华为mpls vpn跨域方案A

跨域方案A原理(缺点是两个as如果有多个ce的话,要用多条的物理连接或子接口连接,不实用):

1、pe和P都和单域一样配置,只是asbr-pe配置不同

2、2个asbr-pe配置上面建立ip vpn-instance 实例

3、2个asbr-pe互联接口上一样要绑定vpn实例

3、2个asbr-pe在bgp的vpn实例中建立EBGP邻居

ipv4-fimary vpn-innstance a

peer XXX as //建立邻居

R1

ip vpn-instance a

ipv4-family

route-distinguisher 1:1

vpn-target 100:100 export-extcommunity

vpn-target 100:100 import-extcommunity

mpls lsr-id 1.1.1.1

mpls

mpls ldp

interface GigabitEthernet0/0/0

ip address 10.0.12.1 255.255.255.0

mpls

mpls ldp

interface GigabitEthernet0/0/1

ip binding vpn-instance a

ip address 10.0.17.1 255.255.255.0

ospf enable 2 area 0.0.0.0

interface GigabitEthernet0/0/2

interface NULL0

interface LoopBack0

ip address 1.1.1.1 255.255.255.255

bgp 100

peer 2.2.2.2 as-number 100

peer 2.2.2.2 connect-interface LoopBack0

ipv4-family unicast

undo synchronization

peer 2.2.2.2 enable

ipv4-family vpnv4

policy vpn-target

peer 2.2.2.2 enable

ipv4-family vpn-instance a

import-route ospf 2

ospf 1

area 0.0.0.0

network 0.0.0.0 255.255.255.255

ospf 2 vpn-instance a

import-route bgp

area 0.0.0.0

R2

mpls lsr-id 2.2.2.2

mpls

mpls ldp

interface GigabitEthernet0/0/0

ip address 10.0.12.2 255.255.255.0

mpls

mpls ldp

interface GigabitEthernet0/0/1

ip address 10.0.23.2 255.255.255.0

mpls

mpls ldp

interface GigabitEthernet0/0/2

interface NULL0

interface LoopBack0

ip address 2.2.2.2 255.255.255.255

bgp 100

peer 1.1.1.1 as-number 100

peer 1.1.1.1 connect-interface LoopBack0

peer 3.3.3.3 as-number 100

peer 3.3.3.3 connect-interface LoopBack0

ipv4-family unicast

undo synchronization

peer 1.1.1.1 enable

peer 1.1.1.1 reflect-client

peer 3.3.3.3 enable

peer 3.3.3.3 reflect-client

ipv4-family vpnv4

undo policy vpn-target

peer 1.1.1.1 enable

peer 1.1.1.1 reflect-client

peer 3.3.3.3 enable

peer 3.3.3.3 reflect-client

ospf 1

area 0.0.0.0

network 0.0.0.0 255.255.255.255

R3:

