企业网络项目-MPLS+VPN配置-eolink官网

企业网络项目-MPLS+VPN配置

最近几年网络技术发展迅速，很多技术已经更新换代了。

因为MPLS的价格问题，已经很少使用了，现在很多企业都在使用SD-WLAN。

国内的SD-WLAN厂商服务质量参差不齐，各位网络运维小伙伴可要擦亮眼睛哦。

MPLS+VPN简介：

通过标签协议栈在和同一个VPN相连的PE路由之间建立一条隧道，标签协议栈就是使用两层标签，PE路由器之间的标签位于底层，而PE路由器和P路由器以及两个P路由器之间的标签位于协议栈的上层，下层协议对于上层协议是透明的。

总结：给流量加上标签，实现快速转发。

MPLSVPN组成

MPLSVPN网络主要由CE、PE和P，3部分组成：

1、CE(Customer Edge Router)用户网络边缘路由器设备，直接与服务提供商网络相连，它“感知”不到VPN的存在；

2、PE(Provider Edge Router)服务提供商边缘路由器设备，与用户的CE直接相连，负责VPN业务接入，处理VPN-IPv4路由，是MPLS三层VPN的主要实现者；

3、P(Provider Router)服务提供商核心路由器设备，负责快速转发数据，不与CE直接相连。

在整个MPLS VPN中，P、PE设备需要支持MPLS的基本功能，CE设备不必支持MPLS。

项目网络拓扑

本次项目使用的网络拓扑图：

实验要求：

1、公司A总部可以与分支1、分支2进行网络通讯。

2、公司B总部可以与分支1进行网络通讯。

3、公司A和公司B，无论是总部还是分支，都互不干扰，互不通信。

实验思路：

1、骨干网IGP OSPF配置（理论上运营商的路由器运行BGP，这里简化OSPF）

2、CE端路由协议配置

3、VPN实例配置

4、PE端MP-BGP配置

5、MPLS配置

实验分析

中间为MPLS网络，

BGP的AS号为400，

IGP为OSPF

公司B总部，区域为AS号500

内部网段为192.168.8.X。

VPN实例为500

公司A总部，区域为AS号600

内部网段为192.168.6.X。

VPN实例为600

来看三个分支，

公司B分支1，分支2

VPN实例分别为100，200

公司A分支1

VPN实例为300

MPLS的标签分别为

公司A1060

公司B1024

使用BGP路由传递并控制更改信息。

设备配置文件

如果这里教大家怎么配置MPLS-VPN那就不合宜了哈

各个设备配置如下

# sysname R2_P1# snmp-agent local-engineid 800007DB03000000000000 snmp-agent # clock timezone China-Standard-Time minus 08:00:00#portal local-server load flash:/portalpage.zip# drop illegal-mac alarm#router id 2.2.2.2 # wlan ac-global carrier id other ac id 0# set cpu-usage threshold 80 restore 75#mpls lsr-id 2.2.2.2mpls#mpls ldp##aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$ local-user admin service-type zone Local priority 15#interface GigabitEthernet0/0/0 ip address 12.1.1.2 255.255.255.0 mpls mpls ldp#interface GigabitEthernet0/0/1 ip address 23.1.1.2 255.255.255.0 mpls mpls ldp#interface GigabitEthernet0/0/2#interface NULL0#interface LoopBack0 ip address 2.2.2.2 255.255.255.0 #ospf 1 area 0.0.0.0 network 2.2.2.0 0.0.0.255 network 12.1.1.0 0.0.0.255 network 23.1.1.0 0.0.0.255 #user-interface con 0 authentication-mode passworduser-interface vty 0 4user-interface vty 16 20#wlan ac#return

