组网需求
MPLS L3VPN 基本组网图
如图所示,Customer A和Customer B分别有位于两地的分支机构,现要求通过MPLS L3VPN技
术,实现用户分支机构间路由信息的正常交互,且用户数据可以通过VPN方式在各站点间安全传输,
不会发送至私网IP地址相同的其它用户站点中。
配置思路
- 为了使报文能够通过 MPLS 网络传输,需要在 MPLS 骨干网络中配置 IGP 路由协议,并利用
LDP 分发公网标签,作为 VPN 报文的外层标签。 - 为区分不同用户的路由信息,需要在 PE 上分别创建两个 VPN 实例,并为 VPN 实例配置 RD
和 RT,在各实例内通过 BGP 分别引入不同用户的私网路由。 - 在 PE 设备之间配置 MP-BGP 协议并建立对等体,用于传输 VPN 的私网路由信息并分发内层
标签,即私网标签。
配置步骤
PE1
<PE1>display current-configuration
#
version 7.1.064, Release 0821P11
#
sysname PE1
#
ip vpn-instance customerA
route-distinguisher 100:1
vpn-target 111:1 222:1 import-extcommunity
vpn-target 222:1 export-extcommunity
#
ip vpn-instance customerB
route-distinguisher 200:1
vpn-target 333:1 import-extcommunity
vpn-target 444:1 export-extcommunity
#
ospf 1 router-id 1.1.1.1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 10.1.1.1 0.0.0.0
#
mpls lsr-id 1.1.1.1
#
system-working-mode standard
xbar load-single
password-recovery enable
lpu-type f-series
#
vlan 1
#
mpls ldp
#
interface Serial1/0
#
interface Serial2/0
#
interface Serial3/0
#
interface Serial4/0
#
interface NULL0
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
#
interface GigabitEthernet0/0
port link-mode route
combo enable copper
ip binding vpn-instance customerA
ip address 100.1.1.2 255.255.255.0
#
interface GigabitEthernet0/1
port link-mode route
combo enable copper
ip binding vpn-instance customerB
ip address 200.1.1.2 255.255.255.0
#
interface GigabitEthernet0/2
port link-mode route
combo enable copper
ip address 10.1.1.1 255.255.255.0
mpls enable
mpls ldp enable
#
interface GigabitEthernet5/0
port link-mode route
combo enable copper
#
interface GigabitEthernet5/1
port link-mode route
combo enable copper
#
interface GigabitEthernet6/0
port link-mode route
combo enable copper
#
interface GigabitEthernet6/1
port link-mode route
combo enable copper
#
bgp 100
router-id 1.1.1.1
peer 3.3.3.3 as-number 100
peer 3.3.3.3 connect-interface LoopBack0
#
address-family vpnv4
peer 3.3.3.3 enable
#
ip vpn-instance customerA
peer 100.1.1.1 as-number 65410
#
address-family ipv4 unicast
import-route direct
peer 100.1.1.1 enable
#
ip vpn-instance customerB
peer 200.1.1.1 as-number 65410
#
address-family ipv4 unicast
import-route direct
peer 200.1.1.1 enable
#
scheduler logfile size 16
#
line class aux
user-role network-operator
#
line class console
user-role network-admin
#
line class tty
user-role network-operator
#
line class vty
user-role network-operator
#
line aux 0
user-role network-operator
#
line con 0
user-role network-admin
#
line vty 0 63
user-role network-operator
#
domain system
#
domain default enable system
#
role name level-0
description Predefined level-0 role
#
role name level-1
description Predefined level-1 role
#
role name level-2
description Predefined level-2 role
#
role name level-3
description Predefined level-3 role
#
role name level-4
description Predefined level-4 role
#
role name level-5
description Predefined level-5 role
#
role name level-6
description Predefined level-6 role
#
role name level-7
description Predefined level-7 role
#
role name level-8
description Predefined level-8 role
#
role name level-9
description Predefined level-9 role
#
role name level-10
description Predefined level-10 role
#
role name level-11
description Predefined level-11 role
#
role name level-12
description Predefined level-12 role
#
role name level-13
description Predefined level-13 role
#
role name level-14
description Predefined level-14 role
#
user-group system
#
return
P
<P>display current-configuration
#
version 7.1.064, Release 0821P11
#
sysname P
#
ospf 1 router-id 2.2.2.2
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 10.1.1.2 0.0.0.0
network 10.1.4.1 0.0.0.0
#
mpls lsr-id 2.2.2.2
#
system-working-mode standard
xbar load-single
password-recovery enable
lpu-type f-series
#
vlan 1
#
mpls ldp
#
interface Serial1/0
#
interface Serial2/0
#
interface Serial3/0
#
interface Serial4/0
#
interface NULL0
#
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
#
interface GigabitEthernet0/0
port link-mode route
combo enable copper
ip address 10.1.1.2 255.255.255.0
mpls enable
mpls ldp enable
#
interface GigabitEthernet0/1
port link-mode route
combo enable copper
ip address 10.1.4.1 255.255.255.0
mpls enable
mpls ldp enable
#
interface GigabitEthernet0/2
port link-mode route
combo enable copper
#
interface GigabitEthernet5/0
port link-mode route
combo enable copper
#
interface GigabitEthernet5/1
port link-mode route
combo enable copper
#
interface GigabitEthernet6/0
