评分并提供意见反馈 :
华为采用机器翻译与人工审校相结合的方式将此文档翻译成不同语言,希望能帮助您更容易理解此文档的内容。 请注意:即使是最好的机器翻译,其准确度也不及专业翻译人员的水平。 华为对于翻译的准确性不承担任何责任,并建议您参考英文文档(已提供链接)。
配置BGP/MPLS IP VPN示例
配置BGP/MPLS IP VPN,相同VPN用户之间可以互访,不同VPN用户之间不能互相访问。
组网需求
如图7-21所示:
CE1、CE3属于vpna。
CE2、CE4属于vpnb。
vpna使用的VPN-target属性为111:1,vpnb使用的VPN-target属性为222:2。
使相同VPN用户之间可以互访,不同VPN用户之间不能互相访问。
配置注意事项
在配置过程中,需注意以下事项:
同一VPN的Export VPN-Target列表与其它站点的Import VPN-Target列表有共同的VPN-Target,Import VPN-Target列表与其它站点的Export VPN-Target列表有共同的VPN-Target。
PE与CE相连的接口绑定了VPN实例后,将删除该接口上已经配置的IP地址、路由协议等三层特性,如果需要应重新配置。
配置思路
采用如下的思路配置BGP/MPLS IP VPN:
骨干网上配置OSPF实现PE之间的互通。
骨干网上配置MPLS基本能力和MPLS LDP,建立MPLS LSP。
PE上配置使能IPv4地址族VPN实例,并把与CE相连的接口和相应的VPN实例绑定。
PE之间配置MP-IBGP交换VPN路由信息。
CE与PE之间配置EBGP交换VPN路由信息。
操作步骤
- 在MPLS骨干网上配置IGP协议,实现骨干网PE和P的互通。本例中IGP为OSPF为例进行说明。
# 配置PE1。
[~HUAWEI] sysname PE1
[*HUAWEI] commit
[~PE1] interface loopback 1[*PE1-LoopBack1] ip address 1.1.1.9 32[*PE1-LoopBack1] commit[*PE1-LoopBack1] quit[*PE1] interface gigabitethernet3/0/0
[*PE1-GigabitEthernet3/0/0] ip address 11.11.11.1 24
[*PE1-GigabitEthernet3/0/0] commit
[*PE1-GigabitEthernet3/0/0] quit
[*PE1] ospf[*PE1-ospf-1] area 0[*PE1-ospf-1-area-0.0.0.0] network 11.11.11.0 0.0.0.255[*PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0[*PE1-ospf-1-area-0.0.0.0] commit[~PE1-ospf-1-area-0.0.0.0] quit[~PE1-ospf-1] quit# 配置P。
<HUAWEI> system-view[~HUAWEI] sysname P
[*HUAWEI] commit
[~P] interface loopback 1[*P-LoopBack1] ip address 2.2.2.9 32[*P-LoopBack1] commit[*P-LoopBack1] quit[*P] interface gigabitethernet 1/0/0
[*P-GigabitEthernet1/0/0] ip address 11.11.11.2 24
[*P-GigabitEthernet1/0/0] commit
[*P-GigabitEthernet1/0/0] quit
[*P] interface gigabitethernet 2/0/0
[*P-GigabitEthernet2/0/0] ip address 12.12.12.1 24
[*P-GigabitEthernet2/0/0] commit
[*P-GigabitEthernet2/0/0] quit
[*P] ospf[*P-ospf-1] area 0[*P-ospf-1-area-0.0.0.0] network 11.11.11.0 0.0.0.255[*P-ospf-1-area-0.0.0.0] network 12.12.12.0 0.0.0.255[*P-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0[*P-ospf-1-area-0.0.0.0] commit[~P-ospf-1-area-0.0.0.0] quit[~P-ospf-1] quit# 配置PE2。
<HUAWEI> system-view[~HUAWEI] sysname PE2
[*HUAWEI] commit
[~PE2] interface loopback 1[*PE2-LoopBack1] ip address 3.3.3.9 32[*PE2-LoopBack1] commit[*PE2-LoopBack1] quit[*PE2] interface gigabitethernet 3/0/0
[*PE2-GigabitEthernet3/0/0] ip address 12.12.12.2 24
[*PE2-GigabitEthernet3/0/0] commit
[*PE2-GigabitEthernet3/0/0] quit
[*PE2] ospf[*PE2-ospf-1] area 0[*PE2-ospf-1-area-0.0.0.0] network 12.12.12.0 0.0.0.255[*PE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0[*PE2-ospf-1-area-0.0.0.0] commit[~PE2-ospf-1-area-0.0.0.0] quit[~PE2-ospf-1] quit配置完成后,PE1、P、PE2之间应能建立OSPF邻居关系,执行display ospf peer命令可以看到邻居状态为Full。执行display ip routing-table命令可以看到PE之间学习到对方的Loopback1路由。
以PE1的显示为例:
[~PE1] display ip routing-tableRoute Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route------------------------------------------------------------------------------
Routing Tables: _public_
Destinations : 11 Routes : 11
Destination/Mask Proto Pre Cost Flags NextHop Interface
1.1.1.9/32 Direct 0 0 D 127.0.0.1 LoopBack1
2.2.2.9/32 OSPF 10 2 D 11.11.11.2 GigabitEthernet3/0/03.3.3.9/32 OSPF 10 3 D 11.11.11.2 GigabitEthernet3/0/011.11.11.0/24 Direct 0 0 D 11.11.11.1 GigabitEthernet3/0/011.11.11.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet3/0/011.11.11.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet3/0/012.12.12.0/24 OSPF 10 2 D 11.11.11.2 GigabitEthernet3/0/0127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
[~PE1] display ospf peer(M) Indicates MADJ neighbor OSPF Process 1 with Router ID 1.1.1.9Neighbors
Area 0.0.0.0 interface 11.11.11.1(GE3/0/0)'s neighborsRouter ID: 2.2.2.9 Address: 11.11.11.2
State: Full Mode:Nbr is Slave Priority: 1
DR: 1.1.1.9 BDR: 2.2.2.9 MTU: 1500
Dead timer due in 38 sec
Retrans timer interval: 0
Neighbor is up for 00:02:44
Authentication Sequence: [ 0 ]
- 在MPLS骨干网上配置MPLS基本能力和MPLS LDP,建立LDP LSP
# 配置PE1。
[~PE1] mpls lsr-id 1.1.1.9[*PE1] mpls[*PE1-mpls] commit[*PE1-mpls] quit[*PE1] mpls ldp[*PE1-mpls-ldp] commit[*PE1-mpls-ldp] quit[*PE1] interface gigabitethernet 3/0/0
[*PE1-GigabitEthernet3/0/0] mpls
[*PE1-GigabitEthernet3/0/0] mpls ldp
[*PE1-GigabitEthernet3/0/0] commit
[~PE1-GigabitEthernet3/0/0] quit
# 配置P。
[~P] mpls lsr-id 2.2.2.9[*P] mpls[*P-mpls] commit[*P-mpls] quit[*P] mpls ldp[*P-mpls-ldp] quit[*P] interface gigabitethernet 1/0/0
[*P-GigabitEthernet1/0/0] mpls
[*P-GigabitEthernet1/0/0] mpls ldp
[*P-GigabitEthernet1/0/0] quit
[*P] interface gigabitethernet 2/0/0
[*P-GigabitEthernet2/0/0] mpls
[*P-GigabitEthernet2/0/0] mpls ldp
[*P-GigabitEthernet2/0/0] commit
[~P-GigabitEthernet2/0/0] quit
# 配置PE2。
[~PE2] mpls lsr-id 3.3.3.9[*PE2] mpls[*PE2-mpls] commit[*PE2-mpls] quit[*PE2] mpls ldp[*PE2-mpls-ldp] commit[*PE2-mpls-ldp] quit[*PE2] interface gigabitethernet 3/0/0
[*PE2-GigabitEthernet3/0/0] mpls
[*PE2-GigabitEthernet3/0/0] mpls ldp
[*PE2-GigabitEthernet3/0/0] commit
[~PE2-GigabitEthernet3/0/0] quit
上述配置完成后,PE1与P、P与PE2之间应能建立LDP会话,执行display mpls ldp session命令可以看到显示结果中Status项为“Operational”。执行display mpls ldp lsp命令,可以看到LDP LSP的建立情况。
以PE1的显示为例:
[~PE1] display mpls ldp sessionLDP Session(s) in Public Network
Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDD:HH:MM) An asterisk (*) before a session means the session is being deleted. -------------------------------------------------------------------------Peer-ID Status LAM SsnRole SsnAge KA-Sent/Rcv
-------------------------------------------------------------------------
2.2.2.9:0 Operational DU Passive 006:20:55 39551/39552
-------------------------------------------------------------------------
TOTAL: 1 session(s) Found.
