华为设备配置双反射器优化VPN骨干层

华为设备配置双反射器优化VPN骨干层

1. 配置IP地址

[PE1-LoopBack1]ip add 1.1.1.1 32

[PE1-GigabitEthernet0/0/0]ip add 20.1.1.1 24

[PE1-GigabitEthernet0/0/2]ip add 50.1.1.1 24

[RR1-LoopBack1]ip add 2.2.2.2 32

[RR1-GigabitEthernet0/0/0]ip add 30.1.1.2 24

[RR1-GigabitEthernet0/0/1]ip add 20.1.1.2 24

[RR1-GigabitEthernet0/0/2]ip add 60.1.1.2 24

[RR2-LoopBack1]ip add 3.3.3.3 32

[RR2-GigabitEthernet0/0/0]ip add 30.1.1.3 24

[RR2-GigabitEthernet0/0/1]ip add 40.1.1.3 24

[RR2-GigabitEthernet0/0/2]ip add 50.1.1.3 24

[PE2-LoopBack1]ip add 4.4.4.4 32

[PE2-GigabitEthernet0/0/0]ip add 40.1.1.4 24

[PE2-GigabitEthernet0/0/2]ip add 60.1.1.4 24

[CE1-GigabitEthernet0/0/0]ip add 10.1.1.5 24

[CE2-GigabitEthernet0/0/0]ip add 10.2.1.6 24

2. 在MPLS骨干网配置IGP，实现骨干网的IP连通性

[PE1]ospf 1

[PE1-ospf-1]area 0

[PE1-ospf-1-area-0.0.0.0]network 1.1.1.1 0.0.0.0

[PE1-ospf-1-area-0.0.0.0]network 20.1.1.0 0.0.0.255

[PE1-ospf-1-area-0.0.0.0]network 50.1.1.0 0.0.0.255

[RR1]ospf 1

[RR1-ospf-1]area 0

[RR1-ospf-1-area-0.0.0.0]network 2.2.2.2 0.0.0.0

[RR1-ospf-1-area-0.0.0.0]network 30.1.1.0 0.0.0.255

[RR1-ospf-1-area-0.0.0.0]network 60.1.1.0 0.0.0.255

[RR1-ospf-1-area-0.0.0.0]network 20.1.1.0 0.0.0.255

[RR2]ospf 1

[RR2-ospf-1]area 0

[RR2-ospf-1-area-0.0.0.0]network 3.3.3.3 0.0.0.0

[RR2-ospf-1-area-0.0.0.0]network 40.1.1.0 0.0.0.255

[RR2-ospf-1-area-0.0.0.0]network 50.1.1.0 0.0.0.255

[RR2-ospf-1-area-0.0.0.0]network 30.1.1.0 0.0.0.255

[PE2]ospf 1

[PE2-ospf-1]area 0

[PE2-ospf-1-area-0.0.0.0]network 4.4.4.4 0.0.0.0

[PE2-ospf-1-area-0.0.0.0]network 40.1.1.0 0.0.0.255

[PE2-ospf-1-area-0.0.0.0]network 60.1.1.0 0.0.0.255

3. 在MPLS骨干网上配置MPLS基本能力和MPLS LDP，建立LDP LSP

[PE1]mpls lsr-id 1.1.1.1

[PE1]mpls

[PE1]mpls ldp

[PE1-GigabitEthernet0/0/0]mpls

[PE1-GigabitEthernet0/0/0]mpls ldp

[PE1-GigabitEthernet0/0/2]mpls

[PE1-GigabitEthernet0/0/2]mpls ldp

[RR1]mpls lsr-id 2.2.2.2

[RR1]mpls

[RR1]mpls ldp

[RR1-GigabitEthernet0/0/0]mpls

[RR1-GigabitEthernet0/0/0]mpls ldp

[RR1-GigabitEthernet0/0/1]mpls

[RR1-GigabitEthernet0/0/1]mpls ldp

[RR1-GigabitEthernet0/0/2]mpls

[RR1-GigabitEthernet0/0/2]mpls ldp

[RR2]mpls lsr-id 3.3.3.3

[RR2]mpls

[RR2]mpls ldp

[RR2-GigabitEthernet0/0/0]mpls

[RR2-GigabitEthernet0/0/0]mpls ldp

[RR2-GigabitEthernet0/0/1]mpls

[RR2-GigabitEthernet0/0/1]mpls ldp

[RR2-GigabitEthernet0/0/2]mpls

[RR2-GigabitEthernet0/0/2]mpls ldp

[PE2]mpls lsr-id 4.4.4.4

[PE2]mpls

[PE2]mpls ldp

[PE2-GigabitEthernet0/0/0]mpls

[PE2-GigabitEthernet0/0/0]mpls ldp

[PE2-GigabitEthernet0/0/2]mpls

[PE2-GigabitEthernet0/0/2]mpls ldp

4. 在PE设备上配置VPN实例

[PE1]ip vpn-instance vpn1

[PE1-vpn-instance-vpn1]ipv4-family

[PE1-vpn-instance-vpn1-af-ipv4]route-distinguisher 100:1

