-target
100:1 import-extcommunity
#
ip
vpn-instance vpn2
route-distinguisher
800:1
vpn-target
100:2 export-extcommunity
vpn-target
100:2 import-extcommunity
#
mpls
lsr-id 3.3.3.9
#
mpls
lsp-trigger
all
#
mpls
ldp
#
interface
loopback 0
ip
address 3.3.3.9 255.255.255.255
#
interface
GigabitEthernet
ip
address 180.1.1.2 255.255.255.0
mpls
mpls
ldp
#
interface
GigabitEthernet4/1/2
ip
address 172.2.1.2 255.255.255.0
mpls
mpls
ldp
#
bgp
100
peer
2.2.2.9 as-number 100
peer
4.4.4.9 as-number 100
peer
2.2.2.9 connect-interface loopback 0
peer
4.4.4.9 connect-interface loopback 0
#
ipv4-family
vpnv4
peer
2.2.2.9 enable
peer
4.4.4.9 enable
peer
4.4.4.9 upe
peer
4.4.4.9 default-route-advertise vpn-instance vpn1
peer
4.4.4.9 default-route-advertise vpn-instance vpn2
#
ipv4-family
vpn-instance vpn1
#
ipv4-family
vpn-instance vpn2
#
ospf
1
area
0.0.0.0
network
180.1.1.0 0.0.0.255
network
172.2.1.0 0.0.0.255
network
3.3.3.9 0.0.0.0
#