15908188107
成都智连达科技有限公司
成都市新都区大丰街道南丰大道二巷349号
360887580@qq.com
目 录
本文介绍了通过MPLS L3VPN技术在MPLS骨干网络中提供VPN服务的典型配置案例。
产品 | 软件版本 |
S10500系列以太网交换机 | Release 1120系列,Release 1130系列,Release 1200系列 |
S5800系列以太网交换机 | Release 1808 |
如图1所示,Customer A和Customer B分别有位于两地的分支机构,需要通过运营商的MPLS骨干网实现VPN连接,并且两个用户所使用的私有地址段有部分重复。
现要求通过MPLS L3VPN技术,实现用户分支机构间路由信息的正常交互,且用户数据可以通过VPN方式在各站点间安全传输,不会发送至私网IP地址相同的其它用户站点中。
· 在MPLS骨干网络中配置路由协议,并根据路由协议生成公网标签,作为VPN报文的外层标签。
· 为区分不同用户的路由信息,在PE上创建VPN实例,并通过RD和VPN Target区分各实例,在各实例内通过BGP分别引入不同用户的内网路由。
· 在PE设备之间配置MP-BGP协议并建立对等体,用于传输VPN的内网路由信息并生成内层标签。
由于在配置接口与VPN实例绑定后,接口上的IP地址配置会清除,因此先配置接口与VPN实例的绑定关系,再配置IP地址。
(1) 在MPLS骨干网上配置IGP协议,实现骨干网PE和P的互通
# 配置PE 1。
<PE1> system-view
[PE1] interface loopback 0
[PE1-LoopBack0] ip address 1.1.1.9 32
[PE1-LoopBack0] quit
[PE1] vlan 2
[PE1-vlan2] port gigabitethernet 1/0/2
[PE1-vlan2] quit
[PE1] interface vlan-interface 2
[PE1-Vlan-interface2] ip address 10.1.1.1 24
[PE1-Vlan-interface2] quit
[PE1] ospf
[PE1-ospf-1] area 0
[PE1-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255
[PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0
[PE1-ospf-1-area-0.0.0.0] quit
[PE1-ospf-1] quit
# 配置P。
<P> system-view
[P] interface loopback 0
[P-LoopBack0] ip address 2.2.2.9 32
[P-LoopBack0] quit
[P] vlan 2
[P-vlan2] port gigabitethernet 1/0/2
[P-vlan2] quit
[P] vlan 5
[P-vlan5] port gigabitethernet 1/0/3
[P-vlan5] quit
[P] interface vlan-interface 2
[P-Vlan-interface2] ip address 10.1.1.2 24
[P-Vlan-interface2] quit
[P] interface vlan-interface 5
[P-Vlan-interface5] ip address 10.1.4.1 24
[P-Vlan-interface5] quit
[P] ospf
[P-ospf-1] area 0
[P-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255
[P-ospf-1-area-0.0.0.0] network 10.1.4.0 0.0.0.255
[P-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0
[P-ospf-1-area-0.0.0.0] quit
[P-ospf-1] quit
# 配置PE 2。
<PE2> system-view
[PE2] interface loopback 0
[PE2-LoopBack0] ip address 3.3.3.9 32
[PE2-LoopBack0] quit
[PE2] vlan 5
[PE2-vlan5] port gigabitethernet 1/0/1
[PE2-vlan5] quit
[PE2] interface vlan-interface 5
[PE2-Vlan-interface5] ip address 10.1.4.2 24
[PE2-Vlan-interface5] quit
[PE2] ospf
[PE2-ospf-1] area 0
[PE2-ospf-1-area-0.0.0.0] network 10.1.4.0 0.0.0.255
[PE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0
[PE2-ospf-1-area-0.0.0.0] quit
[PE2-ospf-1] quit
配置完成后,PE 1、P、PE 2之间应能建立OSPF邻居,执行display ospf peer命令可以看到邻居达到FULL状态。执行display ip routing-table命令可以看到PE之间学习到对方的Loopback路由。
以PE 1为例:
[PE1] display ip routing-table
Routing Tables: Public
Destinations : 8 Routes : 8
Destination/Mask Proto Pre Cost NextHop Interface
1.1.1.9/32 Direct 0 0 127.0.0.1 InLoop0
2.2.2.9/32 OSPF 10 1 10.1.1.2 Vlan2
3.3.3.9/32 OSPF 10 2 10.1.1.2 Vlan2
10.1.1.0/24 Direct 0 0 10.1.1.1 Vlan2
10.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0
10.1.4.0/24 OSPF 10 2 10.1.1.2 Vlan2
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
[PE1] display ospf peer verbose
OSPF Process 1 with Router ID 1.1.1.9
Neighbors
Area 0.0.0.0 interface 10.1.1.1(Vlan-interface2)'s neighbors
