配置MCE示例

S12700 V200R010C00 配置指南-VPN

本文档针对VPN特性，从配置过程和配置举例两方面对特性进行介绍。

评分并提供意见反馈 :

华为采用机器翻译与人工审校相结合的方式将此文档翻译成不同语言，希望能帮助您更容易理解此文档的内容。请注意：即使是最好的机器翻译，其准确度也不及专业翻译人员的水平。华为对于翻译的准确性不承担任何责任，并建议您参考英文文档（已提供链接）。

配置MCE示例

组网需求

某公司需要通过MPLS VPN实现总部和分支间的互通，同时需要隔离两种不同的业务。为节省开支，希望分支通过一台CE设备接入PE。

如图2-57所示，按如下组网：

CE1、CE2连接企业总部，CE1属于vpna，CE2属于vpnb
MCE连接企业分支，通过SwitchA和SwitchB分别连接vpna和vpnb

要求属于相同VPN的用户之间能互相访问，但不同VPN的用户之间不能互相访问，从而实现不同业务间隔离。

图2-57 MCE示例组网图

配置思路

本例配置主要思路是：

PE与PE间配置OSPF协议，实现PE之间的互通；配置MP-IBGP交换VPN路由信息。
PE上配置MPLS基本能力和MPLS LDP，建立LDP LSP。
PE和MCE上创建不同的VPN实例（vpna和vpnb），实现不同VPN间的业务隔离。
PE1与相连的CE之间建立EBGP对等体，引入VPN路由表中。
MCE与Site、MCE与PE2之间配置路由，引入VPN路由信息。

操作步骤

配置各接口所属VLAN，并配置VLANIF接口和Loopback接口IP地址，具体数据如图2-57所示

# 配置PE1。

<HUAWEI> system-view
[HUAWEI] sysname PE1
[PE1] interface loopback 1
[PE1-LoopBack1] ip address 1.1.1.9 32
[PE1-LoopBack1] quit
[PE1] vlan batch 30
[PE1] interface gigabitethernet 3/0/0
[PE1-GigabitEthernet3/0/0] port link-type trunk
[PE1-GigabitEthernet3/0/0] port trunk allow-pass vlan 30
[PE1-GigabitEthernet3/0/0] quit
[PE1] interface vlanif 30
[PE1-Vlanif30] ip address 172.1.1.1 24
[PE1-Vlanif30] quit

# 配置PE2。

<HUAWEI> system-view
[HUAWEI] sysname PE2
[PE2] interface loopback 1
[PE2-LoopBack1] ip address 2.2.2.9 32
[PE2-LoopBack1] quit
[PE2] vlan batch 30
[PE2] interface gigabitethernet 1/0/0
[PE2-GigabitEthernet1/0/0] port link-type trunk
[PE2-GigabitEthernet1/0/0] port trunk allow-pass vlan 30
[PE2-GigabitEthernet1/0/0] quit
[PE2] interface vlanif 30
[PE2-Vlanif30] ip address 172.1.1.2 24
[PE2-Vlanif30] quit

# 配置CE1。CE2、SwitchA和SwitchB的配置与CE1类似，此处不再赘述。

<HUAWEI> system-view
[HUAWEI] sysname CE1
[CE1] vlan batch 10
[CE1] interface gigabitethernet 1/0/0
[CE1-GigabitEthernet1/0/0] port link-type trunk
[CE1-GigabitEthernet1/0/0] port trunk allow-pass vlan 10
[CE1-GigabitEthernet1/0/0] quit
[CE1] interface vlanif 10
[CE1-Vlanif10] ip address 10.1.1.1 24
[CE1-Vlanif10] quit

在骨干网的PE上配置OSPF协议，实现PE之间的互通

# 配置PE1。

[PE1] ospf
[PE1-ospf-1] area 0
[PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0
[PE1-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255
[PE1-ospf-1-area-0.0.0.0] quit
[PE1-ospf-1] quit

