所选语种没有对应资源,请选择:
企业业务网站
选择区域/语言
Huawei Global - English
技术支持 文档中心
NetEngine 8000 X V800R012C00SPC300 配置指南 - VPN 04
评分并提供意见反馈 :
华为采用机器翻译与人工审校相结合的方式将此文档翻译成不同语言,希望能帮助您更容易理解此文档的内容。 请注意:即使是最好的机器翻译,其准确度也不及专业翻译人员的水平。 华为对于翻译的准确性不承担任何责任,并建议您参考英文文档(已提供链接)。
配置IPRAN组网中的HoVPN功能示例

配置IPRAN组网中的HoVPN功能示例

在本例中,将在IPRAN组网中部署HoVPN功能实现基站和基站控制器间的互通。

组网需求

在IPRAN网络中,采用HVPN方案构建的无线接入网,不仅使网络具备优秀FMC承载能力,而且使CSG到RSG之间实现层次化,具有良好的可扩展性和灵活性,适合规模较大的网络承载。HVPN包括两种组网方式,HoVPN和H-VPN。本例采用HoVPN方式,这样可以使UPE设备只保存基站的明细路由和SPE方向的缺省路由,降低了组网对UPE设备路由能力和转发性能的要求。

图7-53,基站通过VPN接入到UPE上。在基站和基站控制器RNC之间通过部署HoVPN功能实现基站与基站控制器之间的互通。其中UPE1->SPE1->NPE1为主链路,SPE2和NPE2分别是SPE1和NPE1的备份设备。

图7-53 分层式VPN组网图

本例中interface1、interface2、interface3分别代表GE1/0/0、GE2/0/0、GE3/0/0


表7-4 物理接口IP地址

设备名称

接口

IP地址

UPE1

Loopback1

1.1.1.1/32

GE 1/0/0

172.16.3.1/24

GE 2/0/0

172.16.2.1/24

GE 3/0/0

10.1.1.2/24

UPE2

Loopback1

2.2.2.2/32

GE 1/0/0

172.17.4.1/24

GE 2/0/0

172.16.2.2/24

SPE1

Loopback1

3.3.3.3/32

GE 1/0/0

172.16.3.2/24

GE 2/0/0

172.18.4.1/24

GE 3/0/0

172.18.5.1/24

SPE2

Loopback1

4.4.4.4/32

GE 1/0/0

172.17.4.2/24

GE 2/0/0

172.18.4.2/24

GE 3/0/0

172.19.6.1/24

NPE1

Loopback1

5.5.5.5/32

GE 1/0/0

172.18.5.2/24

GE 2/0/0

172.20.6.1/24

GE 3/0/0

10.4.1.1/24

NPE2

Loopback1

6.6.6.6/32

GE 1/0/0

172.19.6.2/24

GE 2/0/0

172.20.6.2/24

GE 3/0/0

10.2.1.1/24

CE

Loopback1

7.7.7.7/32

GE 1/0/0

10.4.1.2/24

GE 2/0/0

10.2.1.2/24

GE 3/0/0

10.3.1.1/24

配置思路

本例配置主要思路是:

  1. 先在UPE、SPE和NPE上配置IGP协议实现互通,并且UPE、SPE和NPE之间能互相学习到对方的Loopback地址;

  2. UPE、SPE和NPE之间建立MPLS标签分发路径LSP;

  3. UPE和NPE上创建VPN实例,建立NPE与CE的EBGP对等体关系,并在UPE和NPE上引入本地直连路由;

  4. UPE与SPE、NPE与SPE之间建立MP-IBGP对等体关系;

  5. 在SPE上创建VPN实例,指定UPE为自己的下层PE(或称为用户层PE);

  6. 配置静态缺省路由;

  7. 配置路由策略调整主备链路的本地优先级,并在UPE、SPE和NPE上配置VPN FRR功能,提高网络的可靠性。

数据准备

为完成此配置例,需准备如下的数据:

  • UPE、SPE及NPE上的MPLS LSR-ID,分别为1.1.1.1、2.2.2.2、3.3.3.3、4.4.4.4、5.5.5.5和6.6.6.6

  • UPE、SPE及NPE上创建的VPN实例名称为vpna,RD为100:1,VPN-Target为1:1

操作步骤

  1. 在UPE、SPE和NPE上配置OSPF,实现互通

    配置完成后,UPE、SPE、NPE之间应能建立OSPF邻居关系,执行display ospf peer命令可以看到邻居状态为Full。执行display ip routing-table命令可以看到UPE、SPE、NPE之间学习到对方的Loopback路由。

