评分并提供意见反馈 :
华为采用机器翻译与人工审校相结合的方式将此文档翻译成不同语言,希望能帮助您更容易理解此文档的内容。 请注意:即使是最好的机器翻译,其准确度也不及专业翻译人员的水平。 华为对于翻译的准确性不承担任何责任,并建议您参考英文文档(已提供链接)。
配置OptionB方式跨域VPN示例(ASBR过滤VPN路由)
通过在ASBR上配置路由策略对VPN-Target进行过滤,只保存部分VPNv4路由。
组网需求
如图7-38,CE1、CE2和CE3属于同一个VPN,并且PE2与PE1、PE3不在同一AS域。而CE2所在站点和CE3所在站点之间没有互访需求,要求在ASBR1上配置基于VPN路由RD属性的过滤策略,使CE3所在站点的路由不能通过ASBR2传到PE2上,从而实现OptionB方式的跨域VPN。
设备名称 |
接口 |
IP地址 |
|---|---|---|
CE1 |
Loopback1 |
10.11.11.11/32 |
GE1/0/0 |
10.1.1.1/24 |
|
PE1 |
Loopback1 |
1.1.1.1/32 |
GE2/0/0 |
10.1.1.2/24 |
|
GE1/0/0 |
172.16.1.2/24 |
|
CE3 |
Loopback1 |
10.33.33.33/32 |
GE1/0/0 |
10.3.1.1/24 |
|
PE3 |
Loopback1 |
3.3.3.3/32 |
GE2/0/0 |
10.3.1.2/24 |
|
GE1/0/0 |
172.16.3.2/24 |
|
ASBR1 |
Loopback1 |
5.5.5.5/32 |
GE1/0/0 |
172.16.1.1/24 |
|
GE2/0/0 |
192.168.1.1/24 |
|
GE3/0/0 |
172.16.3.1/24 |
|
ASBR2 |
Loopback1 |
6.6.6.6/32 |
GE1/0/0 |
10.162.1.1/24 |
|
GE2/0/0 |
192.168.1.2/24 |
|
CE2 |
Loopback1 |
10.22.22.22/32 |
GE1/0/0 |
10.2.1.1/24 |
|
PE2 |
Loopback1 |
2.2.2.2/32 |
GE2/0/0 |
10.2.1.2/24 |
|
GE1/0/0 |
10.162.1.2/24 |
配置注意事项
在配置过程中,需注意如下事项:
PE1与PE3之间需要建立MP-IBGP邻居。
ASBR上不必创建VPN实例。根据VPNv4路由的RD,ASBR需要对发布到对端ASBR上的VPNv4路由进行过滤。
配置思路
采用如下思路配置OptionB方式跨域VPN(ASBR过滤VPN路由):
在骨干网上运行IGP协议实现同一AS的ASBR与PE之间的互通,并且同一AS的ASBR与PE之间要建立MPLS LDP LSP。
PE与CE之间建立EBGP对等体关系;PE与ASBR之间建立MP-IBGP对等体关系。
在PE上需配置VPN实例(在ASBR上无需配置VPN实例)。
在ASBR上与另一ASBR相连接口上分别使能MPLS,且ASBR之间建立MP-EBGP对等体关系。根据VPNv4路由的RD,ASBR需要对发布到对端ASBR上的VPNv4路由进行过滤。
数据准备
为完成此配置例,需准备如下的数据:
PE及ASBR上的MPLS LSR-ID分别为1.1.1.1、2.2.2.2、3.3.3.3、5.5.5.5、6.6.6.6
PE上创建的VPN实例名称为vpna,RD值为100:1、200:2和100:3,出方向和入方向的VPN-Target值为111:1
ASBR上用于RD过滤的路由策略
操作步骤
- 在各AS的MPLS骨干网上分别配置IGP协议,实现各自骨干网各节点之间的互通
本例中采用OSPF,具体配置请参见后面的配置文件。
配置完成后,骨干网各节点之间应能建立OSPF邻居关系,执行display ospf peer命令可以看到邻居状态为Full。执行display ip routing-table命令可以看到PE或者ASBR学习到其他节点的Loopback路由。
- 在各AS的MPLS骨干网上分别配置MPLS基本能力和MPLS LDP,建立LDP LSP
# 配置PE1。
[~PE1] mpls lsr-id 1.1.1.1[*PE1] mpls[*PE1-mpls] quit[*PE1] mpls ldp[*PE1-mpls-ldp] quit[*PE1] interface gigabitethernet 1/0/0
[*PE1-GigabitEthernet1/0/0] mpls
[*PE1-GigabitEthernet1/0/0] mpls ldp
[*PE1-GigabitEthernet1/0/0] commit
[~PE1-GigabitEthernet1/0/0] quit
PE2、PE3的配置与PE1类似,配置过程请参见后面的配置文件。
# 配置ASBR1
[~ASBR1] mpls lsr-id 5.5.5.5[*ASBR1] mpls[*ASBR1-mpls] quit[*ASBR1] mpls ldp[*ASBR1-mpls-ldp] quit[*ASBR1] interface gigabitethernet 1/0/0
[*ASBR1-GigabitEthernet1/0/0] mpls
[*ASBR1-GigabitEthernet1/0/0] mpls ldp
[*ASBR1-GigabitEthernet1/0/0] commit
[~ASBR1-GigabitEthernet1/0/0] quit
ASBR2的配置与ASBR1类似,配置过程请参见后面的配置文件。