# 配置PE2。

[PE2] ospf
[PE2-ospf-1] area 0
[PE2-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0
[PE2-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255
[PE2-ospf-1-area-0.0.0.0] quit
[PE2-ospf-1] quit

完成此步配置后，PE之间应能互相学习到对方的Loopback1的地址。

以PE2为例：

[PE2] display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
         Destinations : 6        Routes : 6

  Destination/Mask  Proto  Pre  Cost       Flags  NextHop         Interface

        1.1.1.9/32  OSPF   10   1              D  172.1.1.1        Vlanif30
        2.2.2.9/32  Direct 0    0              D  127.0.0.1        LoopBack1
      127.0.0.0/8   Direct 0    0              D  127.0.0.1        InLoopBack0
      127.0.0.1/32  Direct 0    0              D  127.0.0.1        InLoopBack0
      172.1.1.0/24  Direct 0    0              D  172.1.1.2        Vlanif30
      172.1.1.2/32  Direct 0    0              D  127.0.0.1        Vlanif30

在骨干网的PE上配置MPLS基本能力和MPLS LDP，PE之间建立LDP LSP

# 配置PE1。

[PE1] mpls lsr-id 1.1.1.9
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1] interface vlanif 30
[PE1-Vlanif30] mpls
[PE1-Vlanif30] mpls ldp
[PE1-Vlanif30] quit

# 配置PE2。

[PE2] mpls lsr-id 2.2.2.9
[PE2] mpls
[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit
[PE2] interface vlanif 30
[PE2-Vlanif30] mpls
[PE2-Vlanif30] mpls ldp
[PE2-Vlanif30] quit

完成此步配置后，在PE上执行命令display mpls ldp session，应能看见PE之间的MPLS LDP会话状态为“Operational”。

以PE2为例：

[PE2] display mpls ldp session

 LDP Session(s) in Public Network
 Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM)
 A '*' before a session means the session is being deleted.
------------------------------------------------------------------------------
PeerID             Status      LAM  SsnRole  SsnAge      KASent/Rcv
------------------------------------------------------------------------------
1.1.1.9:0          Operational DU   Active   0000:00:04  17/17
------------------------------------------------------------------------------
 TOTAL: 1 session(s) Found.

在PE设备上配置VPN实例，将CE1、CE2接入PE1，将MCE接入PE2

# 配置PE1。

[PE1] vlan batch 10 20
[PE1] interface gigabitethernet 1/0/0
[PE1-GigabitEthernet1/0/0] port link-type trunk
[PE1-GigabitEthernet1/0/0] port trunk allow-pass vlan 10
[PE1-GigabitEthernet1/0/0] quit
[PE1] interface gigabitethernet 2/0/0
[PE1-GigabitEthernet2/0/0] port link-type trunk
[PE1-GigabitEthernet2/0/0] port trunk allow-pass vlan 20
[PE1-GigabitEthernet2/0/0] quit
[PE1] ip vpn-instance vpna
[PE1-vpn-instance-vpna] ipv4-family
[PE1-vpn-instance-vpna-af-ipv4] route-distinguisher 100:1
[PE1-vpn-instance-vpna-af-ipv4] vpn-target 111:1 both
[PE1-vpn-instance-vpna-af-ipv4] quit
[PE1-vpn-instance-vpna] quit
[PE1] ip vpn-instance vpnb
[PE1-vpn-instance-vpnb] ipv4-family
[PE1-vpn-instance-vpnb-af-ipv4] route-distinguisher 100:2
[PE1-vpn-instance-vpnb-af-ipv4] vpn-target 222:2 both
[PE1-vpn-instance-vpnb-af-ipv4] quit
[PE1-vpn-instance-vpnb] quit
[PE1] interface vlanif 10
[PE1-Vlanif10] ip binding vpn-instance vpna
[PE1-Vlanif10] ip address 10.1.1.2 24
[PE1-Vlanif10] quit
[PE1] interface vlanif 20
[PE1-Vlanif20] ip binding vpn-instance vpnb
[PE1-Vlanif20] ip address 10.2.1.2 24
[PE1-Vlanif20] quit