    具体配置过程请参见配置文件。

  2. 在MPLS骨干网上配置MPLS基本能力和MPLS LDP,建立LDP LSP

    配置完成后,UPE、SPE、NPE之间应能建立LDP会话,执行display mpls ldp session命令可以看到显示结果中Session State项为“Operational”。执行display mpls ldp lsp命令,可以看到LDP LSP的建立情况。

    具体配置过程请参见配置文件。

  3. UPE和NPE上创建VPN实例,建立NPE与CE的EBGP对等体关系,并在UPE和NPE上引入本地直连路由;

    # 配置UPE1。

    [~UPE] ip vpn-instance vpna
    [*UPE-vpn-instance-vpna] ipv4-family
    [*UPE-vpn-instance-vpna-af-ipv4] route-distinguisher 100:1
    [*UPE-vpn-instance-vpna-af-ipv4] vpn-target 1:1
    [*UPE-vpn-instance-vpna-af-ipv4] quit
    [*UPE-vpn-instance-vpna] quit
    [*UPE] interface gigabitethernet 3/0/0
    [*UPE-GigabitEthernet3/0/0] ip binding vpn-instance vpna
    [*UPE-GigabitEthernet3/0/0] ip address 10.1.1.2 24
    [*UPE-GigabitEthernet3/0/0] quit
    [*UPE] bgp 100
    [*UPE-bgp] ipv4-family vpn-instance vpna
    [*UPE-bgp-vpna] peer 10.1.1.1 as-number 65410
    [*UPE-bgp-vpna] import-route direct
    [*UPE-bgp-vpna] quit
    [*UPE-bgp] quit
    [*UPE] commit

    # 配置NPE1。

    [~NPE1] ip vpn-instance vpna
    [*NPE1-vpn-instance-vpna] ipv4-family
    [*NPE1-vpn-instance-vpna-af-ipv4] route-distinguisher 100:1
    [*NPE1-vpn-instance-vpna-af-ipv4] vpn-target 1:1
    [*NPE1-vpn-instance-vpna-af-ipv4] quit
    [*NPE1-vpn-instance-vpna] quit
    [*NPE1] interface gigabitethernet 3/0/0
    [*NPE1-GigabitEthernet1/0/0] ip binding vpn-instance vpna
    [*NPE1-GigabitEthernet1/0/0] ip address 10.4.1.1 24
    [*NPE1-GigabitEthernet1/0/0] quit
    [*NPE1] bgp 100
    [*NPE1-bgp] ipv4-family vpn-instance vpna
    [*NPE1-bgp-vpna] peer 10.4.1.2 as-number 65420
    [*NPE1-bgp-vpna] import-route direct
    [*NPE1-bgp-vpna] quit
    [*NPE1-bgp] quit
    [*NPE1] commit

    # 配置CE。

    <HUAWEI> system-view
    [~HUAWEI] sysname CE
    [*HUAWEI] commit
    [~CE] interface gigabitethernet 1/0/0
    [*CE-GigabitEthernet1/0/0] ip address 10.4.1.2 24
    [*CE-GigabitEthernet1/0/0] quit
    [*CE] interface gigabitethernet 2/0/0
    [*CE-GigabitEthernet2/0/0] ip address 10.2.1.2 24
    [*CE-GigabitEthernet2/0/0] quit
    [*CE] interface gigabitethernet 3/0/0
    [*CE-GigabitEthernet2/0/0] ip address 10.3.1.1 24
    [*CE-GigabitEthernet2/0/0] quit
    [*CE] interface LoopBack 1
    [*CE-LoopBack1] ip address 7.7.7.7 32
    [*CE-LoopBack1] quit
    [*CE] bgp 65420
    [*CE-bgp] peer 10.4.1.1 as-number 100
    [*CE-bgp] peer 10.2.1.1 as-number 100
    [*CE-bgp] import-route direct
    [*CE-bgp] quit
    [*CE] commit

    NPE2与NPE1的配置过程相似,此处不再赘述,具体过程请参见配置文件。

    配置完成后,在UPE1和NPE上执行display ip vpn-instance verbose命令可以看到VPN实例的配置情况。

  4. 配置UPE与SPE、NPE与SPE的MP-IBGP对等体关系

    # 配置UPE1。

    [~UPE1] bgp 100
    [*UPE1-bgp] router-id 1.1.1.1
    [*UPE1-bgp] peer 3.3.3.3 as-number 100
    [*UPE1-bgp] peer 3.3.3.3 connect-interface loopback 1
    [*UPE1-bgp] peer 4.4.4.4 as-number 100
    [*UPE1-bgp] peer 4.4.4.4 connect-interface loopback 1
    [*UPE1-bgp] ipv4-family vpnv4
    [*UPE1-bgp-af-vpnv4] peer 3.3.3.3 enable
    [*UPE1-bgp-af-vpnv4] peer 4.4.4.4 enable
    [*UPE1-bgp-af-vpnv4] quit
    [*UPE1-bgp] quit
    [*UPE1] commit