port link-mode route
combo enable copper
#
interface GigabitEthernet6/1
port link-mode route
combo enable copper
#
scheduler logfile size 16
#
line class aux
user-role network-operator
#
line class console
user-role network-admin
#
line class tty
user-role network-operator
#
line class vty
user-role network-operator
#
line aux 0
user-role network-operator
#
line con 0
user-role network-admin
#
line vty 0 63
user-role network-operator
#
domain system
#
domain default enable system
#
role name level-0
description Predefined level-0 role
#
role name level-1
description Predefined level-1 role
#
role name level-2
description Predefined level-2 role
#
role name level-3
description Predefined level-3 role
#
role name level-4
description Predefined level-4 role
#
role name level-5
description Predefined level-5 role
#
role name level-6
description Predefined level-6 role
#
role name level-7
description Predefined level-7 role
#
role name level-8
description Predefined level-8 role
#
role name level-9
description Predefined level-9 role
#
role name level-10
description Predefined level-10 role
#
role name level-11
description Predefined level-11 role
#
role name level-12
description Predefined level-12 role
#
role name level-13
description Predefined level-13 role
#
role name level-14
description Predefined level-14 role
#
user-group system
#
return
PE2
<PE2>display current-configuration
#
version 7.1.064, Release 0821P11
#
sysname PE2
#
ip vpn-instance customerA
route-distinguisher 100:1
vpn-target 222:1 import-extcommunity
vpn-target 111:1 export-extcommunity
#
ip vpn-instance customerB
route-distinguisher 200:1
vpn-target 444:1 import-extcommunity
vpn-target 333:1 export-extcommunity
#
ospf 1 router-id 3.3.3.3
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 10.1.4.2 0.0.0.0
#
mpls lsr-id 3.3.3.3
#
system-working-mode standard
xbar load-single
password-recovery enable
lpu-type f-series
#
vlan 1
#
mpls ldp
#
interface Serial1/0
#
interface Serial2/0
#
interface Serial3/0
#
interface Serial4/0
#
interface NULL0
#
interface LoopBack0
ip address 3.3.3.3 255.255.255.255
#
interface GigabitEthernet0/0
port link-mode route
combo enable copper
ip address 10.1.4.2 255.255.255.0
mpls enable
mpls ldp enable
#
interface GigabitEthernet0/1
port link-mode route
combo enable copper
ip binding vpn-instance customerA
ip address 101.1.1.1 255.255.255.0
#
interface GigabitEthernet0/2
port link-mode route
combo enable copper
ip binding vpn-instance customerB
ip address 202.1.1.2 255.255.255.0
#
interface GigabitEthernet5/0
port link-mode route
combo enable copper
#
interface GigabitEthernet5/1
port link-mode route
combo enable copper
#
interface GigabitEthernet6/0
port link-mode route
combo enable copper
#
interface GigabitEthernet6/1
port link-mode route
combo enable copper
#
bgp 100
router-id 3.3.3.3
peer 1.1.1.1 as-number 100
peer 1.1.1.1 connect-interface LoopBack0
#
address-family vpnv4
peer 1.1.1.1 enable
#
ip vpn-instance customerA
peer 101.1.1.2 as-number 65430
#
address-family ipv4 unicast
import-route direct
peer 101.1.1.2 enable
#
ip vpn-instance customerB
peer 202.1.1.1 as-number 65430
#
address-family ipv4 unicast
import-route direct
peer 202.1.1.1 enable
#
scheduler logfile size 16
#
line class aux
user-role network-operator
#
line class console
user-role network-admin
#
line class tty
user-role network-operator
#
line class vty
user-role network-operator
#
line aux 0
user-role network-operator
#
line con 0
user-role network-admin
#
line vty 0 63
user-role network-operator
#
domain system
#
domain default enable system
#
role name level-0
description Predefined level-0 role
#
role name level-1
description Predefined level-1 role
#
role name level-2
description Predefined level-2 role
#
role name level-3
description Predefined level-3 role
#
role name level-4
description Predefined level-4 role
#
role name level-5
description Predefined level-5 role
#
role name level-6
description Predefined level-6 role
#
role name level-7
description Predefined level-7 role
#
role name level-8
description Predefined level-8 role
#
role name level-9
description Predefined level-9 role
#
role name level-10
description Predefined level-10 role
#
role name level-11
description Predefined level-11 role
#
role name level-12
description Predefined level-12 role
#
role name level-13
description Predefined level-13 role
#
role name level-14
description Predefined level-14 role
#
user-group system
#
return
CE1
<CE1>display current-configuration