# 配置PE2。

[PE2] vlan batch 100 200
[PE2] interface gigabitethernet 2/0/0
[PE2-GigabitEthernet2/0/0] port link-type trunk
[PE2-GigabitEthernet2/0/0] port trunk allow-pass vlan 100 200
[PE2-GigabitEthernet2/0/0] quit
[PE2] ip vpn-instance vpna
[PE2-vpn-instance-vpna] ipv4-family
[PE2-vpn-instance-vpna-af-ipv4] route-distinguisher 200:1
[PE2-vpn-instance-vpna-af-ipv4] vpn-target 111:1 both
[PE2-vpn-instance-vpna-af-ipv4] quit
[PE2-vpn-instance-vpna] quit
[PE2] ip vpn-instance vpnb
[PE2-vpn-instance-vpnb] ipv4-family
[PE2-vpn-instance-vpnb-af-ipv4] route-distinguisher 200:2
[PE2-vpn-instance-vpnb-af-ipv4] vpn-target 222:2 both
[PE2-vpn-instance-vpnb-af-ipv4] quit
[PE2-vpn-instance-vpnb] quit
[PE2] interface vlanif 100
[PE2-Vlanif100] ip binding vpn-instance vpna
[PE2-Vlanif100] ip address 10.5.1.1 24
[PE2-Vlanif100] quit
[PE2] interface vlanif 200
[PE2-Vlanif200] ip binding vpn-instance vpnb
[PE2-Vlanif200] ip address 10.6.1.1 24
[PE2-Vlanif200] quit

在MCE设备上配置VPN实例，将SwitchA、SwitchB接入MCE

# 配置MCE。

<HUAWEI> system-view
[HUAWEI] sysname MCE
[MCE] vlan batch 60 70 100 200
[MCE] interface gigabitethernet 1/0/0
[MCE-GigabitEthernet1/0/0] port link-type trunk
[MCE-GigabitEthernet1/0/0] port trunk allow-pass vlan 100 200
[MCE-GigabitEthernet1/0/0] quit
[MCE] interface gigabitethernet 3/0/0
[MCE-GigabitEthernet3/0/0] port link-type trunk
[MCE-GigabitEthernet3/0/0] port trunk allow-pass vlan 60
[MCE-GigabitEthernet3/0/0] quit
[MCE] interface gigabitethernet 4/0/0
[MCE-GigabitEthernet4/0/0] port link-type trunk
[MCE-GigabitEthernet4/0/0] port trunk allow-pass vlan 70
[MCE-GigabitEthernet4/0/0] quit
[MCE] ip vpn-instance vpna
[MCE-vpn-instance-vpna] ipv4-family
[MCE-vpn-instance-vpna-af-ipv4] route-distinguisher 100:1
[MCE-vpn-instance-vpna-af-ipv4] quit
[MCE-vpn-instance-vpna] quit
[MCE] ip vpn-instance vpnb
[MCE-vpn-instance-vpnb] ipv4-family
[MCE-vpn-instance-vpnb-af-ipv4] route-distinguisher 100:2
[MCE-vpn-instance-vpnb-af-ipv4] quit
[MCE-vpn-instance-vpnb] quit
[MCE] interface vlanif 60
[MCE-Vlanif60] ip binding vpn-instance vpna
[MCE-Vlanif60] ip address 10.3.1.2 24
[MCE-Vlanif60] quit
[MCE] interface vlanif 70
[MCE-Vlanif70] ip binding vpn-instance vpnb
[MCE-Vlanif70] ip address 10.4.1.2 24
[MCE-Vlanif70] quit
[MCE] interface vlanif 100
[MCE-Vlanif100] ip binding vpn-instance vpna
[MCE-Vlanif100] ip address 10.5.1.2 24
[MCE-Vlanif100] quit
[MCE] interface vlanif 200
[MCE-Vlanif200] ip binding vpn-instance vpnb
[MCE-Vlanif200] ip address 10.6.1.2 24
[MCE-Vlanif200] quit