LAM : Label Advertisement Mode SsnAge Unit : DDD:HH:MM
[~PE1] display mpls ldp lspLDP LSP Information ------------------------------------------------------------------------------- DestAddress/Mask In/OutLabel UpstreamPeer NextHop OutInterface ------------------------------------------------------------------------------- 1.1.1.9/32 3/NULL 2.2.2.9 127.0.0.1 InLoop0 *1.1.1.9/32 Liberal/1024 DS/2.2.2.9 2.2.2.9/32 NULL/3 - 11.11.11.2 GE3/0/0 2.2.2.9/32 1024/3 2.2.2.9 11.11.11.2 GE3/0/0 3.3.3.9/32 NULL/1025 - 11.11.11.2 GE3/0/0 3.3.3.9/32 1025/1025 2.2.2.9 11.11.11.2 GE3/0/0 ------------------------------------------------------------------------------- TOTAL: 5 Normal LSP(s) Found. TOTAL: 1 Liberal LSP(s) Found. TOTAL: 0 Frr LSP(s) Found. An asterisk (*) before an LSP means the LSP is not established An asterisk (*) before a Label means the USCB or DSCB is stale An asterisk (*) before an UpstreamPeer means the session is stale An asterisk (*) before a DS means the session is stale An asterisk (*) before a NextHop means the LSP is FRR LSP
- 在PE设备上配置使能IPv4地址族的VPN实例,将CE接入PE
# 配置PE1。
[~PE1] ip vpn-instance vpna[*PE1-vpn-instance-vpna] ipv4-family[*PE1-vpn-instance-vpna-af-ipv4] route-distinguisher 100:1[*PE1-vpn-instance-vpna-af-ipv4] vpn-target 111:1 both[*PE1-vpn-instance-vpna-af-ipv4] quit[*PE1-vpn-instance-vpna] quit[*PE1] ip vpn-instance vpnb[*PE1-vpn-instance-vpnb] ipv4-family[*PE1-vpn-instance-vpnb-af-ipv4] route-distinguisher 100:2[*PE1-vpn-instance-vpnb-af-ipv4] vpn-target 222:2 both[*PE1-vpn-instance-vpnb-af-ipv4] quit[*PE1-vpn-instance-vpnb] quit[*PE1] interface gigabitethernet 1/0/0
[*PE1-GigabitEthernet1/0/0] ip binding vpn-instance vpna
[*PE1-GigabitEthernet1/0/0] ip address 10.1.1.2 24
[*PE1-GigabitEthernet1/0/0] quit
[*PE1] interface gigabitethernet 2/0/0
[*PE1-GigabitEthernet2/0/0] ip binding vpn-instance vpnb
[*PE1-GigabitEthernet2/0/0] ip address 10.2.1.2 24
[*PE1-GigabitEthernet2/0/0] quit
[*PE1] commit# 配置PE2。
[~PE2] ip vpn-instance vpna[*PE2-vpn-instance-vpna] ipv4-family[*PE2-vpn-instance-vpna-af-ipv4] route-distinguisher 200:1[*PE2-vpn-instance-vpna-af-ipv4] vpn-target 111:1 both[*PE2-vpn-instance-vpna-af-ipv4] quit[*PE2-vpn-instance-vpna] quit[*PE2] ip vpn-instance vpnb[*PE2-vpn-instance-vpnb] ipv4-family[*PE2-vpn-instance-vpnb-af-ipv4] route-distinguisher 200:2[*PE2-vpn-instance-vpnb-af-ipv4] vpn-target 222:2 both[*PE2-vpn-instance-vpnb-af-ipv4] quit[*PE2-vpn-instance-vpnb] quit[*PE2] interface gigabitethernet 1/0/0
[*PE2-GigabitEthernet1/0/0] ip binding vpn-instance vpna
[*PE2-GigabitEthernet1/0/0] ip address 10.3.1.2 24
[*PE2-GigabitEthernet1/0/0] quit
[*PE2] interface gigabitethernet 2/0/0
[*PE2-GigabitEthernet2/0/0] ip binding vpn-instance vpnb
[*PE2-GigabitEthernet2/0/0] ip address 10.4.1.2 24
[*PE2-GigabitEthernet2/0/0] commit
[*PE2-GigabitEthernet2/0/0] quit
[*PE2] commit# 按图7-21配置各CE的接口IP地址,配置过程请参见后面的配置文件。
配置完成后,在PE设备上执行display ip vpn-instance verbose命令可以看到VPN实例的配置情况。各PE能ping通自己接入的CE。
当PE上有多个绑定了同一个VPN的接口,则使用ping -vpn-instance命令ping对端PE接入的CE时,要指定源IP地址,即要指定ping -vpn-instance vpn-instance-name -a source-ip-address dest-ip-address命令中的参数-a source-ip-address,否则可能ping不通。
以PE1为例:
[~PE1] display ip vpn-instance verboseTotal VPN-Instances configured : 2