# sysname R3_P2# snmp-agent local-engineid 800007DB03000000000000 snmp-agent # clock timezone China-Standard-Time minus 08:00:00#portal local-server load flash:/portalpage.zip# drop illegal-mac alarm#router id 3.3.3.3 # wlan ac-global carrier id other ac id 0# set cpu-usage threshold 80 restore 75#mpls lsr-id 3.3.3.3mpls#mpls ldp##aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$ local-user admin service-type zone Local priority 15#interface GigabitEthernet0/0/0 ip address 23.1.1.3 255.255.255.0 mpls mpls ldp#interface GigabitEthernet0/0/1 ip address 34.1.1.3 255.255.255.0 mpls mpls ldp#interface GigabitEthernet0/0/2#interface NULL0#interface LoopBack0 ip address 3.3.3.3 255.255.255.0 #ospf 1 area 0.0.0.0 network 3.3.3.0 0.0.0.255 network 23.1.1.0 0.0.0.255 network 34.1.1.0 0.0.0.255 #user-interface con 0 authentication-mode passworduser-interface vty 0 4user-interface vty 16 20#wlan ac#return

PE1

# sysname R1_PE1# board add 0/4 1GEC # snmp-agent local-engineid 800007DB03000000000000 snmp-agent # clock timezone China-Standard-Time minus 08:00:00#portal local-server load flash:/portalpage.zip# drop illegal-mac alarm#router id 1.1.1.1 # wlan ac-global carrier id other ac id 0# set cpu-usage threshold 80 restore 75#ip vpn-instance vpn100 ipv4-family route-distinguisher 100:100 vpn-target 10:10 export-extcommunity vpn-target 50:50 import-extcommunity#ip vpn-instance vpn200 ipv4-family route-distinguisher 200:200 vpn-target 20:20 export-extcommunity vpn-target 50:50 import-extcommunity#ip vpn-instance vpn300 ipv4-family route-distinguisher 300:300 vpn-target 30:30 export-extcommunity vpn-target 60:60 import-extcommunity#mpls lsr-id 1.1.1.1mpls#mpls ldp##aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$ local-user admin service-type zone Local priority 15#interface GigabitEthernet0/0/0 ip address 12.1.1.1 255.255.255.0 mpls mpls ldp#interface GigabitEthernet0/0/1 ip binding vpn-instance vpn100 ip address 15.1.1.1 255.255.255.0 #interface GigabitEthernet0/0/2 ip binding vpn-instance vpn300 ip address 17.1.1.1 255.255.255.0 #interface GigabitEthernet4/0/0 ip binding vpn-instance vpn200 ip address 19.1.1.1 255.255.255.0 #interface NULL0#interface LoopBack0 ip address 1.1.1.1 255.255.255.0 #bgp 400 peer 4.4.4.4 as-number 400 peer 4.4.4.4 connect-interface LoopBack0 # ipv4-family unicast undo synchronization peer 4.4.4.4 enable # ipv4-family vpnv4 policy vpn-target peer 4.4.4.4 enable # ipv4-family vpn-instance vpn100 peer 15.1.1.5 as-number 100 # ipv4-family vpn-instance vpn200 peer 19.1.1.9 as-number 200 # ipv4-family vpn-instance vpn300 peer 17.1.1.7 as-number 300 #ospf 1 area 0.0.0.0 network 1.1.1.0 0.0.0.255 network 12.1.1.0 0.0.0.255 #user-interface con 0 authentication-mode passworduser-interface vty 0 4user-interface vty 16 20#wlan ac#return