在PE之间建立MP-IBGP对等体，在PE1与CE1及PE1与CE2之间建立EBGP对等体

# 配置PE1。PE2的配置与PE1类似，此处不再赘述。

[PE1] bgp 100
[PE1-bgp] peer 2.2.2.9 as-number 100
[PE1-bgp] peer 2.2.2.9 connect-interface loopback 1
[PE1-bgp] ipv4-family vpnv4
[PE1-bgp-af-vpnv4] peer 2.2.2.9 enable
[PE1-bgp-af-vpnv4] quit
[PE1-bgp] ipv4-family vpn-instance vpna
[PE1-bgp-vpna] peer 10.1.1.1 as-number 65410
[PE1-bgp-vpna] import-route direct
[PE1-bgp-vpna] quit
[PE1-bgp] ipv4-family vpn-instance vpnb
[PE1-bgp-vpnb] peer 10.2.1.1 as-number 65420
[PE1-bgp-vpnb] import-route direct
[PE1-bgp-vpnb] quit
[PE1-bgp] quit

# 配置CE1。CE2的配置与CE1类似，此处不再赘述。

[CE1] bgp 65410
[CE1-bgp] peer 10.1.1.2 as-number 100
[CE1-bgp] import-route direct
[CE1-bgp] quit

完成此步配置后，在PE1上执行命令display bgp vpnv4 all peer可以看见PE1与PE2的IBGP对等体关系及PE1与CE1、CE2之间建立EBGP对等体关系均为“Established”。

[PE1] display bgp vpnv4 all peer

 BGP local router ID : 1.1.1.9
 Local AS number : 100
 Total number of peers : 3		  Peers in established state : 3

  Peer            V          AS  MsgRcvd  MsgSent  OutQ  Up/Down       State PrefRcv

  2.2.2.9         4         100        2        8     0 00:00:29 Established       0

  Peer of IPv4-family for vpn instance :

 VPN-Instance vpna, Router ID 1.1.1.9:
  10.1.1.1        4       65410        4        5     0 00:00:28 Established       2

 VPN-Instance vpnb, Router ID 1.1.1.9:
  10.2.1.1        4       65420        4        5     0 00:00:28 Established       2

在MCE与Site间配置路由

MCE与vpna直接相连，且vpna内未使用路由协议，因此可以使用静态路由进行配置。

配置SwitchA

SwitchA连接vpna接口地址为192.168.1.1/24，此配置过程略。

[SwitchA] vlan batch 60
[SwitchA] interface gigabitethernet 1/0/0
[SwitchA-GigabitEthernet1/0/0] port link-type trunk
[SwitchA-GigabitEthernet1/0/0] port trunk allow-pass vlan 60
[SwitchA-GigabitEthernet1/0/0] quit
[SwitchA] interface vlanif 60
[SwitchA-Vlanif60] ip address 10.3.1.1 24
[SwitchA-Vlanif60] quit
[SwitchA] ip route-static 0.0.0.0 0.0.0.0 10.3.1.2

配置MCE

[MCE] ip route-static vpn-instance vpna 192.168.1.0 24 10.3.1.1

显示MCE上为vpna实例维护的路由信息。

[MCE] display ip routing-table vpn-instance vpna
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: vpna
         Destinations : 5        Routes : 5

Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

       10.3.1.0/24  Direct  0    0           D   10.3.1.2        Vlanif60
       10.3.1.2/32  Direct  0    0           D   127.0.0.1       Vlanif60
       10.5.1.0/24  Direct  0    0           D   10.5.1.2        Vlanif100
       10.5.1.2/32  Direct  0    0           D   127.0.0.1       Vlanif100
    192.168.1.0/24  Static  60   0          RD   10.3.1.1        Vlanif60