    UPE2与UPE1的配置过程相似,此处不再赘述,具体过程请参见配置文件。

    # 配置SPE1。

    [~SPE1] bgp 100
    [*SPE1-bgp] router-id 3.3.3.3
    [*SPE1-bgp] peer 1.1.1.1 as-number 100
    [*SPE1-bgp] peer 1.1.1.1 connect-interface loopback 1
    [*SPE1-bgp] peer 2.2.2.2 as-number 100
    [*SPE1-bgp] peer 2.2.2.2 connect-interface loopback 1
    [*SPE1-bgp] peer 5.5.5.5 as-number 100
    [*SPE1-bgp] peer 5.5.5.5 connect-interface loopback 1
    [*SPE1-bgp] peer 6.6.6.6 as-number 100
    [*SPE1-bgp] peer 6.6.6.6 connect-interface loopback 1
    [*SPE1-bgp] ipv4-family vpnv4
    [*SPE1-bgp-af-vpnv4] peer 1.1.1.1 enable
    [*SPE1-bgp-af-vpnv4] peer 2.2.2.2 enable
    [*SPE1-bgp-af-vpnv4] peer 5.5.5.5 enable
    [*SPE1-bgp-af-vpnv4] peer 6.6.6.6 enable
    [*SPE1-bgp-af-vpnv4] quit
    [*SPE1-bgp] quit
    [*SPE1] commit

    SPE2与SPE1的配置过程相似,此处不再赘述,具体过程请参见配置文件。

    # 配置NPE1。

    [~NPE1] bgp 100
    [*NPE1-bgp] peer 3.3.3.3 as-number 100
    [*NPE1-bgp] peer 3.3.3.3 connect-interface loopback 1
    [*NPE1-bgp] peer 4.4.4.4 as-number 100
    [*NPE1-bgp] peer 4.4.4.4 connect-interface loopback 1
    [*NPE1-bgp] ipv4-family vpnv4
    [*NPE1-bgp-af-vpnv4] peer 3.3.3.3 enable
    [*NPE1-bgp-af-vpnv4] peer 4.4.4.4 enable
    [*NPE1-bgp-af-vpnv4] quit
    [*NPE1-bgp] quit
    [*NPE1] commit

    NPE2与NPE1的配置过程相似,此处不再赘述,具体过程请参见配置文件。

  5. 在SPE上创建VPN实例并指定UPE为自己的下层PE

    # 配置VPN实例。

    [~SPE1] ip vpn-instance vpna
    [*SPE1-vpn-instance-vpna] ipv4-family
    [*SPE1-vpn-instance-vpna-af-ipv4] route-distinguisher 100:1
    [*SPE1-vpn-instance-vpna-af-ipv4] vpn-target 1:1
    [*SPE1-vpn-instance-vpna-af-ipv4] quit
    [*SPE1-vpn-instance-vpna] quit

    # 指定自己的UPE。

    [*SPE1] bgp 100
    [*SPE1-bgp] ipv4-family vpnv4
    [*SPE1-bgp-af-vpnv4] peer 1.1.1.1 upe
    [*SPE1-bgp-af-vpnv4] peer 2.2.2.2 upe
    [*SPE1-bgp-af-vpnv4] quit
    [*SPE1-bgp] quit
    [*SPE1] commit

  6. 配置静态缺省路由,并通过路由策略实现SPE仅将缺省路由发送给UPE

    # 配置SPE1

    [~SPE1] ip route-static vpn-instance vpna 0.0.0.0 0.0.0.0 55.55.55.55
    [*SPE1] route-policy default permit node 10
    [*SPE1-route-policy] apply local-preference 200
    [*SPE1-route-policy] quit
    [*SPE1] bgp 100
    [*SPE1-bgp] ipv4-family vpn-instance vpna
    [*SPE1-bgp-vpna] network 0.0.0.0 route-policy default
    [*SPE1-bgp-vpna] quit
    [*SPE1-bgp] quit
    [*SPE1] commit

    SPE2作为备份SPE其配置过程与SPE1相似,但是发布给UPE的路由本地优先级要设置为190

    # 配置NPE1

    [~NPE1] interface loopback 2
    [~NPE1-LoopBack2] ip address 55.55.55.55 32
    [~NPE1-LoopBack2] ip binding vpn-instance vpna
    [~NPE1-LoopBack2] quit
    [~NPE1] commit