Router ID: 2.2.2.9 Address: 10.1.1.2 GR State: Normal
State: Full Mode: Nbr is Master Priority: 1
DR: 10.1.1.1 BDR: 10.1.1.2 MTU: 0
Dead timer due in 35 sec
Neighbor is up for 00:04:03
Authentication Sequence: [ 0 ]
Neighbor state change count: 5
(2) 在MPLS骨干网上配置MPLS基本能力和MPLS LDP,建立LDP LSP
# 配置PE 1。
[PE1] mpls lsr-id 1.1.1.9
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1] interface vlan-interface 2
[PE1-Vlan-interface2] mpls
[PE1-Vlan-interface2] mpls ldp
[PE1-Vlan-interface2] quit
# 配置P。
[P] mpls lsr-id 2.2.2.9
[P] mpls
[P-mpls] quit
[P] mpls ldp
[P-mpls-ldp] quit
[P] interface vlan-interface 2
[P-Vlan-interface2] mpls
[P-Vlan-interface2] mpls ldp
[P-Vlan-interface2] quit
[P] interface vlan-interface 5
[P-Vlan-interface5] mpls
[P-Vlan-interface5] mpls ldp
[P-Vlan-interface5] quit
# 配置PE 2。
[PE2] mpls lsr-id 3.3.3.9
[PE2] mpls
[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit
[PE2] interface vlan-interface 5
[PE2-Vlan-interface5] mpls
[PE2-Vlan-interface5] mpls ldp
[PE2-Vlan-interface5] quit
上述配置完成后,PE 1、P、PE 2之间应能建立LDP会话,执行display mpls ldp session命令可以看到显示结果中Session State项为Operational。执行display mpls ldp lsp命令,可以看到LDP LSP的建立情况。
以PE 1为例:
[PE1] display mpls ldp session
LDP Session(s) in Public Network
Total number of sessions: 2
------------------------------------------------------------------------------
Peer-ID Status SsnRole FT MD5 KA-Sent/Rcv
------------------------------------------------------------------------------
2.2.2.9:0 Operational Passive Off Off 31/31
3.3.3.9:0 Operational Passive Off Off 25/25
------------------------------------------------------------------------------
FT : Fault Tolerance
[PE1] display mpls ldp lsp
LDP LSP Information
-------------------------------------------------------------------------------
SN DestAddress/Mask In/OutLabel Next-Hop In/Out-Interface
-------------------------------------------------------------------------------
1 1.1.1.9/32 3/NULL 127.0.0.1 -------/InLoop0
2 2.2.2.9/32 NULL/3 10.1.1.2 -------/Vlan2
3 3.3.3.9/32 NULL/1028 10.1.1.2 -------/Vlan2
4 10.1.4.0/24 NULL/1026 10.1.1.2 -------/Vlan2
-------------------------------------------------------------------------------
A '*' before an LSP means the LSP is not established
A '*' before a Label means the USCB or DSCB is stale
A '>' before an LSP means the LSP may be inactive
(3) 在PE设备上配置VPN实例,并配置与之连接的CE
# 在PE1上为Customer A创建VPN实例,名为“customerA”。
[PE1] ip vpn-instance customerA
[PE1-vpn-instance-customerA]
# 为该实例配置RD为100:1,用于在公网传输该VPN路由时,能够以VPNv4地址进行交互,从而使对方CE能够正确识别。(RD必须在MPLS网络中全局唯一)
[PE1-vpn-instance-customerA] route-distinguisher 100:1
# 为该VPN实例配置VPN Target属性,其中接收路由的属性为111:1,发布路由的属性为222:1。(此处为表示接收和发送属性的含义,取值有所不同,为便于管理,用户可以将接收和发送的属性配置为相同的值)
[PE1-vpn-instance-customerA] vpn-target 111:1 import-extcommunity
[PE1-vpn-instance-customerA] vpn-target 222:1 export-extcommunity
[PE1-vpn-instance-customerA] quit
# 按同样方式为Customer B创建VPN实例,名为“customerB”,并为其配置RD为200:1,接收和发送的VPN Target属性分别为333:1和444:1。
[PE1] ip vpn-instance customerB
