评分并提供意见反馈 :
华为采用机器翻译与人工审校相结合的方式将此文档翻译成不同语言,希望能帮助您更容易理解此文档的内容。 请注意:即使是最好的机器翻译,其准确度也不及专业翻译人员的水平。 华为对于翻译的准确性不承担任何责任,并建议您参考英文文档(已提供链接)。
配置同一设备上地址重叠示例
本举例介绍同一设备上地址重叠的配置过程。
组网需求
如图9-6,NetworkA和NetworkB是两个相互独立的网络,各自有途径连接Internet。它们通过ISP1由一个公共机构的二层网络实现本地流量互访。
要求ISP1通过一台路由设备DeviceB,使用同一网段的两个地址192.168.1.11/24和192.168.1.12/24分别将NetworkA和NetworkB上连到二层网络。
操作步骤
- 配置VPN-Instance
# 在DeviceB上为NetworkA创建VPN-Instance,并绑定上行接口GigabitEthernet0/1/0和下行GigabitEthernet0/2/0。
<HUAWEI> system-view[~HUAWEI] sysname DeviceB
[*HUAWEI] commit
[~DeviceB] ip vpn-instance r1
[*DeviceB-vpn-instance-r1] route-distinguisher 100:1
[*DeviceB-vpn-instance-r1] quit
[*DeviceB] interface gigabitethernet 0/1/0
[*DeviceB-GigabitEthernet0/1/0] ip binding vpn-instance r1
[*DeviceB-GigabitEthernet0/1/0] ip address 192.168.1.11 24
[*DeviceB-GigabitEthernet0/1/0] undo shutdown
[*DeviceB-GigabitEthernet0/1/0] quit
[*DeviceB] interface GigabitEthernet 0/2/0
[*DeviceB-GigabitEthernet0/2/0] ip binding vpn-instance r1
[*DeviceB-GigabitEthernet0/2/0] ip address 10.1.1.1 24
[*DeviceB-GigabitEthernet0/2/0] undo shutdown
[*DeviceB-GigabitEthernet0/2/0] quit
# 在DeviceB上为NetworkB创建VPN-Instance,并绑定上行接口GigabitEthernet0/3/0和下行GigabitEthernet0/4/0。
[*DeviceB] ip vpn-instance r2
[*DeviceB-vpn-instance-r2] route-distinguisher 100:2
[*DeviceB-vpn-instance-r2] quit
[*DeviceB] interface gigabitethernet 0/3/0
[*DeviceB-GigabitEthernet0/3/0] ip binding vpn-instance r2
[*DeviceB-GigabitEthernet0/3/0] ip address 192.168.1.12 24
[*DeviceB-GigabitEthernet0/3/0] undo shutdown
[*DeviceB-GigabitEthernet0/3/0] quit
[*DeviceB] interface GigabitEthernet 0/4/0
[*DeviceB-GigabitEthernet0/4/0] ip binding vpn-instance r2
[*DeviceB-GigabitEthernet0/4/0] ip address 10.2.1.1 24
[*DeviceB-GigabitEthernet0/4/0] undo shutdown
[*DeviceB-GigabitEthernet0/4/0] quit
# 在DeviceB上为两个VPN-Instance配置静态路由。
[*DeviceB] ip route-static vpn-instance r1 0.0.0.0 0 192.168.1.1
[*DeviceB] ip route-static vpn-instance r2 0.0.0.0 0 192.168.1.1
[*DeviceB] commit
- 配置DeviceA与DeviceB的两个上行接口分别建立EBGP邻居关系
# 配置DeviceB。
[~DeviceB] bgp 200
[*DeviceB-bgp] router-id 100.1.1.1
[*DeviceB-bgp] ipv4-family vpn-instance r1
[*DeviceB-bgp-r1] peer 192.168.1.1 as-number 100
[*DeviceB-bgp-r1] import-route direct
[*DeviceB-bgp-r1] quit
[*DeviceB-bgp] ipv4-family vpn-instance r2
[*DeviceB-bgp-r2] peer 192.168.1.1 as-number 100
[*DeviceB-bgp-r2] import-route direct
[*DeviceB-bgp-r2] commit
[~DeviceB-bgp-r2] quit
# 配置DeviceA。
<HUAWEI> system-view[~HUAWEI] sysname DeviceA
[*HUAWEI] commit
[~DeviceA] interface gigabitethernet 0/1/0
[~DeviceA-GigabitEthernet0/1/0] ip address 192.168.1.1 24
[*DeviceA-GigabitEthernet0/1/0] undo shutdown
[*DeviceA-GigabitEthernet0/1/0] quit
[*DeviceA] bgp 100
[*DeviceA-bgp] peer 192.168.1.11 as-number 200
[*DeviceA-bgp] peer 192.168.1.12 as-number 200
[*DeviceA-bgp] commit
[~DeviceA-bgp] quit
- 配置本地网络中DeviceC和DeviceD的IP地址及静态路由
# 在DeviceC上配置IP地址和静态路由。
<HUAWEI> system-view[~HUAWEI] sysname DeviceC
[*HUAWEI] commit
[~DeviceC] interface GigabitEthernet 0/2/0
[~DeviceC-GigabitEthernet0/2/0] ip address 10.1.1.2 24
[*DeviceC-GigabitEthernet0/2/0] undo shutdown
[*DeviceC-GigabitEthernet0/2/0] quit
[*DeviceC] ip route-static 0.0.0.0 0 10.1.1.1
[*DeviceC] commit
# 在DeviceD上配置IP地址和静态路由。
<HUAWEI> system-view[~HUAWEI] sysname DeviceD
[*HUAWEI] commit
[~DeviceD] interface GigabitEthernet 0/4/0
[~DeviceD-GigabitEthernet0/4/0] ip address 10.2.1.2 24
[*DeviceD-GigabitEthernet0/4/0] undo shutdown
[*DeviceD-GigabitEthernet0/4/0] quit
[*DeviceD] ip route-static 0.0.0.0 0 10.2.1.1
[*DeviceD] commit
- 验证配置结果
# 完成上述配置后,在DeviceB上查看私网路由表,可以看到DeviceB接入的两个本地网络的路由分别位于VPN-Instance r1和r2中,实现了路由的隔离。
[~DeviceB] display ip routing-table vpn-instance r1
Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route ------------------------------------------------------------------------------ Routing Tables: r1 Destinations : 6 Routes : 6 Destination/Mask Proto Pre Cost Flags NextHop Interface 0.0.0.0/0 Static 60 0 RD 192.168.1.1 GigabitEthernet0/1/0 10.1.1.0/24 Direct 0 0 D 10.1.1.1 GigabitEthernet0/2/0 10.1.1.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/2/0 10.1.1.2/32 Direct 0 0 D 10.1.1.2 GigabitEthernet0/2/0 192.168.1.0/24 Direct 0 0 D 192.168.1.11 GigabitEthernet0/1/0 192.168.1.11/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/1/0
[~DeviceB] display ip routing-table vpn-instance r2
Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route ------------------------------------------------------------------------------ Routing Tables: r2 Destinations : 6 Routes : 6 Destination/Mask Proto Pre Cost Flags NextHop Interface 0.0.0.0/0 Static 60 0 RD 192.168.1.1 GigabitEthernet0/3/0 10.2.1.0/24 Direct 0 0 D 10.2.1.1 GigabitEthernet0/4/0 10.2.1.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/4/0 10.2.1.2/32 Direct 0 0 D 10.2.1.2 GigabitEthernet0/4/0 192.168.1.0/24 Direct 0 0 D 192.168.1.12 GigabitEthernet0/3/0 192.168.1.12/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/3/0
# 在DeviceA上执行display ip routing-table命令,可以看到DeviceA的公网路由表中有去往两个本地网络的路由。
[~DevicerA] display ip routing-table
Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route ------------------------------------------------------------------------------ Routing Tables: Public Destinations : 8 Routes : 8 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/24 BGP 255 0 D 192.168.1.11 GigabitEthernet0/1/0 10.1.1.2/32 BGP 255 0 D 192.168.1.11 GigabitEthernet0/1/0 10.2.1.0/24 BGP 255 0 D 192.168.1.12 GigabitEthernet0/1/0 10.2.1.2/32 BGP 255 0 D 192.168.1.12 GigabitEthernet0/1/0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 192.168.1.0/24 Direct 0 0 D 192.168.1.1 GigabitEthernet0/1/0 192.168.1.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/1/0
两个本地网络NetworkA和NetworkB之间可以Ping通。
配置文件
DeviceA的配置文件
#
sysname DeviceA#
interface GigabitEthernet0/1/0undo shutdown
ip address 192.168.1.1 255.255.255.0
#
bgp 100
peer 192.168.1.11 as-number 200
peer 192.168.1.12 as-number 200
#
ipv4-family unicast
undo synchronization
peer 192.168.1.11 enable
peer 192.168.1.12 enable
#
return
DeviceB的配置文件
#
sysname DeviceB#
ip vpn-instance r1
ipv4-family
route-distinguisher 100:1
#
ip vpn-instance r2
ipv4-family
route-distinguisher 100:2
#
interface GigabitEthernet0/1/0undo shutdown
ip binding vpn-instance r1
ip address 192.168.1.11 255.255.255.0
#
interface GigabitEthernet0/3/0undo shutdown
ip binding vpn-instance r2
ip address 192.168.1.12 255.255.255.0
#
interface GigabitEthernet0/2/0undo shutdown
ip binding vpn-instance r1
ip address 10.1.1.1 255.255.255.0
#
interface GigabitEthernet0/4/0undo shutdown
ip binding vpn-instance r2
ip address 10.2.1.1 255.255.255.0
#
bgp 200
router-id 100.1.1.1
#
ipv4-family unicast
undo synchronization
#
ipv4-family vpn-instance r1
import-route direct
peer 192.168.1.1 as-number 100
#
ipv4-family vpn-instance r2
import-route direct
peer 192.168.1.1 as-number 100
#
ip route-static vpn-instance r1 0.0.0.0 0.0.0.0 192.168.1.1
ip route-static vpn-instance r2 0.0.0.0 0.0.0.0 192.168.1.1
#
return
DeviceC的配置文件
#
sysname DeviceC#
interface GigabitEthernet 0/2/0undo shutdown
ip address 10.1.1.2 255.255.255.0
#
ip route-static 0.0.0.0 0.0.0.0 10.1.1.1
#
return
DeviceD的配置文件
#
sysname DeviceD#
interface GigabitEthernet 0/4/0undo shutdown
ip address 10.2.1.2 255.255.255.0
#
ip route-static 0.0.0.0 0.0.0.0 10.2.1.1
#
Return