#
version 7.1.064, Release 0821P11
#
sysname CE1
#
system-working-mode standard
xbar load-single
password-recovery enable
lpu-type f-series
#
vlan 1
#
interface Serial1/0
#
interface Serial2/0
#
interface Serial3/0
#
interface Serial4/0
#
interface NULL0
#
interface LoopBack0
ip address 172.16.0.1 255.255.255.0
#
interface GigabitEthernet0/0
port link-mode route
combo enable copper
ip address 100.1.1.1 255.255.255.0
#
interface GigabitEthernet0/1
port link-mode route
combo enable copper
#
interface GigabitEthernet0/2
port link-mode route
combo enable copper
#
interface GigabitEthernet5/0
port link-mode route
combo enable copper
#
interface GigabitEthernet5/1
port link-mode route
combo enable copper
#
interface GigabitEthernet6/0
port link-mode route
combo enable copper
#
interface GigabitEthernet6/1
port link-mode route
combo enable copper
#
bgp 65410
peer 100.1.1.2 as-number 100
#
address-family ipv4 unicast
import-route direct
peer 100.1.1.2 enable
#
scheduler logfile size 16
#
line class aux
user-role network-operator
#
line class console
user-role network-admin
#
line class tty
user-role network-operator
#
line class vty
user-role network-operator
#
line aux 0
user-role network-operator
#
line con 0
user-role network-admin
#
line vty 0 63
user-role network-operator
#
domain system
#
domain default enable system
#
role name level-0
description Predefined level-0 role
#
role name level-1
description Predefined level-1 role
#
role name level-2
description Predefined level-2 role
#
role name level-3
description Predefined level-3 role
#
role name level-4
description Predefined level-4 role
#
role name level-5
description Predefined level-5 role
#
role name level-6
description Predefined level-6 role
#
role name level-7
description Predefined level-7 role
#
role name level-8
description Predefined level-8 role
#
role name level-9
description Predefined level-9 role
#
role name level-10
description Predefined level-10 role
#
role name level-11
description Predefined level-11 role
#
role name level-12
description Predefined level-12 role
#
role name level-13
description Predefined level-13 role
#
role name level-14
description Predefined level-14 role
#
user-group system
#
return
CE2
<CE2>display current-configuration
#
version 7.1.064, Release 0821P11
#
sysname CE2
#
system-working-mode standard
xbar load-single
password-recovery enable
lpu-type f-series
#
vlan 1
#
interface Serial1/0
#
interface Serial2/0
#
interface Serial3/0
#
interface Serial4/0
#
interface NULL0
#
interface LoopBack0
ip address 172.16.0.1 255.255.255.0
#
interface GigabitEthernet0/0
port link-mode route
combo enable copper
ip address 200.1.1.1 255.255.255.0
#
interface GigabitEthernet0/1
port link-mode route
combo enable copper
#
interface GigabitEthernet0/2
port link-mode route
combo enable copper
#
interface GigabitEthernet5/0
port link-mode route
combo enable copper
#
interface GigabitEthernet5/1
port link-mode route
combo enable copper
#
interface GigabitEthernet6/0
port link-mode route
combo enable copper
#
interface GigabitEthernet6/1
port link-mode route
combo enable copper
#
bgp 65410
peer 200.1.1.2 as-number 100
#
address-family ipv4 unicast
import-route direct
peer 200.1.1.2 enable
#
scheduler logfile size 16
#
line class aux
user-role network-operator
#
line class console
user-role network-admin
#
line class tty
user-role network-operator
#
line class vty
user-role network-operator
#
line aux 0
user-role network-operator
#
line con 0
user-role network-admin
#
line vty 0 63
user-role network-operator
#
domain system
#
domain default enable system
#
role name level-0
description Predefined level-0 role
#
role name level-1
description Predefined level-1 role
#
role name level-2
description Predefined level-2 role
#
role name level-3
description Predefined level-3 role
#
role name level-4
description Predefined level-4 role
#
role name level-5
description Predefined level-5 role
#
role name level-6
description Predefined level-6 role
#
role name level-7
description Predefined level-7 role
#
role name level-8
description Predefined level-8 role
#
role name level-9
description Predefined level-9 role
#
role name level-10
description Predefined level-10 role
#
role name level-11
description Predefined level-11 role
#
role name level-12
description Predefined level-12 role
#
role name level-13
description Predefined level-13 role
#
role name level-14
description Predefined level-14 role
#
user-group system
#
return
CE3
