今天给大家带来一道MPLS VPN的配置实例,希望能够对大家有所帮助。本文借助华为eNSP模拟器,实现了一道MPLS VPN的配置,并通过合理的设置RT值,控制了VPN实例之间路由的传递,进而实现了比较有趣的效果。
阅读本文,您需要对MPLS VPN的配置有一定的了解,如果您对此还存在困惑,欢迎查阅我博客的其他文章,相信您一定会有所收获。
实验拓扑如上所示,现在要求配置在R2、R3和R4之间配置MPLS VPN,实现PC1发往PC2的流量经R5前往R2(如图中红线所示),但PC2访问PC1的流量不经过R5直接到达PC1(如图中蓝线所示)。
分析这道题,很明显是一道典型的MPLS VPN的配置,至于实验要求中的有趣的数据包转发路径,我们应该考虑合理的给VPN实例配置RT值,使其产生完全相反的路由传递路径,从而实现数据包按要求转发。
在本实验中,BGP的配置要注意以下两点:
1、在R2、R3、R4的BGP配置中注意路由引入
2、在R1注意去掉防环和路由反射器的引入
MPLS配置比较简单,在这里只需要在全局上配置MPLS LSR-ID,并使能MPLS功能,在每个接口上使能MPLS功能即可。
为了实现图中的要求,需要对VPN实例中的RT值进行合理的配置。在这里我们在R2连接R5的两个接口上分别创建两个VPN实例,分别命名为VPN_IN和VPN_OUT,并设置VPN_IN的RT值为100:200 import,VPN_OUT的RT值为100:100 export。在R3、R4与PC相连的接口上分别创建VPN_A和VPN_B。VPN_A的RT值与VPN_IN和VPN_OUT的RT值配置刚好相反,为100:200 export和100:100 import,使得VPN_IN接收VPN_A发送的路由,并发送给VPN_A其自身的路由。而VPN_B的RT值配置为100:100 export和100:100 import,使得VPN_B直接接受VPN_A的路由,并将自身的路由发送给VPN_IN。这样一来,就可以实现PC1和PC2的通信数据包按照题目要求转发了。
R1:
mpls lsr-id 21.1.1.1 mpls # mpls ldp # # aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$ local-user admin service-type http # ospfv3 1 # firewall zone Local priority 15 # interface GigabitEthernet0/0/0 ip address 150.1.13.1 255.255.255.0 mpls mpls ldp # interface GigabitEthernet0/0/1 ip address 150.1.12.1 255.255.255.0 mpls mpls ldp # interface GigabitEthernet0/0/2 ip address 150.1.14.1 255.255.255.0 mpls mpls ldp # interface NULL0 # interface LoopBack0 ip address 21.1.1.1 255.255.255.255 # bgp 100 peer 21.1.1.2 as-number 100 peer 21.1.1.2 connect-interface LoopBack0 peer 21.1.1.3 as-number 100 peer 21.1.1.3 connect-interface LoopBack0 peer 21.1.1.4 as-number 100 peer 21.1.1.4 connect-interface LoopBack0 # ipv4-family unicast undo synchronization peer 21.1.1.2 enable peer 21.1.1.2 reflect-client peer 21.1.1.3 enable peer 21.1.1.3 reflect-client peer 21.1.1.4 enable peer 21.1.1.4 reflect-client # ipv4-family vpnv4 undo policy vpn-target peer 21.1.1.2 enable peer 21.1.1.2 reflect-client peer 21.1.1.3 enable peer 21.1.1.3 reflect-client peer 21.1.1.4 enable peer 21.1.1.4 reflect-client # ospf 1 area 0.0.0.0 network 21.1.1.1 0.0.0.0 network 150.1.12.0 0.0.0.255 network 150.1.13.0 0.0.0.255 network 150.1.14.0 0.0.0.255
R2:
ip vpn-instance VPN_IN ipv4-family route-distinguisher 100:52 vpn-target 100:200 import-extcommunity # ip vpn-instance VPN_OUT ipv4-family route-distinguisher 100:25 vpn-target 100:100 export-extcommunity # mpls lsr-id 21.1.1.2 mpls # mpls ldp # interface GigabitEthernet0/0/0 ip address 150.1.12.2 255.255.255.0 mpls mpls ldp # interface GigabitEthernet0/0/1 ip binding vpn-instance VPN_OUT ip