可以看到，已经在MCE上为vpna指定了静态路由。

vpnb内运行RIP，在MCE上配置RIP进程200，并与vpnb实例绑定，以便将vpnb内的路由学习到vpnb实例的路由表中。

配置MCE

[MCE] rip 200 vpn-instance vpnb
[MCE-rip-200] version 2
[MCE-rip-200] network 10.0.0.0
[MCE-rip-200] import-route ospf 200
[MCE-rip-200] quit

配置SwitchB

SwitchB连接vpnb接口地址为192.168.2.1/24，此配置过程略。

[SwitchB] vlan batch 70
[SwitchB] interface gigabitethernet 1/0/0
[SwitchB-GigabitEthernet1/0/0] port link-type trunk
[SwitchB-GigabitEthernet1/0/0] port trunk allow-pass vlan 70
[SwitchB-GigabitEthernet1/0/0] quit
[SwitchB] interface vlanif 70
[SwitchB-Vlanif70] ip address 10.4.1.1 24
[SwitchB-Vlanif70] quit
[SwitchB] rip 200
[SwitchB-rip-200] version 2
[SwitchB-rip-200] network 10.0.0.0
[SwitchB-rip-200] network 192.168.2.0
[SwitchB-rip-200] quit

显示MCE上为vpnb实例维护的路由信息。

[MCE] display ip routing-table vpn-instance vpnb
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: vpnb
         Destinations : 5        Routes : 5

Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

       10.4.1.0/24  Direct  0    0           D   10.4.1.2        Vlanif70
       10.4.1.2/32  Direct  0    0           D   127.0.0.1       Vlanif70
       10.6.1.0/24  Direct  0    0           D   10.6.1.2        Vlanif200
       10.6.1.2/32  Direct  0    0           D   127.0.0.1       Vlanif200
    192.168.2.0/24  RIP     100  1           D   10.4.1.1        Vlanif70

可以看到，MCE已经通过RIP学习到了vpnb内的私网路由，并与vpna内的192.168.1.0路由信息分别维护在两个路由表内，有效进行了隔离。

在MCE和PE2之间配置OSPF多实例

# 配置PE2。

MCE与PE2之间配置OSPF多实例时，PE2上需进行以下配置：

在PE2的OSPF视图下引入BGP路由，发布PE1的私网路由给MCE；
在PE2的BGP视图下引入该OSPF进程，发布MCE的私网路由信息给PE1上。

[PE2] ospf 100 vpn-instance vpna
[PE2-ospf-100] import-route bgp
[PE2-ospf-100] area 0
[PE2-ospf-100-area-0.0.0.0] network 10.5.1.0 0.0.0.255
[PE2-ospf-100-area-0.0.0.0] quit
[PE2-ospf-100] quit
[PE2] ospf 200 vpn-instance vpnb
[PE2-ospf-200] import-route bgp
[PE2-ospf-200] area 0
[PE2-ospf-200-area-0.0.0.0] network 10.6.1.0 0.0.0.255
[PE2-ospf-200-area-0.0.0.0] quit
[PE2-ospf-200] quit
[PE2] bgp 100
[PE2-bgp] ipv4-family vpn-instance vpna
[PE2-bgp-vpna] import-route ospf 100
[PE2-bgp-vpna] quit
[PE2-bgp] ipv4-family vpn-instance vpnb
[PE2-bgp-vpnb] import-route ospf 200
[PE2-bgp-vpnb] quit