[PE1-vpn-instance-customerB] route-distinguisher 200:1
[PE1-vpn-instance-customerB] vpn-target 333:1 import-extcommunity
[PE1-vpn-instance-customerB] vpn-target 444:1 export-extcommunity
[PE1-vpn-instance-customerB] quit
# 配置Vlan-interface100与VPN实例customerA进行绑定。
[PE1] vlan 100
[PE1-vlan100] port gigabitethernet 1/0/1
[PE1-vlan100] quit
[PE1] interface vlan-interface 100
[PE1-Vlan-interface100] ip binding vpn-instance customerA
[PE1-Vlan-interface100] ip address 100.1.1.2 24
[PE1-Vlan-interface100] quit
# 配置Vlan-interface200与VPN实例customerB进行绑定。
[PE1] vlan 200
[PE1-vlan200] port gigabitethernet 1/0/3
[PE1-vlan200] quit
[PE1] interface vlan-interface 200
[PE1-Vlan-interface200] ip binding vpn-instance customerB
[PE1-Vlan-interface200] ip address 200.1.1.2 24
[PE1-Vlan-interface200] quit
# 在PE2上为Customer A创建VPN实例,名为“customerA”。
[PE2] ip vpn-instance customerA
[PE2-vpn-instance-customerA]
# 为该VPN实例配置RD,建议与PE1上为该实例配置的RD保持一致。
[PE2-vpn-instance-customerA] route-distinguisher 100:1
# 为该VPN实例配置VPN Target,需要注意的是接收和发送的属性要分别与PE1上配置的发送和接收的属性保持一致。
[PE2-vpn-instance-customerA] vpn-target 222:1 import-extcommunity
[PE2-vpn-instance-customerA] vpn-target 111:1 export-extcommunity
[PE2-vpn-instance-customerA] quit
# 按同样方式配置VPN实例“customerB”,并配置相应的RD和VPN Target。
[PE2] ip vpn-instance customerB
[PE2-vpn-instance-customerB] route-distinguisher 200:1
[PE2-vpn-instance-customerB] vpn-target 444:1 import-extcommunity
[PE2-vpn-instance-customerB] vpn-target 333:1 export-extcommunity
# 分别将Vlan-interface101和Vlan-interface202与customerA和customerB实例进行绑定。
[PE2-vpn-instance-customerB] quit
[PE2] interface vlan-interface 101
[PE2-Vlan-interface101] ip binding vpn-instance customerA
[PE2-Vlan-interface101] ip address 101.1.1.1 24
[PE2-Vlan-interface101] quit
[PE2] interface vlan-interface 202
[PE2-Vlan-interface202] ip binding vpn-instance customerB
[PE2-Vlan-interface202] ip address 202.1.1.2 24
[PE2-Vlan-interface202] quit
# 按图1配置各CE的接口IP地址,配置过程略。
配置完成后,在PE设备上执行display ip vpn-instance命令可以看到VPN实例的配置情况。各PE能ping通自己接入的CE。
以PE 1和CE 1为例:
[PE1] display ip vpn-instance
Total VPN-Instances configured : 2
VPN-Instance Name RD Create time
customerA 100:1 2013/04/26 18:44:44
customerB 200:1 2013/04/26 18:45:12
[PE1] ping -vpn-instance customerA 100.1.1.1
PING 100.1.1.1: 56 data bytes, press CTRL_C to break
Reply from 100.1.1.1: bytes=56 Sequence=0 ttl=255 time=6 ms
Reply from 100.1.1.1: bytes=56 Sequence=1 ttl=255 time=2 ms
Reply from 100.1.1.1: bytes=56 Sequence=2 ttl=255 time=2 ms
Reply from 100.1.1.1: bytes=56 Sequence=3 ttl=255 time=2 ms
Reply from 100.1.1.1: bytes=56 Sequence=4 ttl=255 time=3 ms
--- 100.1.1.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 2/3/6 ms
(4) 在PE与CE之间配置路由交换,本例中以使用EBGP为例
# 在CE1上创建BGP进程65410,并指定PE1为对等体,对等体自治系统号为100。
<CE1> system-view
[CE1] bgp 65410
[CE1-bgp] peer 100.1.1.2 as-number 100
# 将CE1上连接站点的直连接口路由引入EBGP。
[CE1-bgp] import-route direct
[CE1-bgp] quit
# 在PE1上创建BGP进程100,将VPN实例customerA与IPv4地址族进行关联。
[PE1] bgp 100
[PE1-bgp] ipv4-family vpn-instance customerA