    NPE2与NPE1的配置过程相似,此处不再赘述,具体过程请参见配置文件。

  7. 配置路由策略调整主备链路的本地优先级

    # 配置SPE1

    [~SPE1] ip ip-prefix default permit 0.0.0.0 0
    [*SPE1] route-policy NPE1 deny node 10
    [*SPE1-route-policy] if-match ip-prefix default
    [*SPE1-route-policy] quit
    [*SPE1] route-policy NPE1 permit node 20
    [*SPE1-route-policy] apply local-preference 200
    [*SPE1-route-policy] quit
    [*SPE1] route-policy NPE2 deny node 10
    [*SPE1-route-policy] if-match ip-prefix default
    [*SPE1-route-policy] quit
    [*SPE1] route-policy NPE2 permit node 20
    [*SPE1-route-policy] apply local-preference 190
    [*SPE1-route-policy] quit
    [*SPE1] bgp 100
    [*SPE1-bgp] ipv4-family vpnv4
    [*SPE1-bgp-af-vpnv4] peer 5.5.5.5 route-policy NPE1 import
    [*SPE1-bgp-af-vpnv4] peer 6.6.6.6 route-policy NPE2 import
    [*SPE1-bgp-af-vpnv4] peer 1.1.1.1 ip-prefix default export
    [*SPE1-bgp-af-vpnv4] peer 2.2.2.2 ip-prefix default export
    [*SPE1-bgp-af-vpnv4] quit
    [*SPE1-bgp] quit
    [*SPE1] commit

    SPE2作为备份SPE其配置过程与SPE1相似,但是其从NPE1的引入的路由的本地优先级要设置为180,从NPE2的引入的路由的本地优先级要设置为170。

    # 配置NPE1

    [~NPE1] route-policy SPE1 permit node 10
    [*NPE1-route-policy] apply local-preference 200
    [*NPE1-route-policy] quit
    [*NPE1] route-policy SPE2 permit node 10
    [*NPE1-route-policy] apply local-preference 190
    [*NPE1-route-policy] quit
    [*NPE1] bgp 100
    [*NPE1-bgp] ipv4-family vpnv4
    [*NPE1-bgp-af-vpnv4] peer 3.3.3.3 route-policy SPE1 import
    [*NPE1-bgp-af-vpnv4] peer 4.4.4.4 route-policy SPE2 import
    [*NPE1-bgp-af-vpnv4] quit
    [*NPE1-bgp] quit
    [*NPE1] commit

    NPE2作为备份NPE其配置过程与NPE1相似,但是其从SPE1的引入的路由的本地优先级要设置为180,从SPE2的引入的路由的本地优先级要设置为170。

  8. 为了提高网络的可靠性,可以在UPE、SPE和NPE上配置VPN FRR功能,以UPE1为例。

    [~UPE1] bgp 100
    [~UPE1-bgp] ipv4-family vpn-instance vpna
    [*UPE1-bgp-vpna] auto-frr
    [*UPE1-bgp-vpna] quit
    [*UPE1-bgp] quit
    [*UPE1] commit

  9. 检查配置结果

    配置完成后,UPE1上没有到RNC的路由,但有一条下一跳为SPE1的缺省路由;NPE1上有到NodeB的BGP路由。CE和UPE1可以相互Ping通。

    [~UPE1] display ip routing-table vpn-instance vpna
    Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route
------------------------------------------------------------------------------
Routing Table : vpna
         Destinations : 5        Routes : 5

Destination/Mask    Proto  Pre  Cost        Flags NextHop         Interface

        0.0.0.0/0   IBGP   255  0             RD 3.3.3.3         GigabitEthernet1/0/0
       10.1.1.0/24  Direct 0    0             D  10.1.1.2        GigabitEthernet3/0/0
       10.1.1.2/32  Direct 0    0             D  127.0.0.1       GigabitEthernet3/0/0
     10.1.1.255/32  Direct 0    0             D  127.0.0.1       GigabitEthernet3/0/0
255.255.255.255/32  Direct 0    0             D  127.0.0.1       InLoopBack0
    [~UPE1] ping -vpn-instance vpna 10.3.1.1
      PING 10.3.1.1: 56  data bytes, press CTRL_C to break
    Reply from 10.3.1.1: bytes=56 Sequence=1 ttl=251 time=5 ms
    Reply from 10.3.1.1: bytes=56 Sequence=2 ttl=253 time=3 ms
    Reply from 10.3.1.1: bytes=56 Sequence=3 ttl=251 time=3 ms
    Reply from 10.3.1.1: bytes=56 Sequence=4 ttl=253 time=2 ms
    Reply from 10.3.1.1: bytes=56 Sequence=5 ttl=251 time=2 ms