配置完成后,PE之间应该建立起LDP对等体关系,在各路由器上执行display mpls ldp session命令可以看到显示结果中Session State项为“Operational”。以PE1的显示为例:
<PE1> display mpls ldp session
LDP Session(s) in Public Network Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDD:HH:MM) An asterisk (*) before a session means the session is being deleted.-------------------------------------------------------------------------
PeerID Status LAM SsnRole SsnAge KASent/Rcv
-------------------------------------------------------------------------
4.4.4.4:0 Operational DU Passive 0000:00:01 5/5
-------------------------------------------------------------------------
TOTAL: 1 session(s) Found.
- 配置各AS域内的PE、ASBR之间建立MP-IBGP对等体关系,对于AS100,还需要在PE1与PE3之间建立MP-IBGP关系
# 配置PE1。
[~PE1] bgp 100[*PE1-bgp] peer 3.3.3.3 as-number 100[*PE1-bgp] peer 3.3.3.3 connect-interface loopback 1[*PE1-bgp] peer 5.5.5.5 as-number 100[*PE1-bgp] peer 5.5.5.5 connect-interface loopback 1[*PE1-bgp] ipv4-family vpnv4[*PE1-bgp-af-vpnv4] peer 3.3.3.3 enable[*PE1-bgp-af-vpnv4] peer 5.5.5.5 enable[*PE1-bgp-af-vpnv4] commit[~PE1-bgp-af-vpnv4] quit[~PE1-bgp] quitPE2、PE3的配置与PE1类似,配置过程请参见后面的配置文件。
# 配置ASBR1。
[~ASBR1] bgp 100[*ASBR1-bgp] peer 1.1.1.1 as-number 100[*ASBR1-bgp] peer 1.1.1.1 connect-interface loopback 1[*ASBR1-bgp] peer 3.3.3.3 as-number 100[*ASBR1-bgp] peer 3.3.3.3 connect-interface loopback 1[*ASBR1-bgp] ipv4-family vpnv4[*ASBR1-bgp-af-vpnv4] peer 1.1.1.1 enable[*ASBR1-bgp-af-vpnv4] peer 3.3.3.3 enable[*ASBR1-bgp-af-vpnv4] commit[~ASBR1-bgp-af-vpnv4] quit[~ASBR1-bgp] quitASBR2的配置与ASBR1类似,配置过程请参见后面的配置文件。
配置完成后,在PE或者ASBR上执行命令display bgp vpnv4 all peer,可以看到PE与ASBR之间的MP-IBGP对等体关系已建立,并达到Established状态。以PE1显示为例。
<PE1> display bgp vpnv4 all peer
BGP local router ID : 1.1.1.1
Local AS number : 100
Total number of peers : 2 Peers in established state : 2
Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv
3.3.3.3 4 100 12 18 0 00:09:38 Established 0
5.5.5.5 4 100 12 18 0 00:09:38 Established 0
- 为PE配置VPN实例,将CE接入PE
# 配置PE1。
[~PE1] ip vpn-instance vpna[*PE1-vpn-instance-vpna] ipv4-family[*PE1-vpn-instance-vpna-af-ipv4] route-distinguisher 100:1[*PE1-vpn-instance-vpna-af-ipv4] vpn-target 111:1 both[*PE1-vpn-instance-vpna-af-ipv4] quit[*PE1-vpn-instance-vpna] quit[*PE1] interface gigabitethernet 2/0/0
[*PE1-GigabitEthernet2/0/0] ip binding vpn-instance vpna
[*PE1-GigabitEthernet2/0/0] ip address 10.1.1.2 24
[*PE1-GigabitEthernet2/0/0] quit
[*PE1] commit# 配置PE2。
