华为设备配置HoVPN

华为设备配置HoVPN

1. 配置IP地址

[UPE-LoopBack0]ip add 1.1.1.1 32

[UPE-GigabitEthernet0/0/0]ip add 20.1.1.1 24

[UPE-GigabitEthernet0/0/1]ip add 10.1.1.1 24

[SPE-LoopBack0]ip add 2.2.2.2 32

[SPE-GigabitEthernet0/0/0]ip add 20.1.1.2 24

[SPE-GigabitEthernet0/0/1]ip add 30.1.1.2 24

[PE]int LoopBack 0

[PE-LoopBack0]ip add 3.3.3.3 32

[PE-GigabitEthernet0/0/0]ip add 30.1.1.3 24

[PE-GigabitEthernet0/0/1]ip add 10.2.1.3 24

[CE1-GigabitEthernet0/0/0]ip add 10.1.1.4 24

[CE2-GigabitEthernet0/0/0]ip add 10.2.1.5 24

2. 在骨干网设备上配置OSPF，实现骨干网的IP连通性

[UPE]ospf 1

[UPE-ospf-1]area 0

[UPE-ospf-1-area-0.0.0.0]network 1.1.1.1 0.0.0.0

[UPE-ospf-1-area-0.0.0.0]network 20.1.1.0 0.0.0.255

[SPE]ospf 1

[SPE-ospf-1]area 0

[SPE-ospf-1-area-0.0.0.0]network 2.2.2.2 0.0.0.0

[SPE-ospf-1-area-0.0.0.0]network 30.1.1.0 0.0.0.255

[SPE-ospf-1-area-0.0.0.0]network 20.1.1.0 0.0.0.255

[PE]ospf 1

[PE-ospf-1]area 0

[PE-ospf-1-area-0.0.0.0]network 3.3.3.3 0.0.0.0

[PE-ospf-1-area-0.0.0.0]network 30.1.1.0 0.0.0.255

3. 在骨干网上配置MPLS基本能力和MPLS LDP，建立LDP LSP

[UPE]mpls lsr-id 1.1.1.1

[UPE]mpls

[UPE]mpls ldp

[UPE-GigabitEthernet0/0/0]mpls

[UPE-GigabitEthernet0/0/0]mpls ldp

[SPE]mpls lsr-id 2.2.2.2

[SPE]mpls

[SPE]mpls ldp

[SPE-GigabitEthernet0/0/0]mpls

[SPE-GigabitEthernet0/0/0]mpls ldp

[SPE-GigabitEthernet0/0/1]mpls

[SPE-GigabitEthernet0/0/1]mpls ldp

[PE]mpls lsr-id 3.3.3.3

[PE]mpls

[PE]mpls ldp

[PE-GigabitEthernet0/0/0]mpls

[PE-GigabitEthernet0/0/0]mpls ldp

4. 配置UPE与SPE、PE与SPE的MP-IBGP对等体关系

[UPE]bgp 100

[UPE-bgp]peer 2.2.2.2 as-number 100

[UPE-bgp]peer 2.2.2.2 connect-interface LoopBack 0

[UPE-bgp]ipv4-family vpnv4

[UPE-bgp-af-vpnv4]peer 2.2.2.2 enable

[SPE]bgp 100

[SPE-bgp]peer 1.1.1.1 as-number 100

[SPE-bgp]peer 1.1.1.1 connect-interface LoopBack 0

[SPE-bgp]peer 3.3.3.3 as-number 100

[SPE-bgp]peer 3.3.3.3 connect-interface LoopBack 0

[SPE-bgp]ipv4-family vpnv4

[SPE-bgp-af-vpnv4]peer 1.1.1.1 enable

[SPE-bgp-af-vpnv4]peer 3.3.3.3 enable

[PE]bgp 100

[PE-bgp]peer 2.2.2.2 as-number 100

[PE-bgp]peer 2.2.2.2 connect-interface LoopBack 0

[PE-bgp]ipv4-family vpnv4

[PE-bgp-af-vpnv4]peer 2.2.2.2 enable

5. UPE和PE上创建VPN实例，并与CE间配置EBGP

[UPE]ip vpn-instance vpna

[UPE-vpn-instance-vpna]ipv4-family

[UPE-vpn-instance-vpna-af-ipv4]route-distinguisher 100:1

[UPE-vpn-instance-vpna-af-ipv4]vpn-target 1:1

[UPE-GigabitEthernet0/0/1]ip binding vpn-instance vpna

[UPE-GigabitEthernet0/0/1]ip add 10.1.1.1 24

[UPE]bgp 100

[UPE-bgp]ipv4-family vpn-instance vpna

[UPE-bgp-vpna]peer 10.1.1.4 as-number 65410

[UPE-bgp-vpna]import-route direct

[CE1]bgp 65410

[CE1-bgp]peer 10.1.1.1 as-number 100

[CE1-bgp]import-route direct

[PE]ip vpn-instance vpna

[PE-vpn-instance-vpna]ipv

[PE-vpn-instance-vpna]ipv4-family

[PE-vpn-instance-vpna-af-ipv4]route-distinguisher 100:2

[PE-vpn-instance-vpna-af-ipv4]vpn-target 1:1

[PE-GigabitEthernet0/0/1]ip binding vpn-instance vpna

[PE-GigabitEthernet0/0/1]ip add 10.2.1.3 24

[PE]bgp 100

[PE-bgp]ipv4-family vpn-instance vpna

[PE-bgp-vpna]peer 10.2.1.5 as-number 65420

[PE-bgp-vpna]import-route direct

[CE2]bgp 65420

[CE2-bgp]peer 10.2.1.3 as-number 100

[CE2-bgp]import-route direct

6. SPE上配置VPN实例，指定UPE，并向UPE发布VPN实例的缺省路由

[SPE]ip vpn-instance vpna

[SPE-vpn-instance-vpna]route-distinguisher 200:1

[SPE-vpn-instance-vpna-af-ipv4]vpn-target 1:1

[SPE]bgp 100

[SPE-bgp]ipv4-family vpnv4

[SPE-bgp-af-vpnv4]peer 1.1.1.1 upe  //指定自己的UPE

[SPE-bgp-af-vpnv4]peer 1.1.1.1 default-originate vpn-instance vpna  //向UPE发布VPN实例的缺省路由

7. 检查配置

CE1上没有到CE2接口网段的路由，但有一条下一跳为UPE的缺省路由；CE2上有到CE1接口网段的BGP路由,CE1和CE2可以相互Ping通

版权声明：本文内容由网络用户投稿，版权归原作者所有，本站不拥有其著作权，亦不承担相应法律责任。如果您发现本站中有涉嫌抄袭或描述失实的内容，请联系我们jiasou666@gmail.com 处理，核实后本网站将在24小时内删除侵权内容。