# 将CE1指定为对等体,并将CE1的直连路由引入到BGP-VPN实例路由表中。
[PE1-bgp-ipv4-customerA] peer 100.1.1.1 as-number 65410
[PE1-bgp-ipv4-customerA] import-route direct
[PE1-bgp-ipv4-customerA] quit
# 在CE2上创建BGP进程65420,并指定PE1为对等体,自治系统号为100。
<CE2> system-view
[CE2] bgp 65420
[CE2-bgp] peer 200.1.1.2 as-number 100
# 将CE2上连接站点的直连接口路由引入EBGP。
[CE2-bgp] import-route direct
[CE2-bgp] quit
# 在PE1上的BGP进程100中,将VPN实例customerB与IPv4地址族进行关联。
[PE1-bgp] ipv4-family vpn-instance customerB
# 将CE2指定为对等体,并将CE2的直连路由引入到BGP-VPN实例路由表中。
[PE1-bgp-ipv4-customerB] peer 200.1.1.1 as-number 65420
[PE1-bgp-ipv4-customerB] import-route direct
[PE1-bgp-ipv4-customerB] quit
# 在CE3上创建BGP进程65430,并指定PE2为对等体,对等体自治系统号为100。
<CE3> system-view
[CE3] bgp 65430
[CE3-bgp] peer 101.1.1.1 as-number 100
# 将CE3上连接站点的直连接口路由引入EBGP。
[CE3-bgp] import-route direct
[CE3-bgp] quit
# 在PE2上创建BGP进程100,将VPN实例customerA与IPv4地址族进行关联。
[PE2] bgp 100
[PE2-bgp] ipv4-family vpn-instance customerA
# 将CE3指定为对等体,并将CE3的直连路由引入到BGP-VPN实例路由表中。
[PE1-bgp-ipv4-customerA] peer 101.1.1.2 as-number 65410
[PE1-bgp-ipv4-customerA] import-route direct
[PE1-bgp-ipv4-customerA] quit
# 在CE4上创建BGP进程65440,并指定PE2为对等体,自治系统号为100。
<CE4> system-view
[CE4] bgp 65440
[CE4-bgp] peer 202.1.1.2 as-number 100
# 将CE4上连接站点的直连接口路由引入EBGP。
[CE4-bgp] import-route direct
[CE4-bgp] quit
# 在PE2上的BGP进程100中,将VPN实例customerB与IPv4地址族进行关联。
[PE2-bgp] ipv4-family vpn-instance customerB
# 将CE2指定为对等体,并将CE4的直连路由引入到BGP-VPN实例路由表中。
[PE2-bgp-ipv4-customerB] peer 202.1.1.1 as-number 65440
[PE2-bgp-ipv4-customerB] import-route direct
[PE2-bgp-ipv4-customerB] quit
配置完成后,在PE设备上执行display bgp vpnv4 vpn-instance peer命令,可以看到PE与CE之间的BGP对等体关系已建立,并达到Established状态。
以PE 1与CE 1的对等体关系为例:
[PE1] display bgp vpnv4 vpn-instance customerA peer
BGP local router ID : 1.1.1.9
Local AS number : 100
Total number of peers : 1 Peers in established state : 1
Peer AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State
100.1.1.1 65410 9 10 0 3 00:06:46 Established
(5) 在PE之间建立MP-IBGP对等体,传输VPN路由信息
# 在PE1上配置PE2为BGP对等体,并指定连接时使用的接口为Loopback0接口。
[PE1] bgp 100
[PE1-bgp] peer 3.3.3.9 as-number 100
[PE1-bgp] peer 3.3.3.9 connect-interface loopback 0
#进入BGP-VPNv4子地址族视图,指定PE2为对等体。
[PE1-bgp] ipv4-family vpnv4
[PE1-bgp-af-vpnv4] peer 3.3.3.9 enable
[PE1-bgp-af-vpnv4] quit
[PE1-bgp] quit
# 在PE2上进行类似的配置。
[PE2] bgp 100
[PE2-bgp] peer 1.1.1.9 as-number 100
[PE2-bgp] peer 1.1.1.9 connect-interface loopback 0
[PE2-bgp] ipv4-family vpnv4
[PE2-bgp-af-vpnv4] peer 1.1.1.9 enable
[PE2-bgp-af-vpnv4] quit
[PE2-bgp] quit
配置完成后,在PE设备上执行display bgp peer或display bgp vpnv4 all peer命令,可以看到PE之间的BGP对等体关系已建立,并达到Established状态。
[PE1] display bgp peer
BGP local router ID : 1.1.1.9
Local AS number : 100
Total number of peers : 1 Peers in established state : 1
Peer AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State
3.3.3.9 100 8 8 0 0 00:00:08 Established
# 在PE设备上执行display ip routing-table vpn-instance命令,可以看到customerA的VPN实例路由表中去往CE3直连接口的路由,以及customerB的VPN实例路由表中去往CE4直连接口的路由。
以PE 1为例:
[PE1] display ip routing-table vpn-instance customerA
Routing Tables: customerA