Total IPv4 VPN-Instances configured : 1 Total IPv6 VPN-Instances configured : 0
VPN-Instance Name and ID : vpna, 1
Interfaces : GigabitEthernet1/0/0Address family ipv4
Create date : 2009/01/21 11:30:35
Up time : 0 days, 00 hours, 05 minutes and 19 seconds
Vrf Status : UP
Route Distinguisher : 100:1
Export VPN Targets : 111:1
Import VPN Targets : 111:1
Label policy: label per route
The diffserv-mode Information is : uniform
The ttl-mode Information is : pipe
VPN-Instance Name and ID : vpnb, 2
Interfaces : GigabitEthernet2/0/0Address family ipv4
Create date : 2009/01/21 11:31:18
Up time : 0 days, 00 hours, 04 minutes and 36 seconds
Vrf Status : UP
Route Distinguisher : 100:2
Export VPN Targets : 222:2
Import VPN Targets : 222:2
Label policy: label per route
The diffserv-mode Information is : uniform
The ttl-mode Information is : pipe
[~PE1] ping -vpn-instance vpna 10.1.1.1PING 10.1.1.1: 56 data bytes, press CTRL_C to break
Reply from 10.1.1.1: bytes=56 Sequence=1 ttl=255 time=56 ms
Reply from 10.1.1.1: bytes=56 Sequence=2 ttl=255 time=4 ms
Reply from 10.1.1.1: bytes=56 Sequence=3 ttl=255 time=4 ms
Reply from 10.1.1.1: bytes=56 Sequence=4 ttl=255 time=52 ms
Reply from 10.1.1.1: bytes=56 Sequence=5 ttl=255 time=3 ms
--- 10.1.1.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 3/23/56 ms
- 在PE与CE之间建立EBGP对等体关系
# 配置CE1。
[~CE1] interface loopback 1[*CE1-LoopBack1] ip address 11.11.11.11 32[*CE1-LoopBack1] quit[*CE1] bgp 65410[*CE1-bgp] peer 10.1.1.2 as-number 100[*CE1-bgp] network 11.11.11.11 32[*CE1-bgp] quit[*CE1] commitCE2~CE4配置与CE1设备配置类似,配置过程请参见后面的配置文件。
# 配置PE1。
[~PE1] bgp 100[*PE1-bgp] ipv4-family vpn-instance vpna[*PE1-bgp-vpna] peer 10.1.1.1 as-number 65410[*PE1-bgp-vpna] commit[*PE1-bgp-vpna] quit[*PE1-bgp] ipv4-family vpn-instance vpnb[*PE1-bgp-vpnb] peer 10.2.1.1 as-number 65420[*PE1-bgp-vpnb] commit[~PE1-bgp-vpnb] quit[~PE1-bgp] quitPE2的配置与PE1类似,配置过程请参见后面的配置文件。
配置完成后,在PE设备上执行display bgp vpnv4 vpn-instance peer命令,可以看到PE与CE之间的BGP对等体关系已建立,并达到Established状态。
以PE1与CE1的对等体关系为例:
[~PE1] display bgp vpnv4 vpn-instance vpna peerBGP local router ID : 1.1.1.9
Local AS number : 100
Total number of peers : 1 Peers in established state : 1
Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv
10.1.1.1 4 65410 11 9 0 00:06:37 Established 1
- 在PE之间建立MP-IBGP对等体关系
# 配置PE1。
[~PE1] bgp 100[~PE1-bgp] peer 3.3.3.9 as-number 100[*PE1-bgp] peer 3.3.3.9 connect-interface loopback 1[*PE1-bgp] ipv4-family vpnv4[*PE1-bgp-af-vpnv4] peer 3.3.3.9 enable[*PE1-bgp-af-vpnv4] commit[~PE1-bgp-af-vpnv4] quit[~PE1-bgp] quit# 配置PE2。
[~PE2] bgp 100[~PE2-bgp] peer 1.1.1.9 as-number 100[*PE2-bgp] peer 1.1.1.9 connect-interface loopback 1[*PE2-bgp] ipv4-family vpnv4[*PE2-bgp-af-vpnv4] peer 1.1.1.9 enable[*PE2-bgp-af-vpnv4] commit[~PE2-bgp-af-vpnv4] quit[~PE2-bgp] quit配置完成后,在PE设备上执行display bgp peer或display bgp vpnv4 all peer命令,可以看到PE之间的BGP对等体关系已建立,并达到Established状态。
[~PE1] display bgp peerBGP local router ID : 1.1.1.9
Local AS number : 100
Total number of peers : 1 Peers in established state : 1
Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv
3.3.3.9 4 100 2 6 0 00:00:12 Established 0
[~PE1] display bgp vpnv4 all peerBGP local router ID : 1.1.1.9
Local AS number : 100
Total number of peers : 3 Peers in established state : 3
Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv
3.3.3.9 4 100 12 18 0 00:09:38 Established 0
Peer of vpn instance:
VPN-Instance vpna, router ID 1.1.1.9:
10.1.1.1 4 65410 25 25 0 00:17:57 Established 1
VPN-Instance vpnb, router ID 1.1.1.9:
10.2.1.1 4 65420 21 22 0 00:17:10 Established 1
- 检查配置结果
在PE设备上执行display ip routing-table vpn-instance命令,可以看到去往CE上的Loopback口路由。
以PE1的显示为例:
[~PE1] display ip routing-table vpn-instance vpnaRoute Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route------------------------------------------------------------------------------
Routing Tables: vpna
Destinations : 6 Routes : 6
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.1.1.0/24 Direct 0 0 D 10.1.1.2 GigabitEthernet1/0/010.1.1.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet1/0/010.1.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet1/0/011.11.11.11/32 EBGP 255 0 RD 10.1.1.1 GigabitEthernet1/0/033.33.33.33/32 IBGP 255 0 RD 3.3.3.9 GigabitEthernet3/0/0255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
[~PE1] display ip routing-table vpn-instance vpnbRoute Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route------------------------------------------------------------------------------
Routing Tables: vpnb
Destinations : 6 Routes : 6
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.2.1.0/24 Direct 0 0 D 10.2.1.2 GigabitEthernet2/0/010.2.1.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet2/0/010.2.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet2/0/022.22.22.22/32 EBGP 255 0 RD 10.2.1.1 GigabitEthernet2/0/044.44.44.44/32 IBGP 255 0 RD 3.3.3.9 GigabitEthernet3/0/0255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
同一VPN的CE能够相互Ping通,不同VPN的CE不能相互Ping通。
例如:CE1能够Ping通CE3(10.3.1.1),但不能Ping通CE4(10.4.1.1)。
[~CE1] ping -a 11.11.11.11 33.33.33.33PING 33.33.33.33: 56 data bytes, press CTRL_C to break
Reply from 33.33.33.33: bytes=56 Sequence=1 ttl=251 time=72 ms
Reply from 33.33.33.33: bytes=56 Sequence=2 ttl=251 time=34 ms
Reply from 33.33.33.33: bytes=56 Sequence=3 ttl=251 time=50 ms
Reply from 33.33.33.33: bytes=56 Sequence=4 ttl=251 time=50 ms
Reply from 33.33.33.33: bytes=56 Sequence=5 ttl=251 time=34 ms
--- 33.33.33.33 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 34/48/72 ms
[~CE1] ping -a 11.11.11.11 44.44.44.44PING 44.44.44.44: 56 data bytes, press CTRL_C to break
Request time out
Request time out
Request time out
Request time out
Request time out
--- 44.44.44.44 ping statistics ---
5 packet(s) transmitted
0 packet(s) received
100.00% packet loss
配置文件
PE1的配置文件
#
sysname PE1
#
ip vpn-instance vpna
ipv4-family
route-distinguisher 100:1
apply-label per-instance
vpn-target 111:1 export-extcommunity
vpn-target 111:1 import-extcommunity
#
ip vpn-instance vpnb
ipv4-family
route-distinguisher 100:2
apply-label per-instance
vpn-target 222:2 export-extcommunity
vpn-target 222:2 import-extcommunity
#
mpls lsr-id 1.1.1.9
#
mpls
#
mpls ldp
#
interface GigabitEthernet1/0/0undo shutdown
ip binding vpn-instance vpna
ip address 10.1.1.2 255.255.255.0
#
interface GigabitEthernet2/0/0undo shutdown
ip binding vpn-instance vpnb
ip address 10.2.1.2 255.255.255.0
#
interface GigabitEthernet3/0/0undo shutdown
ip address 11.11.11.1 255.255.255.0
mpls
mpls ldp