address 192.168.25.2 255.255.255.0 # interface GigabitEthernet0/0/2 ip binding vpn-instance VPN_IN ip address 192.168.52.2 255.255.255.0 # interface LoopBack0 ip address 21.1.1.2 255.255.255.255 # bgp 100 peer 21.1.1.1 as-number 100 peer 21.1.1.1 connect-interface LoopBack0 # ipv4-family unicast undo synchronization peer 21.1.1.1 enable # ipv4-family vpnv4 policy vpn-target peer 21.1.1.1 enable # ipv4-family vpn-instance VPN_OUT import-route ospf 3 # ospf 1 area 0.0.0.0 network 21.1.1.2 0.0.0.0 network 150.1.12.0 0.0.0.255 # ospf 2 vpn-instance VPN_IN import-route bgp area 0.0.0.0 network 192.168.52.0 0.0.0.255 # ospf 3 vpn-instance VPN_OUT vpn-instance-capability simple area 0.0.0.0 network 192.168.25.0 0.0.0.255
R3:
ip vpn-instance VPN_A ipv4-family route-distinguisher 100:1 vpn-target 100:200 export-extcommunity vpn-target 100:100 import-extcommunity # mpls lsr-id 21.1.1.3 mpls # mpls ldp # interface GigabitEthernet0/0/0 ip binding vpn-instance VPN_A ip address 192.168.3.3 255.255.255.0 # interface GigabitEthernet0/0/1 ip address 150.1.13.3 255.255.255.0 mpls mpls ldp # interface LoopBack0 ip address 21.1.1.3 255.255.255.255 # bgp 100 peer 21.1.1.1 as-number 100 peer 21.1.1.1 connect-interface LoopBack0 # ipv4-family unicast undo synchronization peer 21.1.1.1 enable # ipv4-family vpnv4 policy vpn-target peer 21.1.1.1 enable # ipv4-family vpn-instance VPN_A network 192.168.3.0 # ospf 1 area 0.0.0.0 network 21.1.1.3 0.0.0.0 network 150.1.13.0 0.0.0.255
R4:
ip vpn-instance VPN_B ipv4-family route-distinguisher 100:2 vpn-target 100:200 export-extcommunity vpn-target 100:200 import-extcommunity # mpls lsr-id 21.1.1.4 mpls # mpls ldp # interface GigabitEthernet0/0/0 ip address 150.1.14.4 255.255.255.0 mpls mpls ldp # interface GigabitEthernet0/0/1 ip binding vpn-instance VPN_B ip address 192.168.4.4 255.255.255.0 # interface LoopBack0 ip address 21.1.1.4 255.255.255.255 # bgp 100 peer 21.1.1.1 as-number 100 peer 21.1.1.1 connect-interface LoopBack0 # ipv4-family unicast undo synchronization peer 21.1.1.1 enable # ipv4-family vpnv4 policy vpn-target peer 21.1.1.1 enable # ipv4-family vpn-instance VPN_B network 192.168.4.0 # ospf 1 area 0.0.0.0 network 21.1.1.4 0.0.0.0 network 150.1.14.0 0.0.0.255
R5:
interface GigabitEthernet0/0/1 ip address 192.168.25.5 255.255.255.0 # interface GigabitEthernet0/0/2 ip address 192.168.52.5 255.255.255.0 # ospf 1 area 0.0.0.0 network 192.168.25.0 0.0.0.255 network 192.168.52.0 0.0.0.255
原创不易,转载请说明出处:https://blog.csdn.net/weixin_40228200/article/details/119154993