  --- 10.3.1.1 ping statistics ---
    5 packet(s) transmitted
    5 packet(s) received
    0.00% packet loss
    round-trip min/avg/max = 2/3/5 ms
    [~NPE1] display ip routing-table vpn-instance vpna
    Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route
------------------------------------------------------------------------------
Routing Table : vpna
         Destinations : 9        Routes : 9

Destination/Mask    Proto  Pre  Cost        Flags NextHop         Interface

        0.0.0.0/0   IBGP   255  0             RD 3.3.3.3         GigabitEthernet1/0/0
       10.1.1.0/24  IBGP   255  0             RD 3.3.3.3         GigabitEthernet1/0/0
       10.4.1.0/24  Direct 0    0             D  10.4.1.1        GigabitEthernet3/0/0
       10.4.1.1/32  Direct 0    0             D  127.0.0.1       GigabitEthernet3/0/0
     10.4.1.255/32  Direct 0    0             D  127.0.0.1       GigabitEthernet3/0/0
       10.2.1.0/24  EBGP   255  0             RD 10.4.1.2        GigabitEthernet3/0/0
       10.3.1.0/24  EBGP   255  0             RD 10.4.1.2        GigabitEthernet3/0/0
        7.7.7.7/32  EBGP   255  0             RD 10.4.1.2        GigabitEthernet3/0/0
255.255.255.255/32  Direct 0    0             D  127.0.0.1       InLoopBack0

    在UPE1上执行display bgp vpnv4 all routing-table命令,可以看到有一条VPN实例vpna的缺省路由,下一跳为SPE1。

    [~UPE1] display bgp vpnv4 all routing-table
     BGP Local router ID is 1.1.1.1
 Status codes: * - valid, > - best, d - damped, x - best external, a - add path,
               h - history,  i - internal, s - suppressed, S - Stale
               Origin : i - IGP, e - EGP, ? - incomplete


 Total number of routes from all PE: 4
 Route Distinguisher: 100:1


      Network            NextHop        MED        LocPrf    PrefVal Path/Ogn

 *>i  0.0.0.0            3.3.3.3         0          200        0       i
 * i                     4.4.4.4         0          200        0       i
 *>   10.1.1.0/24        0.0.0.0         0                     0       ?
 *>   10.1.1.2/32        0.0.0.0         0                     0       ?

 VPN-Instance vpna, router ID 1.1.1.1:

 Total Number of Routes: 4
      Network            NextHop        MED        LocPrf    PrefVal Path/Ogn

 *>i  0.0.0.0            3.3.3.3         0          200        0       i
 * i                     4.4.4.4         0          200        0       i
 *>   10.1.1.0/24        0.0.0.0         0                     0       ?
 *>   10.1.1.2/32        0.0.0.0         0                     0       ?

    在UPE1上执行display ip routing-table vpn-instance vpna 10.3.1.1 verbose命令,可以看到去往RNC的路由的备份标签和备份Tunnel ID的信息。

    [~UPE1] display ip routing-table vpn-instance vpna 10.3.1.1 verbose
    Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route
------------------------------------------------------------------------------
Routing Table : vpna
Summary Count : 1

Destination: 0.0.0.0/0
     Protocol: IBGP            Process ID: 0
   Preference: 255                   Cost: 0
      NextHop: 3.3.3.3          Neighbour: 0.0.0.0
        State: Active Adv Relied      Age: 00h15m22s
          Tag: 0                 Priority: low
        Label: 16                 QoSInfo: 0x0
   IndirectID: 0x5200006A
 RelayNextHop: 3.3.3.3          Interface: GigabitEthernet1/0/0
     TunnelID: 0x0000000001004c4b44 Flags: RD
    BkNextHop: 4.4.4.4        BkInterface: GigabitEthernet2/0/0
      BkLabel: 16            SecTunnelID: 0x0
 BkPETunnelID: 0x0000000001004c4b62 BkPESecTunnelID: 0x0
 BkIndirectID: 0x5200006C