[~PE2] ip vpn-instance vpna[*PE2-vpn-instance-vpna] ipv4-family[*PE2-vpn-instance-vpna-af-ipv4] route-distinguisher 200:2[*PE2-vpn-instance-vpna-af-ipv4] vpn-target 111:1 both[*PE2-vpn-instance-vpna-af-ipv4] quit[*PE2-vpn-instance-vpna] quit[*PE2] interface gigabitethernet 2/0/0
[*PE2-GigabitEthernet2/0/0] ip binding vpn-instance vpna
[*PE2-GigabitEthernet2/0/0] ip address 10.2.1.2 24
[*PE2-GigabitEthernet2/0/0] quit
[*PE2] commit# 配置PE3。
[~PE3] ip vpn-instance vpna[*PE3-vpn-instance-vpna] ipv4-family[*PE3-vpn-instance-vpna-af-ipv4] route-distinguisher 100:3[*PE3-vpn-instance-vpna-af-ipv4] vpn-target 111:1 both[*PE3-vpn-instance-vpna-af-ipv4] quit[*PE3-vpn-instance-vpna] quit[*PE3] interface gigabitethernet 2/0/0
[*PE3-GigabitEthernet2/0/0] ip binding vpn-instance vpna
[*PE3-GigabitEthernet2/0/0] ip address 10.3.1.2 24
[*PE3-GigabitEthernet2/0/0] commit
[~PE3-GigabitEthernet2/0/0] quit
配置完成后,在PE设备上执行display ip vpn-instance verbose命令可以看到VPN实例的配置情况。
<PE1> display ip vpn-instance verbose
Total VPN-Instances configured : 1
Total IPv4 VPN-Instances configured : 1 Total IPv6 VPN-Instances configured : 0
VPN-Instance Name and ID : vpna, 1
Interfaces : GigabitEthernet2/0/0Address family ipv4
Create date : 2009/09/18 11:30:35
Up time : 0 days, 00 hours, 05 minutes and 19 seconds
Vrf Status : UP
Route Distinguisher : 100:1
Export VPN Targets : 111:1
Import VPN Targets : 111:1
Label policy: label per route
The diffserv-mode Information is : uniform
The ttl-mode Information is : pipe
- 配置PE与CE之间建立EBGP对等体关系,引入CE上的Loopback路由
# 配置CE1。
[~CE1] interface loopback 1[*CE1-Loopback1] ip address 10.11.11.11 32[*CE1-Loopback1] quit[*CE1] bgp 65001[*CE1-bgp] peer 10.1.1.2 as-number 100[*CE1-bgp] network 10.11.11.11 32[*CE1-bgp] quit[*CE1] commitCE2、CE3的配置与CE1的配置类似,配置过程请参见后面的配置文件。
# 配置PE1。
[~PE1] bgp 100[~PE1-bgp] ipv4-family vpn-instance vpna[*PE1-bgp-vpna] peer 10.1.1.1 as-number 65001[*PE1-bgp-vpna] commit[~PE1-bgp-vpna] quitPE2、PE3的配置与PE1类似,配置过程请参见后面的配置文件。
配置完成后,在PE设备上执行display bgp vpnv4 vpn-instance peer命令,可以看到PE与CE之间的BGP对等体关系已建立,并达到Established状态。
以PE1与CE1的对等体关系为例:
<PE1> display bgp vpnv4 vpn-instance vpna peer
BGP local router ID : 1.1.1.1
Local AS number : 100
Total number of peers : 1 Peers in established state : 1
Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv
10.1.1.1 4 65001 11 9 0 00:06:37 Established 1
- 在ASBR上与另一ASBR相连接口上分别使能MPLS,且配置ASBR之间的MP-EBGP关系,并且对接收的VPNv4路由进行路由过滤# 配置ASBR1:在与ASBR2相连的接口GE2/0/0上使能MPLS。
[~ASBR1] interface GigabitEthernet 2/0/0