# 配置MCE。

MCE上需要将私网路由引入到OSPF进程中。

[MCE] ospf 100 vpn-instance vpna
[MCE-ospf-100] import-route static
[MCE-ospf-100] vpn-instance-capability simple
[MCE-ospf-100] area 0
[MCE-ospf-100-area-0.0.0.0] network 10.3.1.0 0.0.0.255
[MCE-ospf-100-area-0.0.0.0] network 10.5.1.0 0.0.0.255
[MCE-ospf-100-area-0.0.0.0] quit
[MCE-ospf-100] quit
[MCE] ospf 200 vpn-instance vpnb
[MCE-ospf-200] import-route rip 200
[MCE-ospf-200] vpn-instance-capability simple
[MCE-ospf-200] area 0
[MCE-ospf-200-area-0.0.0.0] network 10.4.1.0 0.0.0.255
[MCE-ospf-200-area-0.0.0.0] network 10.6.1.0 0.0.0.255
[MCE-ospf-200-area-0.0.0.0] quit
[MCE-ospf-200] quit

检查配置结果

完成上述配置后，在MCE设备上执行命令display ip routing-table vpn-instance命令，可以看到去往对端CE的路由。以vpna为例：

[MCE] display ip routing-table vpn-instance vpna
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: vpna
         Destinations : 6        Routes : 6

Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

       10.1.1.0/24  O_ASE   150  1           D   10.5.1.1        Vlanif100
       10.3.1.0/24  Direct  0    0           D   10.3.1.2        Vlanif60
       10.3.1.2/32  Direct  0    0           D   127.0.0.1       Vlanif60
       10.5.1.0/24  Direct  0    0           D   10.5.1.2        Vlanif100
       10.5.1.2/32  Direct  0    0           D   127.0.0.1       Vlanif100
    192.168.1.0/24  Static  60   0          RD   10.3.1.1        Vlanif60

在PE上执行display ip routing-table vpn-instance命令，可以看到去往对端CE的路由。以PE1上的vpna为例：

[PE1] display ip routing-table vpn-instance vpna
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: vpna
         Destinations : 5        Routes : 5

Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

       10.1.1.0/24  Direct  0    0           D   10.1.1.2        Vlanif10
       10.1.1.2/32  Direct  0    0           D   127.0.0.1       Vlanif10
       10.3.1.0/24  IBGP    255  3          RD   2.2.2.9         Vlanif30
       10.5.1.0/24  IBGP    255  0          RD   2.2.2.9         Vlanif30
    192.168.1.0/24  IBGP    255  2          RD   2.2.2.9         Vlanif30

CE1、SwitchA之间可以互通，CE2、SwitchB之间可以互通。以CE1为例：

[CE1] ping 10.3.1.1
  PING 10.3.1.1: 56 data bytes, press CTRL_C to break
    Reply from 10.3.1.1: bytes=56 Sequence=1 ttl=252 time=3 ms
    Reply from 10.3.1.1: bytes=56 Sequence=2 ttl=252 time=3 ms
    Reply from 10.3.1.1: bytes=56 Sequence=3 ttl=252 time=3 ms
    Reply from 10.3.1.1: bytes=56 Sequence=4 ttl=252 time=3 ms
    Reply from 10.3.1.1: bytes=56 Sequence=5 ttl=252 time=11 ms

  --- 10.3.1.1 ping statistics ---
    5 packet(s) transmitted
    5 packet(s) received
    0.00% packet loss
    round-trip min/avg/max = 3/4/11 ms

CE1不能与CE2和SwitchB互通，SwitchA也不能与CE2和SwitchB互通。以CE1上ping SwitchB的显示为例。

[CE1] ping 10.4.1.1
  PING 10.4.1.1: 56  data bytes, press CTRL_C to break
    Request time out
    Request time out
    Request time out
    Request time out
    Request time out

  --- 10.4.1.1 ping statistics ---
    5 packet(s) transmitted
    0 packet(s) received
    100.00% packet loss

配置文件

CE1的配置文件

#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
 ip address 10.1.1.1 255.255.255.0
#
interface GigabitEthernet1/0/0
 port link-type trunk
 port trunk allow-pass vlan 10
#
bgp 65410
 peer 10.1.1.2 as-number 100
 #
 ipv4-family unicast
  undo synchronization
  import-route direct
  peer 10.1.1.2 enable
#
return