配置文件

  • UPE1的配置文件

    #
sysname UPE1
#
ip vpn-instance vpna
 ipv4-family
  route-distinguisher 100:1
  apply-label per-instance
  vpn-target 1:1 import-extcommunity
  vpn-target 1:1 export-extcommunity
#
mpls lsr-id 1.1.1.1
#
mpls
#
mpls ldp
#
interface GigabitEthernet1/0/0
 undo shutdown
 ip address 172.16.3.1 255.255.255.0
 mpls
 mpls ldp
#
interface GigabitEthernet2/0/0
 undo shutdown
 ip address 172.16.2.1 255.255.255.0
 mpls
 mpls ldp
#
interface GigabitEthernet3/0/0
 undo shutdown
 ip binding vpn-instance vpna
 ip address 10.1.1.2 255.255.255.0
#
interface LoopBack1
 ip address 1.1.1.1 255.255.255.255
#
bgp 100
 router-id 1.1.1.1
 peer 3.3.3.3 as-number 100
 peer 3.3.3.3 connect-interface LoopBack1
 peer 4.4.4.4 as-number 100
 peer 4.4.4.4 connect-interface LoopBack1
 #
 ipv4-family unicast
  undo synchronization 
  peer 3.3.3.3 enable
  peer 4.4.4.4 enable
 #
 ipv4-family vpnv4
  policy vpn-target
  peer 3.3.3.3 enable
  peer 4.4.4.4 enable
 #
 ipv4-family vpn-instance vpna
  import-route direct
  auto-frr
  peer 10.1.1.1 as-number 65410
#
ospf 1
 area 0.0.0.0
  network 1.1.1.1 0.0.0.0
  network 172.16.2.0 0.0.0.255
  network 172.16.3.0 0.0.0.255
# 
return

  • SPE1的配置文件

    #
sysname SPE1
#
ip vpn-instance vpna
 ipv4-family
  route-distinguisher 100:1
  apply-label per-instance
  vpn-target 1:1 import-extcommunity
  vpn-target 1:1 export-extcommunity
#
mpls lsr-id 3.3.3.3
#
mpls
#
mpls ldp
#
interface GigabitEthernet1/0/0
 undo shutdown
 ip address 172.16.3.2 255.255.255.0
 mpls
 mpls ldp
#
interface GigabitEthernet2/0/0
 undo shutdown
 ip address 172.18.4.1 255.255.255.0
 mpls
 mpls ldp
#
interface GigabitEthernet3/0/0
 undo shutdown
 ip address 172.18.5.1 255.255.255.0
 mpls
 mpls ldp
#
interface LoopBack1
 ip address 3.3.3.3 255.255.255.255
#
bgp 100
 router-id 3.3.3.3
 peer 1.1.1.1 as-number 100
 peer 1.1.1.1 connect-interface LoopBack1
 peer 2.2.2.2 as-number 100
 peer 2.2.2.2 connect-interface LoopBack1
 peer 5.5.5.5 as-number 100
 peer 5.5.5.5 connect-interface LoopBack1
 peer 6.6.6.6 as-number 100
 peer 6.6.6.6 connect-interface LoopBack1
 #
 ipv4-family unicast
  undo synchronization
  peer 1.1.1.1 enable
  peer 2.2.2.2 enable
  peer 5.5.5.5 enable
  peer 6.6.6.6 enable
 #
 ipv4-family vpnv4
  policy vpn-target
  peer 1.1.1.1 enable
  peer 1.1.1.1 ip-prefix default export
  peer 1.1.1.1 upe
  peer 2.2.2.2 enable
  peer 2.2.2.2 ip-prefix default export
  peer 2.2.2.2 upe
  peer 5.5.5.5 enable
  peer 5.5.5.5 route-policy NPE1 import
  peer 6.6.6.6 enable
  peer 6.6.6.6 route-policy NPE2 import
 #
 ipv4-family vpn-instance vpna
  network 0.0.0.0 route-policy default
  auto-frr
#
ospf 1
 area 0.0.0.0
  network 3.3.3.3 0.0.0.0
  network 172.16.3.0 0.0.0.255
  network 172.18.4.0 0.0.0.255
  network 172.18.5.0 0.0.0.255
#
route-policy NPE1 deny node 10
 if-match ip-prefix default
#
route-policy NPE1 permit node 20
 apply local-preference 200
#
route-policy NPE2 deny node 10
 if-match ip-prefix default
#
route-policy NPE2 permit node 20
 apply local-preference 190
#
route-policy default permit node 10
 apply local-preference 200
#
ip ip-prefix default index 10 permit 0.0.0.0 0
#
ip route-static vpn-instance vpna 0.0.0.0 0.0.0.0 55.55.55.55
#
return