[~ASBR1-GigabitEthernet2/0/0] ip address 192.168.1.1 24
[*ASBR1-GigabitEthernet2/0/0] mpls
[*ASBR1-GigabitEthernet2/0/0] quit
[*ASBR1] commit# 配置ASBR1:与ASBR2建立MP-EBGP对等体关系,并且对接收的VPNv4路由进行路由过滤。
[~ASBR1] ip rd-filter 10 deny 100:3[*ASBR1] route-policy test permit node 10[*ASBR1-route-policy] if-match rd-filter 10[*ASBR1-route-policy] commit[~ASBR1-route-policy] quit[~ASBR1] bgp 100[*ASBR1-bgp] peer 192.168.1.2 as-number 200[*ASBR1-bgp] ipv4-family vpnv4[*ASBR1-bgp-af-vpnv4] peer 192.168.1.2 enable[*ASBR1-bgp-af-vpnv4] peer 192.168.1.2 route-policy test export[*ASBR1-bgp-af-vpnv4] commit[~ASBR1-bgp-af-vpnv4] quit[~ASBR1-bgp] quit# 配置ASBR2:在与ASBR1相连的接口GE2/0/0上使能MPLS。[~ASBR2] interface GigabitEthernet 2/0/0
[~ASBR2-GigabitEthernet2/0/0] ip address 192.168.1.2 24
[*ASBR2-GigabitEthernet2/0/0] mpls
[*ASBR2-GigabitEthernet2/0/0] quit
[*ASBR2] commit# 配置ASBR2:与ASBR1建立MP-EBGP对等体关系,对接收的VPNv4路由不进行路由过滤。
[~ASBR2] bgp 100[*ASBR2-bgp] peer 192.168.1.1 as-number 100[*ASBR2-bgp] ipv4-family vpnv4[*ASBR2-bgp-af-vpnv4] peer 192.168.1.1 enable[*ASBR2-bgp-af-vpnv4] undo policy vpn-target[*ASBR2-bgp-af-vpnv4] commit[~ASBR2-bgp-af-vpnv4] quit[~ASBR2-bgp] quit - 检查配置结果
上述配置完成后,ASBR1上执行命令display bgp vpnv4 all routing-table,可以查看到来自PE3站点的路由。
<ASBR1> display bgp vpnv4 all routing-table
BGP Local router ID is 5.5.5.5 Status codes: * - valid, > - best, d - damped, x - best external, a - add path, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete RPKI validation codes: V - valid, I - invalid, N - not-found Total number of routes from all PE: 3 Route Distinguisher: 100:1 Network NextHop MED LocPrf PrefVal Path/Ogn *>i 10.11.11.11/32 1.1.1.1 0 100 0 ? Route Distinguisher: 200:2 Network NextHop MED LocPrf PrefVal Path/Ogn *>i 10.22.22.22/32 6.6.6.6 0 100 0 ? Route Distinguisher: 100:3 Network NextHop MED LocPrf PrefVal Path/Ogn *>i 10.33.33.33/32 3.3.3.3 0 100 0 ?
ASBR2上执行命令display bgp vpnv4 all routing-table,可以查看到没有接收到来自PE3站点的路由。
<ASBR2> display bgp vpnv4 all routing-table
BGP Local router ID is 6.6.6.6 Status codes: * - valid, > - best, d - damped, x - best external, a - add path, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete RPKI validation codes: V - valid, I - invalid, N - not-found Total number of routes from all PE: 2 Route Distinguisher: 100:1 Network NextHop MED LocPrf PrefVal Path/Ogn *>i 10.11.11.11/32 5.5.5.5 0 100 0 ? Route Distinguisher: 200:2 Network NextHop MED LocPrf PrefVal Path/Ogn *>i 10.22.22.22/24 2.2.2.2 0 100 0 ?