CE2的配置文件

#
sysname CE2
#
vlan batch 20
#
interface Vlanif20
 ip address 10.2.1.1 255.255.255.0
#
interface GigabitEthernet1/0/0
 port link-type trunk
 port trunk allow-pass vlan 20
#
bgp 65420
 peer 10.2.1.2 as-number 100
 #
 ipv4-family unicast
  undo synchronization
  import-route direct
  peer 10.2.1.2 enable
#
return

PE1的配置文件

#
sysname PE1
#
vlan batch 10 20 30
#
ip vpn-instance vpna
 ipv4-family
  route-distinguisher 100:1
  vpn-target 111:1 export-extcommunity
  vpn-target 111:1 import-extcommunity
#
ip vpn-instance vpnb
 ipv4-family
  route-distinguisher 100:2
  vpn-target 222:2 export-extcommunity
  vpn-target 222:2 import-extcommunity
#
mpls lsr-id 1.1.1.9
mpls
#
mpls ldp
#
interface Vlanif10
 ip binding vpn-instance vpna
 ip address 10.1.1.2 255.255.255.0
#
interface Vlanif20
 ip binding vpn-instance vpnb
 ip address 10.2.1.2 255.255.255.0
#
interface Vlanif30
 ip address 172.1.1.1 255.255.255.0
 mpls
 mpls ldp
#
interface GigabitEthernet1/0/0
 port link-type trunk
 port trunk allow-pass vlan 10
#
interface GigabitEthernet2/0/0
 port link-type trunk
 port trunk allow-pass vlan 20
#
interface GigabitEthernet3/0/0
 port link-type trunk
 port trunk allow-pass vlan 30
#
interface LoopBack1
 ip address 1.1.1.9 255.255.255.255
#
bgp 100
 peer 2.2.2.9 as-number 100
 peer 2.2.2.9 connect-interface LoopBack1
 #
 ipv4-family unicast
  undo synchronization
  peer 2.2.2.9 enable
 #
 ipv4-family vpnv4
  policy vpn-target
  peer 2.2.2.9 enable
 #
 ipv4-family vpn-instance vpna
  import-route direct
  peer 10.1.1.1 as-number 65410
 #
 ipv4-family vpn-instance vpnb
  import-route direct
  peer 10.2.1.1 as-number 65420
#
ospf 1
 area 0.0.0.0
  network 1.1.1.9 0.0.0.0
  network 172.1.1.0 0.0.0.255
#
return

PE2的配置文件

#
sysname PE2
#
vlan batch 30 100 200
#
ip vpn-instance vpna
 ipv4-family
  route-distinguisher 200:1
  vpn-target 111:1 export-extcommunity
  vpn-target 111:1 import-extcommunity
#
ip vpn-instance vpnb
 ipv4-family
  route-distinguisher 200:2
  vpn-target 222:2 export-extcommunity
  vpn-target 222:2 import-extcommunity
#
mpls lsr-id 2.2.2.9
mpls
#
mpls ldp
#
interface Vlanif30
 ip address 172.1.1.2 255.255.255.0
 mpls
 mpls ldp
#
interface Vlanif100
 ip binding vpn-instance vpna
 ip address 10.5.1.1 255.255.255.0
#
interface Vlanif200
 ip binding vpn-instance vpnb
 ip address 10.6.1.1 255.255.255.0
#
interface GigabitEthernet1/0/0
 port link-type trunk
 port trunk allow-pass vlan 30
#
interface GigabitEthernet2/0/0
 port link-type trunk
 port trunk allow-pass vlan 100 200
#
interface LoopBack1
 ip address 2.2.2.9 255.255.255.255
#
bgp 100
 peer 1.1.1.9 as-number 100
 peer 1.1.1.9 connect-interface LoopBack1
 #
 ipv4-family unicast
  undo synchronization
  peer 1.1.1.9 enable
 #
 ipv4-family vpnv4
  policy vpn-target
  peer 1.1.1.9 enable
 #
 ipv4-family vpn-instance vpna
  import-route ospf 100
 #
 ipv4-family vpn-instance vpnb
  import-route ospf 200
#
ospf 1
 area 0.0.0.0
  network 2.2.2.9 0.0.0.0
  network 172.1.1.0 0.0.0.255
#
ospf 100 vpn-instance vpna
 import-route bgp
 area 0.0.0.0
  network 10.5.1.0 0.0.0.255
#
ospf 200 vpn-instance vpnb
 import-route bgp
 area 0.0.0.0
  network 10.6.1.0 0.0.0.255
#
return