PE2

# sysname R4# snmp-agent local-engineid 800007DB03000000000000 snmp-agent # clock timezone China-Standard-Time minus 08:00:00#portal local-server load flash:/portalpage.zip# drop illegal-mac alarm# undo info-center enable#router id 4.4.4.4 # wlan ac-global carrier id other ac id 0# set cpu-usage threshold 80 restore 75#ip vpn-instance vpn500 ipv4-family route-distinguisher 500:500 vpn-target 50:50 export-extcommunity vpn-target 10:10 20:20 import-extcommunity#ip vpn-instance vpn600 ipv4-family route-distinguisher 600:600 vpn-target 60:60 export-extcommunity vpn-target 30:30 import-extcommunity#mpls lsr-id 4.4.4.4mpls#mpls ldp##aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$ local-user admin service-type zone Local priority 15#interface GigabitEthernet0/0/0 ip address 34.1.1.4 255.255.255.0 mpls mpls ldp#interface GigabitEthernet0/0/1 ip binding vpn-instance vpn600 ip address 46.1.1.4 255.255.255.0 #interface GigabitEthernet0/0/2 ip binding vpn-instance vpn500 ip address 48.1.1.4 255.255.255.0 #interface NULL0#interface LoopBack0 ip address 4.4.4.4 255.255.255.0 #bgp 400 peer 1.1.1.1 as-number 400 peer 1.1.1.1 connect-interface LoopBack0 # ipv4-family unicast undo synchronization peer 1.1.1.1 enable # ipv4-family vpnv4 policy vpn-target peer 1.1.1.1 enable # ipv4-family vpn-instance vpn500 peer 48.1.1.8 as-number 500 # ipv4-family vpn-instance vpn600 peer 46.1.1.6 as-number 600 #ospf 1 area 0.0.0.0 network 4.4.4.0 0.0.0.255 network 34.1.1.0 0.0.0.255 #user-interface con 0 authentication-mode passworduser-interface vty 0 4user-interface vty 16 20#wlan ac#return

CE5

# sysname R5_CE5# snmp-agent local-engineid 800007DB03000000000000 snmp-agent # clock timezone China-Standard-Time minus 08:00:00#portal local-server load flash:/portalpage.zip# drop illegal-mac alarm#router id 5.5.5.5 # wlan ac-global carrier id other ac id 0# set cpu-usage threshold 80 restore 75#aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$ local-user admin service-type zone Local priority 15#interface GigabitEthernet0/0/0 ip address 192.168.5.1 255.255.255.0 #interface GigabitEthernet0/0/1 ip address 15.1.1.5 255.255.255.0 #interface GigabitEthernet0/0/2#interface NULL0#interface LoopBack0 ip address 5.5.5.5 255.255.255.0 #bgp 100 peer 15.1.1.1 as-number 400 # ipv4-family unicast undo synchronization network 5.5.5.0 255.255.255.0 network 192.168.5.0 peer 15.1.1.1 enable#user-interface con 0 authentication-mode passworduser-interface vty 0 4user-interface vty 16 20#wlan ac#return

CE6

# sysname R6_CE6# snmp-agent local-engineid 800007DB03000000000000 snmp-agent # clock timezone China-Standard-Time minus 08:00:00#portal local-server load flash:/portalpage.zip# drop illegal-mac alarm#router id 6.6.6.6 # wlan ac-global carrier id other ac id 0# set cpu-usage threshold 80 restore 75#aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$ local-user admin service-type zone Local priority 15#interface GigabitEthernet0/0/0 ip address 46.1.1.6 255.255.255.0 #interface GigabitEthernet0/0/1 ip address 192.168.6.1 255.255.255.0 #interface GigabitEthernet0/0/2#interface NULL0#interface LoopBack0 ip address 6.6.6.6 255.255.255.0 #bgp 600 peer 46.1.1.4 as-number 400 # ipv4-family unicast undo synchronization network 6.6.6.0 255.255.255.0 network 192.168.6.0 peer 46.1.1.4 enable#user-interface con 0 authentication-mode passworduser-interface vty 0 4user-interface vty 16 20#wlan ac#return