[PE1-vpn-instance-vpn1-af-ipv4]vpn-target 1:1

[PE1-GigabitEthernet0/0/1]ip binding vpn-instance vpn1

[PE1-GigabitEthernet0/0/1]ip add 10.1.1.1 24

[PE2]ip vpn-instance vpn1

[PE2-vpn-instance-vpn1]ipv4-family

[PE2-vpn-instance-vpn1-af-ipv4]route-distinguisher 100:2

[PE2-vpn-instance-vpn1-af-ipv4]vpn-target 1:1

[PE2-GigabitEthernet0/0/1]ip binding vpn-instance vpn1

[PE2-GigabitEthernet0/0/1]ip add 10.2.1.4 24

5. 在PE与CE之间建立EBGP对等体关系，引入VPN路由

[CE1]bgp 65410

[CE1-bgp]peer 10.1.1.1 as-number 100

[PE1]bgp 100

[PE1-bgp]ipv4-family vpn-instance vpn1

[PE1-bgp-vpn1]peer 10.1.1.5 as-number 65410

[PE1-bgp-vpn1]import-route direct

[CE2]bgp 65420

[CE2-bgp]peer 10.2.1.4 as-number 100

[PE2]bgp 100

[PE2-bgp]ipv4-family vpn-instance vpn1

[PE2-bgp-vpn1]peer 10.2.1.6 as-number 65420

[PE2-bgp-vpn1]import-route direct

6. 建立PE与反射器间的MP-IBGP对等体关系

[PE1]bgp 100

[PE1-bgp]peer 2.2.2.2 as-number 100

[PE1-bgp]peer 2.2.2.2 connect-interface LoopBack 1

[PE1-bgp]peer 3.3.3.3 as-number 100

[PE1-bgp]peer 3.3.3.3 connect-interface LoopBack 1

[PE1-bgp]ipv4-family vpnv4

[PE1-bgp-af-vpnv4]peer 2.2.2.2 enable

[PE1-bgp-af-vpnv4]peer 3.3.3.3 enable

[RR1]bgp 100

[RR1-bgp]group rr1 internal

[RR1-bgp]peer rr1 connect-interface LoopBack 1

[RR1-bgp]peer 1.1.1.1 group rr1

[RR1-bgp]peer 3.3.3.3 group rr1

[RR1-bgp]peer 4.4.4.4 group rr1

[RR1-bgp]ipv4-family vpnv4

[RR1-bgp-af-vpnv4]peer rr1 enable

[RR1-bgp-af-vpnv4]peer 1.1.1.1 group rr1

[RR1-bgp-af-vpnv4]peer 3.3.3.3 group rr1

[RR1-bgp-af-vpnv4]peer 4.4.4.4 group rr1

[RR2]bgp 100

[RR2-bgp]group rr2 internal

[RR2-bgp]peer rr2 connect-interface LoopBack 1

[RR2-bgp]peer 1.1.1.1 group rr2

[RR2-bgp]peer 2.2.2.2 group rr2

[RR2-bgp]peer 4.4.4.4 group rr2

[RR2-bgp]ipv4-family vpnv4

[RR2-bgp-af-vpnv4]peer rr2 enable

[RR2-bgp-af-vpnv4]peer 1.1.1.1 group rr2

[RR2-bgp-af-vpnv4]peer 2.2.2.2 group rr2

[RR2-bgp-af-vpnv4]peer 4.4.4.4 group rr2

[PE2]bgp 100

[PE2-bgp]peer 2.2.2.2 as-number 100

[PE2-bgp]peer 2.2.2.2 connect-interface LoopBack 1

[PE2-bgp]peer 3.3.3.3 as-number 100

[PE2-bgp]peer 3.3.3.3 connect-interface LoopBack 1

[PE2-bgp]ipv4-family vpnv4

[PE2-bgp-af-vpnv4]peer 3.3.3.3 enable

[PE2-bgp-af-vpnv4]peer 2.2.2.2 enable

7. 在RR1和RR2上配置反射功能

[RR1]bgp 100

[RR1-bgp]ipv4-family vpnv4

[RR1-bgp-af-vpnv4]reflector cluster-id 100

[RR1-bgp-af-vpnv4]peer rr1 reflect-client

[RR1-bgp-af-vpnv4]undo policy vpn-target

[RR2]bgp 100

[RR2-bgp]ipv4-family vpnv4

[RR2-bgp-af-vpnv4]reflector cluster-id 100

[RR2-bgp-af-vpnv4]peer rr2 reflect-client

[RR2-bgp-af-vpnv4]undo policy vpn-target

8．检验配置

发现有到远端CE的路由

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。