Destinations : 7 Routes : 7
Destination/Mask Proto Pre Cost NextHop Interface
100.1.1.0/24 Direct 0 0 100.1.1.2 Vlan100
100.1.1.2/32 Direct 0 0 127.0.0.1 InLoop0
101.1.1.0/24 BGP 255 0 3.3.3.9 NULL0
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
172.16.0.0/24 BGP 255 0 100.1.1.1 Vlan100
172.16.1.0/24 BGP 255 0 3.3.3.9 NULL0
[PE1] display ip routing-table vpn-instance customerB
Routing Tables: customerB
Destinations : 8 Routes : 8
Destination/Mask Proto Pre Cost NextHop Interface
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
172.16.0.0/24 BGP 255 0 200.1.1.1 Vlan200
172.16.1.0/24 BGP 255 0 3.3.3.9 NULL0
200.1.1.0/24 Direct 0 0 200.1.1.2 Vlan200
200.1.1.2/32 Direct 0 0 127.0.0.1 InLoop0
202.1.1.0/24 BGP 255 0 3.3.3.9 NULL0
# 在CE1上查看路由表,可以看到已经学习到CE2连接站点直连接口的路由。
[CE1] display ip routing-table
Routing Tables: Public
Destinations : 10 Routes : 10
Destination/Mask Proto Pre Cost NextHop Interface
100.1.1.0/24 Direct 0 0 100.1.1.1 Vlan100
100.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0
101.1.1.0/24 BGP 255 0 100.1.1.2 Vlan100
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
172.16.0.0/24 Direct 0 0 172.16.0.1 Vlan300
172.16.0.1/32 Direct 0 0 127.0.0.1 InLoop0
172.16.1.0/24 BGP 255 0 100.1.1.2 Vlan100
# 在CE1上以CE3连接站点的直连接口为目的执行ping操作,操作成功。
[CE1] ping 172.16.1.1
PING 172.16.1.1: 56 data bytes, press CTRL_C to break
Reply from 172.16.1.1: bytes=56 Sequence=0 ttl=253 time=2 ms
Reply from 172.16.1.1: bytes=56 Sequence=1 ttl=253 time=2 ms
Reply from 172.16.1.1: bytes=56 Sequence=2 ttl=253 time=2 ms
Reply from 172.16.1.1: bytes=56 Sequence=3 ttl=253 time=3 ms
Reply from 172.16.1.1: bytes=56 Sequence=4 ttl=253 time=2 ms
--- 172.16.1.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 2/2/3 ms
# 在CE2设备上查看是否已经学习到CE4连接站点的直连接口路由,并执行ping操作确认连通性。
# 在CE1站点内部增加一个新的网段路由,以10.32.10.0/24为例,在CE1上查看已存在该路由。
[CE1] display ip routing-table
Routing Tables: Public
Destinations : 9 Routes : 9
Destination/Mask Proto Pre Cost NextHop Interface
10.32.10.0/24 BGP 255 0 172.16.0.2 Vlan300
100.1.1.0/24 Direct 0 0 100.1.1.1 Vlan100
100.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0
101.1.1.0/24 BGP 255 0 100.1.1.2 Vlan100
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
172.16.0.0/24 Direct 0 0 172.16.0.1 Vlan300
172.16.0.1/32 Direct 0 0 127.0.0.1 InLoop0
172.16.1.0/24 BGP 255 0 100.1.1.2 Vlan100
# 在CE3设备上查看,发现已经学习到该私网路由,表示配置成功。
[CE3] display ip routing-table
Routing Tables: Public
Destinations : 9 Routes : 9
Destination/Mask Proto Pre Cost NextHop Interface
10.32.10.0/24 BGP 255 0 101.1.1.1 Vlan101
100.1.1.0/24 BGP 255 0 101.1.1.1 Vlan101
101.1.1.0/24 Direct 0 0 101.1.1.2 Vlan101
101.1.1.2/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
172.16.0.0/24 BGP 255 0 101.1.1.1 Vlan101
172.16.1.0/24 Direct 0 0 172.16.1.1 Vlan300
172.16.1.1/32 Direct 0 0 127.0.0.1 InLoop0
· PE1的配置文件
#
mpls lsr-id 1.1.1.9
#
ip vpn-instance customerA
route-distinguisher 100:1
vpn-target 222:1 export-extcommunity
vpn-target 111:1 import-extcommunity