  • NPE1的配置文件

    #
sysname NPE1
#
ip vpn-instance vpna
 ipv4-family
  route-distinguisher 100:1
  apply-label per-instance
  vpn-target 1:1 import-extcommunity
  vpn-target 1:1 export-extcommunity
#
mpls lsr-id 5.5.5.5
#
mpls
#
mpls ldp
#
interface GigabitEthernet1/0/0
 undo shutdown
 ip address 172.18.5.2 255.255.255.0
 mpls
 mpls ldp
#
interface GigabitEthernet2/0/0
 undo shutdown
 ip address 172.20.6.1 255.255.255.0
 mpls
 mpls ldp
#
interface GigabitEthernet3/0/0
 undo shutdown
 ip binding vpn-instance vpna
 ip address 10.4.1.1 255.255.255.0
#
interface LoopBack1
 ip address 5.5.5.5 255.255.255.255
#
interface LoopBack2
 ip binding vpn-instance vpna
 ip address 55.55.55.55 255.255.255.255
#
bgp 100
 router-id 5.5.5.5
 peer 3.3.3.3 as-number 100
 peer 3.3.3.3 connect-interface LoopBack1
 peer 4.4.4.4 as-number 100
 peer 4.4.4.4 connect-interface LoopBack1
 #
 ipv4-family unicast
  undo synchronization
  peer 3.3.3.3 enable
  peer 4.4.4.4 enable
 #
 ipv4-family vpnv4
  policy vpn-target
  peer 3.3.3.3 enable
  peer 3.3.3.3 route-policy SPE1 import
  peer 4.4.4.4 enable
  peer 4.4.4.4 route-policy SPE2 import
 #
 ipv4-family vpn-instance vpna
  import-route direct
  auto-frr
  peer 10.4.1.2 as-number 65420
#
ospf 1
 area 0.0.0.0
  network 5.5.5.5 0.0.0.0
  network 172.18.5.0 0.0.0.255
  network 172.20.6.0 0.0.0.255
#
route-policy SPE1 permit node 10
 apply local-preference 200
#
route-policy SPE2 permit node 10
 apply local-preference 190
#
return

  • UPE2的配置文件

    #
sysname UPE2
#
ip vpn-instance vpna
 ipv4-family
  route-distinguisher 100:1
  apply-label per-instance
  vpn-target 1:1 import-extcommunity
  vpn-target 1:1 export-extcommunity
#
mpls lsr-id 2.2.2.2
#
mpls
#
mpls ldp
#
interface GigabitEthernet1/0/0
 undo shutdown
 ip address 172.17.4.1 255.255.255.0
 mpls
 mpls ldp
#
interface GigabitEthernet2/0/0
 undo shutdown
 ip address 172.16.2.2 255.255.255.0
 mpls
 mpls ldp
#
interface LoopBack1
 ip address 2.2.2.2 255.255.255.255
#
bgp 100
 router-id 2.2.2.2
 peer 3.3.3.3 as-number 100
 peer 3.3.3.3 connect-interface LoopBack1
 peer 4.4.4.4 as-number 100
 peer 4.4.4.4 connect-interface LoopBack1
 #
 ipv4-family unicast
  undo synchronization
  peer 3.3.3.3 enable
  peer 4.4.4.4 enable
 #
 ipv4-family vpnv4
  policy vpn-target
  peer 3.3.3.3 enable
  peer 4.4.4.4 enable
 #
 ipv4-family vpn-instance vpna
  auto-frr
#
ospf 1
 area 0.0.0.0
  network 2.2.2.2 0.0.0.0
  network 172.16.2.0 0.0.0.255
  network 172.17.4.0 0.0.0.255
#
return

  • SPE2的配置文件

    #
sysname SPE2
#
ip vpn-instance vpna
 ipv4-family
  route-distinguisher 100:1
  apply-label per-instance
  vpn-target 1:1 import-extcommunity
  vpn-target 1:1 export-extcommunity
#
mpls lsr-id 4.4.4.4
#
mpls
#
mpls ldp
#
interface GigabitEthernet1/0/0
 undo shutdown
 ip address 172.17.4.2 255.255.255.0
 mpls
 mpls ldp
#
interface GigabitEthernet2/0/0
 undo shutdown
 ip address 172.18.4.2 255.255.255.0
 mpls
 mpls ldp
#
interface GigabitEthernet3/0/0
 undo shutdown
 ip address 172.19.6.1 255.255.255.0
 mpls
 mpls ldp
#
interface LoopBack1
 ip address 4.4.4.4 255.255.255.255
#
bgp 100
 router-id 4.4.4.4
 peer 1.1.1.1 as-number 100
 peer 1.1.1.1 connect-interface LoopBack1
 peer 2.2.2.2 as-number 100
 peer 2.2.2.2 connect-interface LoopBack1
 peer 5.5.5.5 as-number 100
 peer 5.5.5.5 connect-interface LoopBack1
 peer 6.6.6.6 as-number 100
 peer 6.6.6.6 connect-interface LoopBack1
 #
 ipv4-family unicast
  undo synchronization
  peer 1.1.1.1 enable
  peer 2.2.2.2 enable
  peer 5.5.5.5 enable
  peer 6.6.6.6 enable
 #
 ipv4-family vpnv4
  policy vpn-target
  peer 1.1.1.1 enable
  peer 1.1.1.1 ip-prefix default export
  peer 1.1.1.1 upe
  peer 2.2.2.2 enable
  peer 2.2.2.2 ip-prefix default export
  peer 2.2.2.2 upe
  peer 5.5.5.5 enable
  peer 5.5.5.5 route-policy NPE1 import
  peer 6.6.6.6 enable
  peer 6.6.6.6 route-policy NPE2 import
 #
 ipv4-family vpn-instance vpna
  network 0.0.0.0 route-policy default
  auto-frr
  peer 10.4.1.2 as-number 65420
#
ospf 1
 area 0.0.0.0
  network 4.4.4.4 0.0.0.0
  network 172.17.4.0 0.0.0.255
  network 172.18.4.0 0.0.0.255
  network 172.19.6.0 0.0.0.255
#
route-policy NPE1 deny node 10
 if-match ip-prefix default
#
route-policy NPE1 permit node 20
 apply local-preference 180
#
route-policy NPE2 deny node 10
 if-match ip-prefix default
#
route-policy NPE2 permit node 20
 apply local-preference 170
#
route-policy default permit node 10
 apply local-preference 190
#
ip ip-prefix default index 10 permit 0.0.0.0 0
#
ip route-static vpn-instance vpna 0.0.0.0 0.0.0.0 66.66.66.66
#
return