CE1与CE3、CE1与CE2能够相互ping通,CE2与CE3之间不能ping通。
<CE1> ping -a 10.11.11.11 10.33.33.33
PING 10.33.33.33: 56 data bytes, press CTRL_C to break
Reply from 10.33.33.33: bytes=56 Sequence=1 ttl=252 time=120 ms
Reply from 10.33.33.33: bytes=56 Sequence=2 ttl=252 time=73 ms
Reply from 10.33.33.33: bytes=56 Sequence=3 ttl=252 time=111 ms
Reply from 10.33.33.33: bytes=56 Sequence=4 ttl=252 time=86 ms
Reply from 10.33.33.33: bytes=56 Sequence=5 ttl=252 time=110 ms
--- 10.33.33.33 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 73/100/120 ms
<CE2> ping -a 10.22.22.22 10.33.33.33 PING 10.33.33.33: 56 data bytes, press CTRL_C to break Request time out Request time out Request time out Request time out Request time out --- 10.33.33.33 ping statistics --- 5 packet(s) transmitted 0 packet(s) received 100.00% packet loss
配置文件
CE1的配置文件
#
sysname CE1
#
interface GigabitEthernet1/0/0undo shutdown
ip address 10.1.1.1 255.255.255.0
#
interface Loopback1
undo shutdown
ip address 10.11.11.11 255.255.255.255
#
bgp 65001
peer 10.1.1.2 as-number 100
#
ipv4-family unicast
undo synchronization peer 10.1.1.2 enable network 10.11.11.11 255.255.255.255
#
return
PE1的配置文件
#
sysname PE1
#
ip vpn-instance vpna
ipv4-family
route-distinguisher 100:1
apply-label per-instance
vpn-target 111:1 export-extcommunity
vpn-target 111:1 import-extcommunity
#
mpls lsr-id 1.1.1.1
#
mpls
#
mpls ldp
#
interface GigabitEthernet1/0/0undo shutdown
ip address 172.16.1.2 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet2/0/0undo shutdown
ip binding vpn-instance vpna
ip address 10.1.1.2 255.255.255.0
#
interface LoopBack1
ip address 1.1.1.1 255.255.255.255
#
bgp 100
peer 3.3.3.3 as-number 100
peer 3.3.3.3 connect-interface LoopBack1
peer 5.5.5.5 as-number 100
peer 5.5.5.5 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization peer 3.3.3.3 enable
peer 5.5.5.5 enable
#
ipv4-family vpnv4
policy vpn-target
peer 3.3.3.3 enable
peer 5.5.5.5 enable
#
ipv4-family vpn-instance vpna
peer 10.1.1.1 as-number 65001
#
ospf 1
area 0.0.0.0
network 172.16.1.0 0.0.0.255
network 1.1.1.1 0.0.0.0
#
return
PE3的配置文件
#
sysname PE3
#
ip vpn-instance vpna
ipv4-family
route-distinguisher 100:3
apply-label per-instance
vpn-target 111:1 export-extcommunity
vpn-target 111:1 import-extcommunity
#
mpls lsr-id 3.3.3.3
#
mpls
#
mpls ldp
#
interface GigabitEthernet1/0/0undo shutdown
ip address 172.16.3.2 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet2/0/0undo shutdown
ip binding vpn-instance vpna
ip address 10.3.1.2 255.255.255.0
#
interface LoopBack1
ip address 3.3.3.3 255.255.255.255
#
bgp 100
peer 1.1.1.1 as-number 100
peer 1.1.1.1 connect-interface LoopBack1
peer 5.5.5.5 as-number 100
peer 5.5.5.5 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization peer 1.1.1.1 enable
peer 5.5.5.5 enable
#
ipv4-family vpnv4
policy vpn-target
peer 1.1.1.1 enable
peer 5.5.5.5 enable
#
ipv4-family vpn-instance vpna
peer 10.3.1.1 as-number 65003
#
ospf 1
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 172.16.3.0 0.0.0.255
#
return
CE3的配置文件
#
sysname CE3
#
interface GigabitEthernet1/0/0undo shutdown
