评分并提供意见反馈 :
华为采用机器翻译与人工审校相结合的方式将此文档翻译成不同语言,希望能帮助您更容易理解此文档的内容。 请注意:即使是最好的机器翻译,其准确度也不及专业翻译人员的水平。 华为对于翻译的准确性不承担任何责任,并建议您参考英文文档(已提供链接)。
配置H-VPN示例
组网需求
如图2-59,CE1、CE2属于同一个VPN;CE1通过UPE接入,CE2通过NPE接入。UPE、SPE与NPE之间配置OSPF实现互通。由于目前网络设计大多采用传统分层结构,从核心层、汇聚层到接入层,各层设备的性能要求各不相同,因此可以部署HVPN。如果UPE设备希望获取明细路由已达到路由控制的目的,则可以部署HVPN中的H-VPN功能。
配置思路
通过配置HVPN,使多个PE承担不同的角色,并形成层次结构。其中HVPN中的H-VPN方案可以使SPE向UPE发送明细路由,这样UPE可以根据目的地址选择路由,实现对路由的精确控制。
本例配置主要思路是:
- 骨干网上配置IGP协议实现骨干网的IP连通性。
- 骨干网上配置MPLS基本能力和MPLS LDP,建立LDP LSP。
- UPE与SPE、NPE与SPE之间建立MP-IBGP对等体关系,交换VPN路由信息。
- UPE和NPE上创建VPN实例,并配置与CE间的路由,接入VPN用户。
- 在SPE上配置路由反射器,UPE作为SPE的客户,这样UPE可以接收到SPE反射的明细路由。
操作步骤
- 配置各接口所属VLAN,并配置VLANIF接口和Loopback接口IP地址,具体数据如图2-59所示
# 配置UPE。
<HUAWEI> system-view [HUAWEI] sysname UPE [UPE] interface loopback 1 [UPE-LoopBack1] ip address 1.1.1.9 32 [UPE-LoopBack1] quit [UPE] vlan batch 10 30 [UPE] interface gigabitethernet 1/0/0 [UPE-GigabitEthernet1/0/0] port link-type trunk [UPE-GigabitEthernet1/0/0] port trunk allow-pass vlan 30 [UPE-GigabitEthernet1/0/0] quit [UPE] interface gigabitethernet 2/0/0 [UPE-GigabitEthernet2/0/0] port link-type trunk [UPE-GigabitEthernet2/0/0] port trunk allow-pass vlan 10 [UPE-GigabitEthernet2/0/0] quit [UPE] interface vlanif 10 [UPE-Vlanif10] ip address 172.1.1.1 255.255.255.0 [UPE-Vlanif10] quit
SPE、NPE、CE1、CE2的配置与UPE类似(略)。
- 在骨干网设备上配置OSPF,实现骨干网的IP连通性
# 配置UPE。
[UPE] ospf 1 [UPE-ospf-1] area 0 [UPE-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0 [UPE-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255 [UPE-ospf-1-area-0.0.0.0] quit [UPE-ospf-1] quit
SPE、NPE的配置同UPE类似(略)。
- 在骨干网上配置MPLS基本能力和MPLS LDP,建立LDP LSP
# 配置UPE。
[UPE] mpls lsr-id 1.1.1.9 [UPE] mpls [UPE-mpls] quit [UPE] mpls ldp [UPE-mpls-ldp] quit [UPE] interface vlanif 10 [UPE-Vlanif10] mpls [UPE-Vlanif10] mpls ldp [UPE-Vlanif10] quit
SPE、NPE的配置同UPE类似(略)。
配置完成后,UPE与SPE、SPE与NPE之间应能建立LDP会话,执行display mpls ldp session命令可以看到显示结果中Status项为“Operational”。执行display mpls ldp lsp命令,可以看到LDP LSP的建立情况。
- 配置UPE与SPE、NPE与SPE的MP-IBGP对等体关系
# 配置UPE。
[UPE] bgp 100 [UPE-bgp] peer 2.2.2.9 as-number 100 [UPE-bgp] peer 2.2.2.9 connect-interface loopback 1 [UPE-bgp] ipv4-family vpnv4 [UPE-bgp-af-vpnv4] peer 2.2.2.9 enable [UPE-bgp-af-vpnv4] quit [UPE-bgp] quit
# 配置SPE。
[SPE] bgp 100 [SPE-bgp] peer 1.1.1.9 as-number 100 [SPE-bgp] peer 1.1.1.9 connect-interface loopback 1 [SPE-bgp] peer 3.3.3.9 as-number 100 [SPE-bgp] peer 3.3.3.9 connect-interface loopback 1 [SPE-bgp] ipv4-family vpnv4 [SPE-bgp-af-vpnv4] peer 1.1.1.9 enable [SPE-bgp-af-vpnv4] peer 3.3.3.9 enable [SPE-bgp-af-vpnv4] quit [SPE-bgp] quit
# 配置NPE。
[NPE] bgp 100 [NPE-bgp] peer 2.2.2.9 as-number 100 [NPE-bgp] peer 2.2.2.9 connect-interface loopback 1 [NPE-bgp] ipv4-family vpnv4 [NPE-bgp-af-vpnv4] peer 2.2.2.9 enable [NPE-bgp-af-vpnv4] quit [NPE-bgp] quit
- UPE和NPE上创建VPN实例,并与CE间配置EBGP
# 配置UPE。
[UPE] ip vpn-instance vpna [UPE-vpn-instance-vpna] ipv4-family [UPE-vpn-instance-vpna-af-ipv4] route-distinguisher 100:1 [UPE-vpn-instance-vpna-af-ipv4] vpn-target 1:1 [UPE-vpn-instance-vpna-af-ipv4] quit [UPE-vpn-instance-vpna] quit [UPE] interface vlanif 30 [UPE-Vlanif30] ip binding vpn-instance vpna [UPE-Vlanif30] ip address 10.1.1.2 24 [UPE-Vlanif30] quit [UPE] bgp 100 [UPE-bgp] ipv4-family vpn-instance vpna [UPE-bgp-vpna] peer 10.1.1.1 as-number 65410 [UPE-bgp-vpna] import-route direct [UPE-bgp-vpna] quit [UPE-bgp] quit
