FAQ-AR1200如何实现本地不同VPN实例间的互访

发布时间:  2016-06-12 浏览次数:  333 下载次数:  0
问题描述
AR1200如何实现本地不同VPN实例间的互访?
解决方案

拓扑如下所示:

AR2的GE0/0/0接口加入VPNA,GE0/0/1加入到VPNB中,现在要实现clinet1与AR3能够互访。可以通过VPN实例中的RT值进行相互引入实现,AR2上的关键配置如下:

ip vpn-instance vpna
ipv4-family
  route-distinguisher 1:1
  vpn-target 100:1 export-extcommunity
  vpn-target 100:1 200:1 import-extcommunity     //在vpna的import中包含vpnb的export-rt值
#
ip vpn-instance vpnb
ipv4-family
  route-distinguisher 200:1
  vpn-target 200:1 export-extcommunity
  vpn-target 200:1 100:1 import-extcommunity    //在vpnb的import中包含vpna的export-rt值
#
interface GigabitEthernet0/0/0
ip binding vpn-instance vpna
ip address 192.168.0.1 255.255.255.0
#
interface GigabitEthernet0/0/1
ip binding vpn-instance vpnb
ip address 192.168.1.1 255.255.255.0
#
bgp 100
#
ipv4-family unicast
  undo synchronization
#
ipv4-family vpn-instance vpna
  import-route direct
#
ipv4-family vpn-instance vpnb
  import-route direct
  import-route static
#
ip route-static vpn-instance vpnb 192.168.100.0 255.255.255.0 192.168.1.100
#
查看路由表:

[Huawei]display ip routing-table vpn-instance vpna
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: vpna
         Destinations : 9        Routes : 9       

Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

    192.168.0.0/24  Direct  0    0           D   192.168.0.1     GigabitEthernet
0/0/0
    192.168.0.1/32  Direct  0    0           D   127.0.0.1       GigabitEthernet
0/0/0
  192.168.0.255/32  Direct  0    0           D   127.0.0.1       GigabitEthernet
0/0/0
    192.168.1.0/24  BGP     255  0           D   192.168.1.1     GigabitEthernet
0/0/1

    192.168.1.1/32  BGP     255  0           D   127.0.0.1       InLoopBack0 
255.255.255.255/32  Direct  0    0           D   127.0.0.1       InLoopBack0

[Huawei]display ip routing-table vpn-instance vpnb
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: vpnb
         Destinations : 10       Routes : 11      

Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

    192.168.0.0/24  BGP     255  0           D   192.168.0.1     GigabitEthernet
0/0/0
    192.168.0.1/32  BGP     255  0           D   127.0.0.1       InLoopBack0

    192.168.1.0/24  Direct  0    0           D   192.168.1.1     GigabitEthernet
0/0/1
    192.168.1.1/32  Direct  0    0           D   127.0.0.1       GigabitEthernet
0/0/1
  192.168.1.255/32  Direct  0    0           D   127.0.0.1       GigabitEthernet
0/0/1
    192.168.2.0/24  Direct  0    0           D   192.168.2.1     GigabitEthernet
0/0/2
    192.168.2.1/32  Direct  0    0           D   127.0.0.1       GigabitEthernet
0/0/2
  192.168.2.255/32  Direct  0    0           D   127.0.0.1       GigabitEthernet
0/0/2
  192.168.100.0/24  Static  60   0          RD   192.168.1.100   GigabitEthernet
0/0/1 
  255.255.255.255/32  Direct  0    0           D   127.0.0.1       InLoopBack0

从PC ping AR3的地址192.168.1.100,结果如下:

PC>ping 192.168.1.100

Ping 192.168.1.100: 32 data bytes, Press Ctrl_C to break
From 192.168.1.100: bytes=32 seq=1 ttl=254 time=296 ms
From 192.168.1.100: bytes=32 seq=2 ttl=254 time=31 ms
From 192.168.1.100: bytes=32 seq=3 ttl=254 time=31 ms
From 192.168.1.100: bytes=32 seq=4 ttl=254 time=15 ms
From 192.168.1.100: bytes=32 seq=5 ttl=254 time=15 ms

--- 192.168.1.100 ping statistics ---
  5 packet(s) transmitted
  5 packet(s) received
  0.00% packet loss
  round-trip min/avg/max = 15/77/296 ms

说明:

1. 本案例与产品型号无关,S/CE交换机也可以这样实现;

2. 除了本方法外还可以通过配置静态路由指定VPN实例的方式实现本地不同VPN实例互通。

END