ip address 10.3.1.1 255.255.255.0
#
interface Loopback1
undo shutdown
ip address 10.33.33.33 255.255.255.255
#
bgp 65003
peer 10.3.1.2 as-number 100
#
ipv4-family unicast
undo synchronization peer 10.3.1.2 enable network 10.33.33.33 255.255.255.255
#
return
ASBR1的配置文件
#
sysname ASBR1
#
mpls lsr-id 5.5.5.5
#
mpls
#
mpls ldp
#
interface GigabitEthernet1/0/0undo shutdown
ip address 172.16.1.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet2/0/0undo shutdown
ip address 192.168.1.1 255.255.255.0
mpls
#
interface GigabitEthernet3/0/0undo shutdown
ip address 172.16.3.1 255.255.255.0
mpls
mpls ldp
#
interface LoopBack1
ip address 5.5.5.5 255.255.255.255
#
route-policy test permit node 10
if-match rd-filter 10
#
ip rd-filter 10 deny 100:3
#
bgp 100
peer 1.1.1.1 as-number 100
peer 1.1.1.1 connect-interface LoopBack1
peer 3.3.3.3 as-number 100
peer 3.3.3.3 connect-interface LoopBack1
peer 192.168.1.2 as-number 200
#
ipv4-family unicast
undo synchronization peer 1.1.1.1 enable
peer 3.3.3.3 enable
peer 192.168.1.2 enable
#
ipv4-family vpnv4
undo policy vpn-target
peer 1.1.1.1 enable
peer 3.3.3.3 enable
peer 192.168.1.2 enable
peer 192.168.1.2 route-policy test export
#
ospf 1
area 0.0.0.0
network 5.5.5.5 0.0.0.0
network 172.16.1.0 0.0.0.255
network 172.16.3.0 0.0.0.255
#
return
ASBR2的配置文件
#
sysname ASBR2
#
mpls lsr-id 6.6.6.6
#
mpls
#
mpls ldp
#
interface GigabitEthernet1/0/0undo shutdown
ip address 10.162.1.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet2/0/0undo shutdown
ip address 192.168.1.2 255.255.255.0
mpls
#
interface LoopBack1
ip address 6.6.6.6 255.255.255.255
#
bgp 200
peer 2.2.2.2 as-number 200
peer 2.2.2.2 connect-interface LoopBack1
peer 192.168.1.1 as-number 100
#
ipv4-family unicast
undo synchronization peer 2.2.2.2 enable
peer 5.5.5.5 enable
#
ipv4-family vpnv4
undo policy vpn-target
peer 2.2.2.2 enable
peer 192.168.1.1 enable
#
ospf 1
area 0.0.0.0
network 6.6.6.6 0.0.0.0
network 10.162.1.0 0.0.0.255
#
return
PE2的配置文件
#
sysname PE2
#
ip vpn-instance vpna
ipv4-family
route-distinguisher 200:2
apply-label per-instance
vpn-target 111:1 export-extcommunity
vpn-target 111:1 import-extcommunity
#
mpls lsr-id 2.2.2.2
#
mpls
#
mpls ldp
#
interface GigabitEthernet1/0/0undo shutdown
ip address 10.162.1.2 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet2/0/0undo shutdown
ip binding vpn-instance vpna
ip address 10.2.1.2 255.255.255.0
#
interface LoopBack1
ip address 2.2.2.2 255.255.255.255
#
bgp 200
peer 6.6.6.6 as-number 100
peer 6.6.6.6 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization peer 6.6.6.6 enable
#
ipv4-family vpnv4
policy vpn-target
peer 6.6.6.6 enable
#
ipv4-family vpn-instance vpna
peer 10.2.1.1 as-number 65002
#
ospf 1
area 0.0.0.0
network 10.162.1.0 0.0.0.255
network 2.2.2.2 0.0.0.0
#
return
CE2的配置文件
#
sysname CE2
#
interface GigabitEthernet1/0/0undo shutdown
ip address 10.2.1.1 255.255.255.0
#
interface Loopback1
undo shutdown
ip address 10.22.22.22 255.255.255.255
#
bgp 65002
peer 10.2.1.2 as-number 200
#
ipv4-family unicast
undo synchronization peer 10.2.1.2 enable network 10.22.22.22 255.255.255.255
#
return