  • NPE2的配置文件

    #
sysname NPE2
#
ip vpn-instance vpna
 ipv4-family
  route-distinguisher 100:1
  apply-label per-instance
  vpn-target 1:1 import-extcommunity
  vpn-target 1:1 export-extcommunity
#
mpls lsr-id 6.6.6.6
#
mpls
#
mpls ldp
#
interface GigabitEthernet1/0/0
 undo shutdown
 ip address 172.19.6.2 255.255.255.0
 mpls
 mpls ldp
#
interface GigabitEthernet2/0/0
 undo shutdown
 ip address 172.20.6.2 255.255.255.0
 mpls
 mpls ldp
#
interface GigabitEthernet3/0/0
 undo shutdown
 ip binding vpn-instance vpna
 ip address 10.2.1.1 255.255.255.0
#
interface LoopBack1
 ip address 6.6.6.6 255.255.255.255
#
interface LoopBack2
 ip binding vpn-instance vpna
 ip address 66.66.66.66 255.255.255.255
#
bgp 100
 peer 3.3.3.3 as-number 100
 peer 3.3.3.3 connect-interface LoopBack1
 peer 4.4.4.4 as-number 100
 peer 4.4.4.4 connect-interface LoopBack1
 #
 ipv4-family unicast
  undo synchronization
  peer 3.3.3.3 enable
  peer 4.4.4.4 enable
 #
 ipv4-family vpnv4
  policy vpn-target
  peer 3.3.3.3 enable
  peer 3.3.3.3 route-policy SPE1 import
  peer 4.4.4.4 enable
  peer 4.4.4.4 route-policy SPE2 import
 #
 ipv4-family vpn-instance vpna
  import-route direct
  auto-frr
  peer 10.2.1.2 as-number 65420
#
ospf 1
 area 0.0.0.0
  network 6.6.6.6 0.0.0.0
  network 172.19.6.0 0.0.0.255
  network 172.20.6.0 0.0.0.255
#
route-policy SPE1 permit node 10
 apply local-preference 180
#
route-policy SPE2 permit node 10
 apply local-preference 170
#
return

  • CE的配置文件

    #
sysname CE
#
interface GigabitEthernet1/0/0
 undo shutdown
 ip address 10.4.1.2 255.255.255.0
#
interface GigabitEthernet2/0/0
 undo shutdown
 ip address 10.2.1.2 255.255.255.0
#
interface GigabitEthernet3/0/0
 undo shutdown
 ip address 10.3.1.1 255.255.255.0
#
interface LoopBack1
 ip address 7.7.7.7 255.255.255.255
#
bgp 65420
 peer 10.4.1.1 as-number 100
 peer 10.2.1.1 as-number 100
 #
 ipv4-family unicast
  undo synchronization
  import-route direct
  peer 10.4.1.1 enable
  peer 10.2.1.1 enable
#
return
翻译
English
下载文档
更新时间:2020-06-20

文档编号:EDOC1100143312

浏览量:60382

下载量:128

平均得分:
本文档适用于这些产品

相关版本

相关文档

分享
上一页 下一页
华为亿家APP下载 华为亿家APP下载

版权所有 © 华为技术有限公司 1998-2022。 保留一切权利。粤A2-20044005号

您正离开华为站点,前往: