配置应用于L3VPN的隧道策略

配置应用于L3VPN的隧道策略

1. 在MPLS骨干网上配置IGP协议，实现PE之间的IP连通性

[PE1-LoopBack1]ip add 1.1.1.1 32

[PE1-GigabitEthernet0/0/0]ip add 20.1.1.1 24

[PE1]ospf 1

[PE1-ospf-1]area 0

[PE1-ospf-1-area-0.0.0.0]network 20.1.1.0 0.0.0.255

[PE1-ospf-1-area-0.0.0.0]network 1.1.1.1 0.0.0.0

[PE2-LoopBack1]ip add 2.2.2.2 32

[PE2-GigabitEthernet0/0/0]ip add 20.1.1.2 24

[PE2]ospf 1

[PE2-ospf-1]area 0

[PE2-ospf-1-area-0.0.0.0]network 2.2.2.2 0.0.0.0

[PE2-ospf-1-area-0.0.0.0]network 20.1.1.0 0.0.0.255

2. 在MPLS骨干网上配置MPLS基本能力，在PE之间建立LDP LSP

[PE1]mpls lsr-id 1.1.1.1

[PE1]mpls

[PE1-mpls]label advertise non-null

[PE1]mpls ldp

[PE1-GigabitEthernet0/0/0]mpls

[PE1-GigabitEthernet0/0/0]mpls ldp

[PE2]mpls lsr-id 2.2.2.2

[PE2]mpls

[PE2-mpls]label advertise non-null

[PE2]mpls ldp

[PE2-GigabitEthernet0/0/0]mpls

[PE2-GigabitEthernet0/0/0]mpls ldp

3. 在PE之间建立MPLS TE隧道

[PE1]mpls

[PE1-mpls]mpls te

[PE1-mpls]mpls rsvp-te

[PE1-mpls]mpls te cspf

[PE1]int Tunnel 0/0/1

[PE1-Tunnel0/0/1]ip address unnumbered interface LoopBack 1

[PE1-Tunnel0/0/1]tunnel-protocol mpls te

[PE1-Tunnel0/0/1]destination 2.2.2.2

[PE1-Tunnel0/0/1]mpls te  tunnel-id 11

[PE1-Tunnel0/0/1]mpls te commit

[PE1]int Tunnel 0/0/2

[PE1-Tunnel0/0/2]ip address unnumbered interface LoopBack 1

[PE1-Tunnel0/0/2]tunnel-protocol mpls te

[PE1-Tunnel0/0/2]destination 2.2.2.2

[PE1-Tunnel0/0/2]mpls te tunnel-id 22

[PE1-Tunnel0/0/2]mpls te reserved-for-binding

[PE1-Tunnel0/0/2]mpls te commit

[PE1-GigabitEthernet0/0/0]mpls

[PE1-GigabitEthernet0/0/0]mpls te

[PE1-GigabitEthernet0/0/0]mpls rsvp-te

[PE2]mpls

[PE2-mpls]mpls te

[PE2-mpls]mpls rsvp-te

[PE2-mpls]mpls te cspf

[PE2]int Tunnel 0/0/1

[PE2-Tunnel0/0/1]ip add unnumbered interface LoopBack 1

[PE2-Tunnel0/0/1]tunnel-protocol mpls te

[PE2-Tunnel0/0/1]destination 1.1.1.1

[PE2-Tunnel0/0/1]mpls te tunnel-id 11

[PE2-Tunnel0/0/1]mpls te commit

[PE2]int Tunnel 0/0/2

[PE2-Tunnel0/0/2]ip add unnumbered interface LoopBack 1

[PE2-Tunnel0/0/2]tunnel-protocol mpls te

[PE2-Tunnel0/0/2]destination 1.1.1.1

[PE2-Tunnel0/0/2]mpls te tunnel-id 22

[PE2-Tunnel0/0/2]mpls te reserved-for-binding

[PE2-Tunnel0/0/2]mpls te commit

[PE2-GigabitEthernet0/0/0]mpls

[PE2-GigabitEthernet0/0/0]mpls te

[PE2-GigabitEthernet0/0/0]mpls rsvp-te

[PE1]ospf 1

[PE1-ospf-1]opaque-capability enable

[PE1-ospf-1]area 0

[PE1-ospf-1-area-0.0.0.0]mpls-te enable

[PE2]ospf 1

[PE2-ospf-1]opaque-capability enable

[PE2-ospf-1]area 0

[PE2-ospf-1-area-0.0.0.0]mpls-te enable

4. 在PE设备上配置VPN实例，将CE接入PE

[PE1]ip vpn-instance vpna

[PE1-vpn-instance-vpna]route-distinguisher 100:1

[PE1-vpn-instance-vpna-af-ipv4]vpn-target 1:1

[PE1]ip vpn-instance vpnb

[PE1-vpn-instance-vpnb]route-distinguisher 100:2