ip vpn-instance a

ipv4-family

route-distinguisher 1:1

vpn-target 100:100 export-extcommunity

vpn-target 100:100 import-extcommunity

mpls lsr-id 3.3.3.3

mpls

mpls ldp

interface GigabitEthernet0/0/0

ip address 10.0.23.3 255.255.255.0

mpls

mpls ldp

interface GigabitEthernet0/0/1

ip binding vpn-instance a

ip address 10.0.34.3 255.255.255.0

interface GigabitEthernet0/0/2

interface NULL0

interface LoopBack0

ip address 3.3.3.3 255.255.255.255

bgp 100

peer 2.2.2.2 as-number 100

peer 2.2.2.2 connect-interface LoopBack0

ipv4-family unicast

undo synchronization

peer 2.2.2.2 enable

ipv4-family vpnv4

policy vpn-target

peer 2.2.2.2 enable

ipv4-family vpn-instance a

peer 10.0.34.4 as-number 200

ospf 1

area 0.0.0.0

network 0.0.0.0 255.255.255.255

R4

ip vpn-instance a

ipv4-family

route-distinguisher 1:1

vpn-target 100:100 export-extcommunity

vpn-target 100:100 import-extcommunity

mpls lsr-id 4.4.4.4

mpls

mpls ldp

interface GigabitEthernet0/0/0

ip binding vpn-instance a

ip address 10.0.34.4 255.255.255.0

interface GigabitEthernet0/0/1

ip address 10.0.41.4 255.255.255.0

mpls

mpls ldp

interface GigabitEthernet0/0/2

interface NULL0

interface LoopBack0

ip address 4.4.4.4 255.255.255.255

bgp 200

peer 10.10.10.10 as-number 200

peer 10.10.10.10 connect-interface LoopBack0

ipv4-family unicast

undo synchronization

peer 10.10.10.10 enable

ipv4-family vpnv4

policy vpn-target

peer 10.10.10.10 enable

ipv4-family vpn-instance a

peer 10.0.34.3 as-number 100

ospf 1

area 0.0.0.0

network 4.4.4.4 0.0.0.0

network 10.0.41.4 0.0.0.0

R7

router id 7.7.7.7

interface GigabitEthernet0/0/0

ip address 10.0.17.7 255.255.255.0

ospf enable 1 area 0.0.0.0

interface LoopBack0

ip address 7.7.7.7 255.255.255.255

ospf enable 1 area 0.0.0.0

ospf 1

area 0.0.0.0

R10

mpls lsr-id 10.10.10.10

mpls

mpls ldp

interface GigabitEthernet0/0/0

ip address 10.0.41.10 255.255.255.0

mpls

mpls ldp

interface GigabitEthernet0/0/1

ip address 10.0.111.10 255.255.255.0

mpls

mpls ldp

interface GigabitEthernet0/0/2

interface NULL0

interface LoopBack0

ip address 10.10.10.10 255.255.255.255

bgp 200

peer 4.4.4.4 as-number 200

peer 4.4.4.4 connect-interface LoopBack0

peer 11.11.11.11 as-number 200

peer 11.11.11.11 connect-interface LoopBack0

ipv4-family unicast

undo synchronization

peer 4.4.4.4 enable

peer 11.11.11.11 enable

ipv4-family vpnv4

undo policy vpn-target

peer 4.4.4.4 enable

peer 4.4.4.4 reflect-client

peer 11.11.11.11 enable

peer 11.11.11.11 reflect-client

ospf 1

area 0.0.0.0

network 10.0.41.10 0.0.0.0

network 10.0.111.10 0.0.0.0

network 10.10.10.10 0.0.0.0

R11

ip vpn-instance a

ipv4-family

route-distinguisher 1:1

vpn-target 100:100 export-extcommunity

vpn-target 100:100 import-extcommunity

mpls lsr-id 11.11.11.11

mpls

mpls ldp

interface GigabitEthernet0/0/0

ip address 10.0.111.11 255.255.255.0

mpls

mpls ldp

interface GigabitEthernet0/0/1

ip binding vpn-instance a

ip address 10.0.112.1 255.255.255.0

interface GigabitEthernet0/0/2

interface NULL0

interface LoopBack0

ip address 11.11.11.11 255.255.255.255

bgp 200

peer 10.10.10.10 as-number 200

peer 10.10.10.10 connect-interface LoopBack0

ipv4-family unicast

undo synchronization

peer 10.10.10.10 enable

ipv4-family vpnv4

policy vpn-target

peer 10.10.10.10 enable

ipv4-family vpn-instance a

import-route ospf 2

ospf 1

area 0.0.0.0

network 10.0.111.11 0.0.0.0

network 11.11.11.11 0.0.0.0

ospf 2 vpn-instance a

import-route bgp

area 0.0.0.0

network 10.0.112.1 0.0.0.0

R12

interface GigabitEthernet0/0/0

ip address 10.0.112.2 255.255.255.0

interface GigabitEthernet0/0/1

interface GigabitEthernet0/0/2

interface NULL0

interface LoopBack0

ip address 12.12.12.12 255.255.255.255

ospf 1

area 0.0.0.0

network 10.0.112.2 0.0.0.0

network 12.12.12.12 0.0.0.0

相关推荐
李李李李李同学26 分钟前
等保测评讲解初测和复测有哪些区别
网络·安全·信息安全等级保护测评
长弓三石35 分钟前
鸿蒙网络编程系列50-仓颉版TCP回声服务器示例
网络·tcp/ip·harmonyos
网络安全-老纪2 小时前
网工考试——网络安全
网络·安全·web安全
孪生质数-2 小时前
国际环境和背景下的云计算领域
网络·科技·云计算
期待未来的男孩2 小时前
安全加固方案
java·网络·安全
闲人-闲人3 小时前
HTTP Accept用法介绍
网络·网络协议·http
xiaoxiongip6663 小时前
HTTP工作原理
网络·网络协议·http·https·ip
_可乐无糖3 小时前
如何还原 HTTP 请求日志中的 URL 编码参数?详解 %40 到 @
网络·python·https
李李李李李同学4 小时前
等保测评讲解:安全管理中心
网络