#
ip vpn-instance customerB
route-distinguisher 200:1
vpn-target 444:1 export-extcommunity
vpn-target 333:1 import-extcommunity
#
vlan 2
#
vlan 100
#
vlan 200
#
mpls
lsp-trigger all
#
mpls ldp
#
interface LoopBack0
ip address 1.1.1.9 255.255.255.255
#
interface Vlan-interface2
ip address 10.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface Vlan-interface100
ip binding vpn-instance customerA
ip address 100.1.1.2 255.255.255.0
#
interface Vlan-interface200
ip binding vpn-instance customerB
ip address 200.1.1.2 255.255.255.0
#
interface GigabitEthernet1/0/1
port link-mode bridge
port access vlan 100
#
interface GigabitEthernet1/0/2
port link-mode bridge
port access vlan 2
#
interface GigabitEthernet1/0/3
port link-mode bridge
port access vlan 200
#
bgp 100
undo synchronization
peer 3.3.3.9 as-number 100
peer 3.3.3.9 connect-interface LoopBack0
#
ipv4-family vpn-instance customerA
peer 100.1.1.1 as-number 65410
import-route direct
#
ipv4-family vpn-instance customerB
peer 200.1.1.1 as-number 65420
import-route direct
#
ipv4-family vpnv4
peer 3.3.3.9 enable
#
ospf 1
area 0.0.0.0
network 10.1.1.0 0.0.0.255
network 1.1.1.9 0.0.0.0
· P的配置文件
#
mpls lsr-id 2.2.2.9
#
vlan 2
#
vlan 5
#
mpls
lsp-trigger all
#
mpls ldp
#
interface LoopBack0
ip address 2.2.2.9 255.255.255.255
#
interface Vlan-interface2
ip address 10.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface Vlan-interface5
ip address 10.1.4.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet1/0/2
port link-mode bridge
port access vlan 2
#
interface GigabitEthernet1/0/3
port link-mode bridge
port access vlan 5
#
ospf 1
area 0.0.0.0
network 10.1.1.0 0.0.0.255
network 10.1.4.0 0.0.0.255
network 2.2.2.9 0.0.0.0
· PE2的配置文件
#
mpls lsr-id 3.3.3.9
#
ip vpn-instance customerA
route-distinguisher 100:1
vpn-target 111:1 export-extcommunity
vpn-target 222:1 import-extcommunity
#
ip vpn-instance customerB
route-distinguisher 200:1
vpn-target 333:1 export-extcommunity
vpn-target 444:1 import-extcommunity
#
vlan 5
#
vlan 101
#
vlan 202
#
mpls
lsp-trigger all
#
mpls ldp
#
interface LoopBack0
ip address 3.3.3.9 255.255.255.255
#
interface Vlan-interface5
ip address 10.1.4.2 255.255.255.0
mpls
mpls ldp
#
interface Vlan-interface101
ip binding vpn-instance customerA
ip address 101.1.1.1 255.255.255.0
#
interface Vlan-interface202
ip binding vpn-instance customerB
ip address 202.1.1.2 255.255.255.0
#
interface GigabitEthernet1/0/1
port link-mode bridge
port access vlan 5
#
interface GigabitEthernet1/0/2
port link-mode bridge
port access vlan 101
#
interface GigabitEthernet1/0/3
port link-mode bridge
port access vlan 202
#
bgp 100
undo synchronization
peer 1.1.1.9 as-number 100
peer 1.1.1.9 connect-interface LoopBack0
#
ipv4-family vpn-instance customerA
peer 101.1.1.2 as-number 65430
import-route direct
#
ipv4-family vpn-instance customerB
peer 202.1.1.1 as-number 65440
import-route direct
#
ipv4-family vpnv4
peer 1.1.1.9 enable
#
ospf 1
area 0.0.0.0
network 10.1.4.0 0.0.0.255
network 3.3.3.9 0.0.0.0
购物车