CE7

# sysname R7_CE7# snmp-agent local-engineid 800007DB03000000000000 snmp-agent # clock timezone China-Standard-Time minus 08:00:00#portal local-server load flash:/portalpage.zip# drop illegal-mac alarm#router id 7.7.7.7 # wlan ac-global carrier id other ac id 0# set cpu-usage threshold 80 restore 75#aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$ local-user admin service-type zone Local priority 15#interface GigabitEthernet0/0/0 ip address 17.1.1.7 255.255.255.0 #interface GigabitEthernet0/0/1 ip address 192.168.7.1 255.255.255.0 #interface GigabitEthernet0/0/2#interface NULL0#interface LoopBack0 ip address 7.7.7.7 255.255.255.0 #bgp 300 peer 17.1.1.1 as-number 400 # ipv4-family unicast undo synchronization network 7.7.7.0 255.255.255.0 network 192.168.7.0 peer 17.1.1.1 enable#user-interface con 0 authentication-mode passworduser-interface vty 0 4user-interface vty 16 20#wlan ac#return

CE8

# sysname R8_CE8# snmp-agent local-engineid 800007DB03000000000000 snmp-agent # clock timezone China-Standard-Time minus 08:00:00#portal local-server load flash:/portalpage.zip# drop illegal-mac alarm#router id 8.8.8.8 # wlan ac-global carrier id other ac id 0# set cpu-usage threshold 80 restore 75#aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$ local-user admin service-type zone Local priority 15#interface GigabitEthernet0/0/0 ip address 48.1.1.8 255.255.255.0 #interface GigabitEthernet0/0/1 ip address 192.168.8.1 255.255.255.0 #interface GigabitEthernet0/0/2#interface NULL0#interface LoopBack0 ip address 8.8.8.8 255.255.255.0 #bgp 500 peer 48.1.1.4 as-number 400 # ipv4-family unicast undo synchronization network 8.8.8.0 255.255.255.0 network 192.168.8.0 peer 48.1.1.4 enable#user-interface con 0 authentication-mode passworduser-interface vty 0 4user-interface vty 16 20#wlan ac#return

CE9

# sysname R9_CE9# snmp-agent local-engineid 800007DB03000000000000 snmp-agent # clock timezone China-Standard-Time minus 08:00:00#portal local-server load flash:/portalpage.zip# drop illegal-mac alarm#router id 9.9.9.9 # wlan ac-global carrier id other ac id 0# set cpu-usage threshold 80 restore 75#aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$ local-user admin service-type zone Local priority 15#interface GigabitEthernet0/0/0 ip address 19.1.1.9 255.255.255.0 #interface GigabitEthernet0/0/1 ip address 192.168.9.1 255.255.255.0 #interface GigabitEthernet0/0/2#interface NULL0#interface LoopBack0 ip address 9.9.9.9 255.255.255.0 #bgp 200 peer 19.1.1.1 as-number 400 # ipv4-family unicast undo synchronization network 9.9.9.0 255.255.255.0 network 192.168.9.0 peer 19.1.1.1 enable#user-interface con 0 authentication-mode passworduser-interface vty 0 4user-interface vty 16 20#wlan ac#return

实验项目结束。

如有问题，可留言交流。

Spring中的aware接口详情

288 2022-09-09

企业网络项目-MPLS+VPN配置

java中的接口是类吗

Spring中的aware接口详情

29、OSPF配置实验之被动接口

推荐文章

接口调用是什么意思？几种常用接口调用方式

接口设计原则

8款在线 API 接口文档管理工具

api管理系统是什么？

什么是接口调试？接口调试的步骤有哪些？

api 接口管理系统有哪些？

接口测试有几种测试方法

API文档生成工具有哪些？

微服务和api网关区别

交换机配置步骤

最近发表

热评文章

在线接口文档管理工具推荐，支持在线测试，HTTP接口

开源的在线接口文档wiki工具Mindoc的介绍与使

如何优雅的进行接口设计？接口设计的六大原则是什么？

什么是API测试,api检测公司

遇到百度网址安全中心提醒您该页面可能存在钓鱼欺诈信息

软件接口设计怎么做？前后端分离软件接口设计思路