# 配置CE1。
[CE1] bgp 65410 [CE1-bgp] peer 10.1.1.2 as-number 100 [CE1-bgp] import-route direct [CE1-bgp] quit
# 配置NPE。
[NPE] ip vpn-instance vpna [NPE-vpn-instance-vpna] ipv4-family [NPE-vpn-instance-vpna-af-ipv4] route-distinguisher 100:2 [NPE-vpn-instance-vpna-af-ipv4] vpn-target 1:1 [NPE-vpn-instance-vpna-af-ipv4] quit [NPE-vpn-instance-vpna] quit [NPE] interface vlanif 40 [NPE-Vlanif40] ip binding vpn-instance vpna [NPE-Vlanif40] ip address 10.2.1.2 24 [NPE-Vlanif40] quit [NPE] bgp 100 [NPE-bgp] ipv4-family vpn-instance vpna [NPE-bgp-vpna] peer 10.2.1.1 as-number 65420 [NPE-bgp-vpna] import-route direct [NPE-bgp-vpna] quit [NPE-bgp] quit
# 配置CE2。
[CE2] bgp 65420 [CE2-bgp] peer 10.2.1.2 as-number 100 [CE2-bgp] import-route direct [CE2-bgp] quit
配置完成后,在UPE和NPE上执行display ip vpn-instance verbose命令可以看到VPN实例的配置情况。UPE和NPE能用ping -vpn-instance命令ping通自己接入的CE。
当PE上有多个绑定了同一个VPN的接口,则使用ping -vpn-instance命令ping对端PE接入的CE时,要指定源IP地址,即要指定ping -vpn-instance vpn-instance-name -a source-ip-address dest-ip-address命令中的参数-a source-ip-address,否则可能ping不通。
- SPE上配置路由反射器。
# 配置路由反射器。
[SPE] bgp 100 [SPE-bgp] ipv4-family vpnv4 [SPE-bgp-af-vpnv4] undo policy vpn-target [SPE-bgp-af-vpnv4] peer 1.1.1.9 reflect-client [SPE-bgp-af-vpnv4] peer 1.1.1.9 next-hop-local [SPE-bgp-af-vpnv4] quit [SPE-bgp] quit
- 检查配置结果
配置完成后,CE1和CE2可以收到对方的明细路由,且可以相互Ping通。
[CE1] display ip routing-table Route Flags: R - relay, D - download to fib ------------------------------------------------------------------------------ Routing Tables: Public Destinations : 5 Routes : 5 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/24 Direct 0 0 D 10.1.1.1 Vlanif30 10.1.1.1/32 Direct 0 0 D 127.0.0.1 Vlanif30 10.2.1.0/24 EBGP 255 0 D 10.1.1.2 Vlanif30 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0[CE1] ping 10.2.1.1 PING 10.2.1.1: 56 data bytes, press CTRL_C to break Reply from 10.2.1.1: bytes=56 Sequence=1 ttl=251 time=1 ms Reply from 10.2.1.1: bytes=56 Sequence=2 ttl=251 time=1 ms Reply from 10.2.1.1: bytes=56 Sequence=3 ttl=251 time=1 ms Reply from 10.2.1.1: bytes=56 Sequence=4 ttl=251 time=1 ms Reply from 10.2.1.1: bytes=56 Sequence=5 ttl=251 time=1 ms --- 10.2.1.1 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 1/1/1 ms[CE2] display ip routing-table Route Flags: R - relay, D - download to fib ------------------------------------------------------------------------------ Routing Tables: Public Destinations : 5 Routes : 5 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/24 EBGP 255 0 D 10.2.1.2 Vlanif40 10.2.1.0/24 Direct 0 0 D 10.2.1.1 Vlanif40 10.2.1.1/32 Direct 0 0 D 127.0.0.1 Vlanif40 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0在UPE上执行display bgp vpnv4 all routing-table命令,可以看到从SPE收到的明细路由。
[UPE] display bgp vpnv4 all routing-table BGP Local router ID is 172.1.1.1 Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Total number of routes from all PE: 4 Route Distinguisher: 100:1 Network NextHop MED LocPrf PrefVal Path/Ogn *> 10.1.1.0/24 0.0.0.0 0 0 ? * 10.1.1.1 0 0 65410? *> 10.1.1.2/32 0.0.0.0 0 0 ? Route Distinguisher: 100:2 Network NextHop MED LocPrf PrefVal Path/Ogn *>i 10.2.1.0/24 2.2.2.9 0 100 0 ? VPN-Instance vpna, Router ID 172.1.1.1: Total Number of Routes: 4 Network NextHop MED LocPrf PrefVal Path/Ogn *> 10.1.1.0/24 0.0.0.0 0 0 ? 10.1.1.1 0 0 65410? *> 10.1.1.2/32 0.0.0.0 0 0 ? *>i 10.2.1.0/24 2.2.2.9 0 100 0 ?