MCE的配置文件

#
sysname MCE
#
vlan batch 60 70 100 200
#
ip vpn-instance vpna
 ipv4-family
  route-distinguisher 100:1
#
ip vpn-instance vpnb
 ipv4-family
  route-distinguisher 100:2
#
interface Vlanif60
 ip binding vpn-instance vpna
 ip address 10.3.1.2 255.255.255.0
#
interface Vlanif70
 ip binding vpn-instance vpnb
 ip address 10.4.1.2 255.255.255.0
#
interface Vlanif100
 ip binding vpn-instance vpna
 ip address 10.5.1.2 255.255.255.0
#
interface Vlanif200
 ip binding vpn-instance vpnb
 ip address 10.6.1.2 255.255.255.0
#
interface GigabitEthernet1/0/0
 port link-type trunk
 port trunk allow-pass vlan 100 200
#
interface GigabitEthernet3/0/0
 port link-type trunk
 port trunk allow-pass vlan 60
#
interface GigabitEthernet4/0/0
 port link-type trunk
 port trunk allow-pass vlan 70
#
ospf 100 vpn-instance vpna
 import-route static
 vpn-instance-capability simple
 area 0.0.0.0
  network 10.3.1.0 0.0.0.255
  network 10.5.1.0 0.0.0.255
#
ospf 200 vpn-instance vpnb
 import-route rip 200
 vpn-instance-capability simple
 area 0.0.0.0
  network 10.4.1.0 0.0.0.255
  network 10.6.1.0 0.0.0.255
#
rip 200 vpn-instance vpnb
 version 2
 network 10.0.0.0
 import-route ospf 200
#
ip route-static vpn-instance vpna 192.168.1.0 255.255.255.0 10.3.1.1
#
return

SwitchA的配置文件

#
sysname SwitchA
#
vlan batch 10 60
#
interface Vlanif10
 ip address 192.168.1.1 255.255.255.0
#
interface Vlanif60
 ip address 10.3.1.1 255.255.255.0
#
interface GigabitEthernet1/0/0
 port link-type trunk
 port trunk allow-pass vlan 60
#
interface GigabitEthernet2/0/0
 port link-type trunk
 port trunk allow-pass vlan 10
#
ip route-static 0.0.0.0 0.0.0.0 10.3.1.2
#
return

SwitchB的配置文件

#
sysname SwitchB
#
vlan batch 10 70
#
interface Vlanif10
 ip address 192.168.2.1 255.255.255.0
#
interface Vlanif70
 ip address 10.4.1.1 255.255.255.0
#
interface GigabitEthernet1/0/0
 port link-type trunk
 port trunk allow-pass vlan 70
#
interface GigabitEthernet2/0/0
 port link-type trunk
 port trunk allow-pass vlan 10
#
rip 200
 version 2
 network 10.0.0.0
 network 192.168.2.0
#
return

翻译

English

下载文档

更新时间：2021-09-28

文档编号：EDOC1000141378

浏览量：88654

下载量：555

平均得分:

本文档适用于这些产品

数字签名

数字签名验证工具

本文档针对VPN特性，从配置过程和配置举例两方面对特性进行介绍。

组网需求

配置思路

操作步骤

配置文件

相关版本

相关文档

数字签名