[PE1-vpn-instance-vpnb-af-ipv4]vpn-target 2:2

[PE1-GigabitEthernet0/0/1]ip binding vpn-instance vpna

[PE1-GigabitEthernet0/0/1]ip add 10.1.1.1 24

[PE1-GigabitEthernet0/0/2]ip binding vpn-instance vpnb

[PE1-GigabitEthernet0/0/2]ip add 10.2.1.1 24

[PE2]ip vpn-instance vpna

[PE2-vpn-instance-vpna]route-distinguisher 100:3

[PE2-vpn-instance-vpna-af-ipv4]vpn-target 1:1

[PE2]ip vpn-instance vpnb

[PE2-vpn-instance-vpnb]route-distinguisher 100:4

[PE2-vpn-instance-vpnb-af-ipv4]vpn-target 2:2

[PE2-GigabitEthernet0/0/1]ip binding vpn-instance vpna

[PE2-GigabitEthernet0/0/1]ip add 10.3.1.2 24

[PE2-GigabitEthernet0/0/2]ip binding vpn-instance vpnb

[PE2-GigabitEthernet0/0/2]ip add 10.4.1.2 24

[CE1-GigabitEthernet0/0/0]ip add 10.1.1.3 24

[CE2-GigabitEthernet0/0/0]ip add 10.2.1.4 24

[CE3-GigabitEthernet0/0/0]ip add 10.3.1.5 24

[CE4-GigabitEthernet0/0/0]ip add 10.4.1.6 24

5. 在PE上配置隧道策略并应用隧道策略

[PE1]tunnel-policy p1  //配置主隧道绑定的隧道策略并应用于VPNA

[PE1-tunnel-policy-p1]tunnel binding destination 2.2.2.2 te Tunnel 0/0/2

[PE1]ip vpn-instance vpna

[PE1-vpn-instance-vpna]tnl-policy p1

[PE2]tunnel-policy p1

[PE2-tunnel-policy-p1]tunnel binding destination 1.1.1.1 te Tunnel 0/0/2

[PE2]ip vpn-instance vpna

[PE2-vpn-instance-vpna]tnl-policy p1

[PE1]tunnel-policy p2  //配置顺序选择方式的隧道策略并应用于VPNB

[PE1-tunnel-policy-p2]tunnel select-seq cr-lsp lsp load-balance-number 1

[PE1]ip vpn-instance vpnb

[PE1-vpn-instance-vpnb]tnl-policy p2

[PE2]tunnel-policy p2

[PE2-tunnel-policy-p2]tunnel select-seq cr-lsp lsp load-balance-number 1

[PE2]ip vpn-instance vpnb

[PE2-vpn-instance-vpnb]tnl-policy p2

6. 在PE之间建立MP-IBGP对等体关系

[PE1]bgp 100

[PE1-bgp]peer 2.2.2.2 as-number 100

[PE1-bgp]peer 2.2.2.2 connect-interface LoopBack 1

[PE1-bgp]ipv4-family vpnv4

[PE1-bgp-af-vpnv4]peer 2.2.2.2 enable

[PE2]bgp 100

[PE2-bgp]peer 1.1.1.1 as-number 100

[PE2-bgp]peer 1.1.1.1 connect-interface LoopBack 1

[PE2-bgp]ipv4-family vpnv4

[PE2-bgp-af-vpnv4]peer 1.1.1.1 enable

7. PE与CE之间建立EBGP对等体关系

[PE1]bgp 100

[PE1-bgp]ipv4-family vpn-instance vpna

[PE1-bgp-vpna]peer 10.1.1.3 as-number 65410

[PE1-bgp]ipv4-family vpn-instance vpnb

[PE1-bgp-vpnb]peer 10.2.1.4 as-number 65410

[CE1]bgp 65410

[CE1-bgp]peer 10.1.1.1 as-number 100

[CE1-bgp]import-route direct

[CE2]bgp 65410

[CE2-bgp]peer 10.2.1.1 as-number 100

[CE2-bgp]import-route direct

[PE2]bgp 100

[PE2-bgp]ipv4-family vpn-instance vpna

[PE2-bgp-vpna]peer 10.3.1.5 as-number 65420

[PE2-bgp]ipv4-family vpn-instance vpnb

[PE2-bgp-vpnb]peer 10.4.1.6 as-number 65420

[CE3]bgp 65420

[CE3-bgp]peer 10.3.1.2 as-number 100

[CE3-bgp]import-route direct

[CE4]bgp 65420

[CE4-bgp]peer 10.4.1.2 as-number 100

[CE4-bgp]import-route direct

8. 检查配置

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。