<CE3>dis current-configuration
#
version 7.1.064, Release 0821P11
#
sysname CE3
#
system-working-mode standard
xbar load-single
password-recovery enable
lpu-type f-series
#
vlan 1
#
interface Serial1/0
#
interface Serial2/0
#
interface Serial3/0
#
interface Serial4/0
#
interface NULL0
#
interface LoopBack0
ip address 172.16.1.1 255.255.255.0
#
interface GigabitEthernet0/0
port link-mode route
combo enable copper
ip address 101.1.1.2 255.255.255.0
#
interface GigabitEthernet0/1
port link-mode route
combo enable copper
#
interface GigabitEthernet0/2
port link-mode route
combo enable copper
#
interface GigabitEthernet5/0
port link-mode route
combo enable copper
#
interface GigabitEthernet5/1
port link-mode route
combo enable copper
#
interface GigabitEthernet6/0
port link-mode route
combo enable copper
#
interface GigabitEthernet6/1
port link-mode route
combo enable copper
#
bgp 65430
peer 101.1.1.1 as-number 100
#
address-family ipv4 unicast
import-route direct
peer 101.1.1.1 enable
#
scheduler logfile size 16
#
line class aux
user-role network-operator
#
line class console
user-role network-admin
#
line class tty
user-role network-operator
#
line class vty
user-role network-operator
#
line aux 0
user-role network-operator
#
line con 0
user-role network-admin
#
line vty 0 63
user-role network-operator
#
domain system
#
domain default enable system
#
role name level-0
description Predefined level-0 role
#
role name level-1
description Predefined level-1 role
#
role name level-2
description Predefined level-2 role
#
role name level-3
description Predefined level-3 role
#
role name level-4
description Predefined level-4 role
#
role name level-5
description Predefined level-5 role
#
role name level-6
description Predefined level-6 role
#
role name level-7
description Predefined level-7 role
#
role name level-8
description Predefined level-8 role
#
role name level-9
description Predefined level-9 role
#
role name level-10
description Predefined level-10 role
#
role name level-11
description Predefined level-11 role
#
role name level-12
description Predefined level-12 role
#
role name level-13
description Predefined level-13 role
#
role name level-14
description Predefined level-14 role
#
user-group system
#
return
CE4
<CE4>display current-configuration
#
version 7.1.064, Release 0821P11
#
sysname CE4
#
system-working-mode standard
xbar load-single
password-recovery enable
lpu-type f-series
#
vlan 1
#
interface Serial1/0
#
interface Serial2/0
#
interface Serial3/0
#
interface Serial4/0
#
interface NULL0
#
interface LoopBack0
ip address 172.16.1.1 255.255.255.0
#
interface GigabitEthernet0/0
port link-mode route
combo enable copper
ip address 202.1.1.1 255.255.255.0
#
interface GigabitEthernet0/1
port link-mode route
combo enable copper
#
interface GigabitEthernet0/2
port link-mode route
combo enable copper
#
interface GigabitEthernet5/0
port link-mode route
combo enable copper
#
interface GigabitEthernet5/1
port link-mode route
combo enable copper
#
interface GigabitEthernet6/0
port link-mode route
combo enable copper
#
interface GigabitEthernet6/1
port link-mode route
combo enable copper
#
bgp 65430
peer 202.1.1.2 as-number 100
#
address-family ipv4 unicast
import-route direct
peer 202.1.1.2 enable
#
scheduler logfile size 16
#
line class aux
user-role network-operator
#
line class console
user-role network-admin
#
line class tty
user-role network-operator
#
line class vty
user-role network-operator
#
line aux 0
user-role network-operator
#
line con 0
user-role network-admin
#
line vty 0 63
user-role network-operator
#
domain system
#
domain default enable system
#
role name level-0
description Predefined level-0 role
#
role name level-1
description Predefined level-1 role
#
role name level-2
description Predefined level-2 role
#
role name level-3
description Predefined level-3 role
#
role name level-4
description Predefined level-4 role
#
role name level-5
description Predefined level-5 role
#
role name level-6
description Predefined level-6 role
#
role name level-7
description Predefined level-7 role
#
role name level-8
description Predefined level-8 role
#
role name level-9
description Predefined level-9 role
#
role name level-10
description Predefined level-10 role
#
role name level-11
description Predefined level-11 role
#
role name level-12
description Predefined level-12 role
#
role name level-13
description Predefined level-13 role
#
role name level-14
description Predefined level-14 role
#
user-group system
#
return