配置文件
CE1的配置文件
# sysname CE1 # vlan batch 30 # interface Vlanif30 ip address 10.1.1.1 255.255.255.0 # interface GigabitEthernet1/0/0 port link-type trunk port trunk allow-pass vlan 30 # bgp 65410 peer 10.1.1.2 as-number 100 # ipv4-family unicast undo synchronization import-route direct peer 10.1.1.2 enable # return
UPE的配置文件
# sysname UPE # vlan batch 10 30 # ip vpn-instance vpna ipv4-family route-distinguisher 100:1 vpn-target 1:1 export-extcommunity vpn-target 1:1 import-extcommunity # mpls lsr-id 1.1.1.9 mpls # mpls ldp # interface Vlanif10 ip address 172.1.1.1 255.255.255.0 mpls mpls ldp # interface Vlanif30 ip binding vpn-instance vpna ip address 10.1.1.2 255.255.255.0 # interface GigabitEthernet1/0/0 port link-type trunk port trunk allow-pass vlan 30 # interface GigabitEthernet2/0/0 port link-type trunk port trunk allow-pass vlan 10 # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # bgp 100 peer 2.2.2.9 as-number 100 peer 2.2.2.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 2.2.2.9 enable # ipv4-family vpnv4 policy vpn-target peer 2.2.2.9 enable # ipv4-family vpn-instance vpna import-route direct peer 10.1.1.1 as-number 65410 # ospf 1 area 0.0.0.0 network 1.1.1.9 0.0.0.0 network 172.1.1.0 0.0.0.255 # return
SPE的配置文件
# sysname SPE # vlan batch 10 20 # mpls lsr-id 2.2.2.9 mpls # mpls ldp # interface Vlanif10 ip address 172.1.1.2 255.255.255.0 mpls mpls ldp # interface Vlanif20 ip address 172.2.1.1 255.255.255.0 mpls mpls ldp # interface GigabitEthernet1/0/0 port link-type trunk port trunk allow-pass vlan 10 # interface GigabitEthernet2/0/0 port link-type trunk port trunk allow-pass vlan 20 # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # bgp 100 peer 1.1.1.9 as-number 100 peer 1.1.1.9 connect-interface LoopBack1 peer 3.3.3.9 as-number 100 peer 3.3.3.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 1.1.1.9 enable peer 3.3.3.9 enable # ipv4-family vpnv4 undo policy vpn-target peer 1.1.1.9 enable peer 1.1.1.9 reflect-client peer 1.1.1.9 next-hop-local peer 3.3.3.9 enable # ospf 1 area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 172.1.1.0 0.0.0.255 network 172.2.1.0 0.0.0.255 # return
NPE的配置文件
# sysname NPE # vlan batch 20 40 # ip vpn-instance vpna ipv4-family route-distinguisher 100:2 vpn-target 1:1 export-extcommunity vpn-target 1:1 import-extcommunity # mpls lsr-id 3.3.3.9 mpls # mpls ldp # interface Vlanif20 ip address 172.2.1.2 255.255.255.0 mpls mpls ldp # interface Vlanif40 ip binding vpn-instance vpna ip address 10.2.1.2 255.255.255.0 # interface GigabitEthernet1/0/0 port link-type trunk port trunk allow-pass vlan 40 # interface GigabitEthernet2/0/0 port link-type trunk port trunk allow-pass vlan 20 # interface LoopBack1 ip address 3.3.3.9 255.255.255.255 # bgp 100 peer 2.2.2.9 as-number 100 peer 2.2.2.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 2.2.2.9 enable # ipv4-family vpnv4 policy vpn-target peer 2.2.2.9 enable # ipv4-family vpn-instance vpna import-route direct peer 10.2.1.1 as-number 65420 # ospf 1 area 0.0.0.0 network 3.3.3.9 0.0.0.0 network 172.2.1.0 0.0.0.255 # return
CE2的配置文件
# sysname CE2 # vlan batch 40 # interface Vlanif40 ip address 10.2.1.1 255.255.255.0 # interface GigabitEthernet1/0/0 port link-type trunk port trunk allow-pass vlan 40 # bgp 65420 peer 10.2.1.2 as-number 100 # ipv4-family unicast undo synchronization import-route direct peer 10.2.1.2 enable # return