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
#
bgp 100
peer 3.3.3.9 as-number 100
peer 3.3.3.9 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization peer 3.3.3.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 3.3.3.9 enable
#
ipv4-family vpn-instance vpna
peer 10.1.1.1 as-number 65410
#
ipv4-family vpn-instance vpnb
peer 10.2.1.1 as-number 65420
#
ospf 1
area 0.0.0.0
network 11.11.11.0 0.0.0.255
network 1.1.1.9 0.0.0.0
#
return
P的配置文件
#
sysname P
#
mpls lsr-id 2.2.2.9
mpls
#
mpls ldp
#
interface GigabitEthernet1/0/0undo shutdown
ip address 11.11.11.2 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet2/0/0undo shutdown
ip address 12.12.12.1 255.255.255.0
mpls
mpls ldp
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 11.11.11.0 0.0.0.255
network 12.12.12.0 0.0.0.255
network 2.2.2.9 0.0.0.0
#
return
PE2的配置文件
#
sysname PE2
#
ip vpn-instance vpna
ipv4-family
route-distinguisher 200:1
apply-label per-instance
vpn-target 111:1 export-extcommunity
vpn-target 111:1 import-extcommunity
#
ip vpn-instance vpnb
ipv4-family
route-distinguisher 200:2
apply-label per-instance
vpn-target 222:2 export-extcommunity
vpn-target 222:2 import-extcommunity
#
mpls lsr-id 3.3.3.9
#
mpls
#
mpls ldp
#
interface GigabitEthernet1/0/0undo shutdown
ip binding vpn-instance vpna
ip address 10.3.1.2 255.255.255.0
#
interface GigabitEthernet2/0/0undo shutdown
ip binding vpn-instance vpnb
ip address 10.4.1.2 255.255.255.0
#
interface GigabitEthernet3/0/0undo shutdown
ip address 12.12.12.2 255.255.255.0
mpls
mpls ldp
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
#
bgp 100
peer 1.1.1.9 as-number 100
peer 1.1.1.9 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization peer 1.1.1.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 1.1.1.9 enable
#
ipv4-family vpn-instance vpna
peer 10.3.1.1 as-number 65430
#
ipv4-family vpn-instance vpnb
peer 10.4.1.1 as-number 65440
#
ospf 1
area 0.0.0.0
network 12.12.12.0 0.0.0.255
network 3.3.3.9 0.0.0.0
#
return
CE1的配置文件
#
sysname CE1
#
interface GigabitEthernet1/0/0undo shutdown
ip address 10.1.1.1 255.255.255.0
#
interface LoopBack1
ip address 11.11.11.11 255.255.255.255
#
bgp 65410
peer 10.1.1.2 as-number 100
#
ipv4-family unicast
undo synchronization peer 10.1.1.2 enable network 11.11.11.11 255.255.255.255
#
return
CE2的配置文件
#
sysname CE2
#
interface GigabitEthernet1/0/0undo shutdown
ip address 10.2.1.1 255.255.255.0
#
interface LoopBack1
ip address 22.22.22.22 255.255.255.255
#
bgp 65420
peer 10.2.1.2 as-number 100
#
ipv4-family unicast
undo synchronization peer 10.2.1.2 enable network 22.22.22.22 255.255.255.255
#
return
CE3的配置文件
#
sysname CE3
#
interface GigabitEthernet1/0/0undo shutdown
ip address 10.3.1.1 255.255.255.0
#
interface LoopBack1
ip address 33.33.33.33 255.255.255.255
#
bgp 65430
peer 10.3.1.2 as-number 100
network 33.33.33.33 255.255.255.255
#
ipv4-family unicast
undo synchronization peer 10.3.1.2 enable
#
return
CE4的配置文件
#
sysname CE4
#
interface GigabitEthernet1/0/0undo shutdown
ip address 10.4.1.1 255.255.255.0
#
interface LoopBack1
ip address 44.44.44.44 255.255.255.255
#
bgp 65440
peer 10.4.1.2 as-number 100
#
ipv4-family unicast
undo synchronization peer 10.4.1.2 enable network 44.44.44.44 255.255.255.255
#
return
