华为mpls vpn方案B配置案例带RR

yenggd2024-02-24 8:12

方案B的特点是asbr互连要开mpls,但不开ldp,因为要用mpls标签转发数据包。

asbr设备上不用起vpn-instance,把vpnv4路由过滤关掉即可接收经过的vpnv4的vpn-instance路由

拓扑图中的业务数据和控制数据会自动分开不用特别的设置,原因是mpls是根据IGP的优先级进行转发的,也就是根据ospf转发,ospf会自动选择最优的下面走,所以业务数据会自动走下面,只有路由控制数据才会走上面RR

R2

router id 2.2.2.2

wlan ac-global carrier id other ac id 0

set cpu-usage threshold 80 restore 75

ip vpn-instance vpn

ipv4-family

route-distinguisher 100:1

vpn-target 100:1 export-extcommunity

vpn-target 100:1 import-extcommunity

mpls lsr-id 2.2.2.2

mpls

mpls ldp

aaa

authentication-scheme default

authorization-scheme default

accounting-scheme default

domain default

domain default_admin

local-user admin password cipher % % K8m.Nt84DZ}e#<0`8bmE3Uw}% %

local-user admin service-type http

firewall zone Local

priority 15

interface GigabitEthernet0/0/0

ip binding vpn-instance vpn

ip address 10.0.12.2 255.255.255.0

interface GigabitEthernet0/0/1

ip address 10.0.23.2 255.255.255.0

mpls

mpls ldp

interface GigabitEthernet0/0/2

ip address 10.0.24.2 255.255.255.0

ospf enable 1 area 0.0.0.0

mpls

mpls ldp

interface NULL0

interface LoopBack0

ip address 2.2.2.2 255.255.255.255

ospf enable 1 area 0.0.0.0

bgp 100

peer 3.3.3.3 as-number 100

peer 3.3.3.3 connect-interface LoopBack0

ipv4-family unicast

undo synchronization

peer 3.3.3.3 enable

ipv4-family vpnv4

policy vpn-target

peer 3.3.3.3 enable

ipv4-family vpn-instance vpn

peer 10.0.12.1 as-number 65001

ospf 1

area 0.0.0.0

network 10.0.23.2 0.0.0.0

R3:

router id 3.3.3.3

wlan ac-global carrier id other ac id 0

set cpu-usage threshold 80 restore 75

mpls lsr-id 3.3.3.3

mpls

mpls ldp

aaa

authentication-scheme default

authorization-scheme default

accounting-scheme default

domain default

domain default_admin

local-user admin password cipher % % K8m.Nt84DZ}e#<0`8bmE3Uw}% %

local-user admin service-type http

firewall zone Local

priority 15

interface GigabitEthernet0/0/0

ip address 10.0.23.3 255.255.255.0

mpls

mpls ldp

interface GigabitEthernet0/0/1

ip address 10.0.34.3 255.255.255.0

mpls

mpls ldp

interface GigabitEthernet0/0/2

interface NULL0

interface LoopBack0

ip address 3.3.3.3 255.255.255.255

ospf enable 1 area 0.0.0.0

bgp 100

peer 2.2.2.2 as-number 100

peer 2.2.2.2 connect-interface LoopBack0

peer 4.4.4.4 as-number 100

peer 4.4.4.4 connect-interface LoopBack0

ipv4-family unicast

undo synchronization

peer 2.2.2.2 enable

peer 4.4.4.4 enable

ipv4-family vpnv4

undo policy vpn-target

peer 2.2.2.2 enable

peer 2.2.2.2 reflect-client

peer 4.4.4.4 enable

peer 4.4.4.4 reflect-client

ospf 1

area 0.0.0.0

network 10.0.23.3 0.0.0.0

network 10.0.34.3 0.0.0.0

R4

router id 4.4.4.4

wlan ac-global carrier id other ac id 0

set cpu-usage threshold 80 restore 75

mpls lsr-id 4.4.4.4

mpls

mpls ldp

aaa

authentication-scheme default

authorization-scheme default

accounting-scheme default

domain default

domain default_admin

local-user admin password cipher % % K8m.Nt84DZ}e#<0`8bmE3Uw}% %

local-user admin service-type http

firewall zone Local

priority 15

interface GigabitEthernet0/0/0

ip address 10.0.34.4 255.255.255.0

mpls

mpls ldp

interface GigabitEthernet0/0/1

ip address 10.0.45.4 255.255.255.0

mpls

interface GigabitEthernet0/0/2

ip address 10.0.24.4 255.255.255.0

ospf enable 1 area 0.0.0.0

mpls

mpls ldp

interface NULL0

interface LoopBack0

ip address 4.4.4.4 255.255.255.255

ospf enable 1 area 0.0.0.0

bgp 100

peer 3.3.3.3 as-number 100

peer 3.3.3.3 connect-interface LoopBack0

peer 10.0.45.5 as-number 200

ipv4-family unicast

undo synchronization

peer 3.3.3.3 enable

peer 10.0.45.5 enable

ipv4-family vpnv4

undo policy vpn-target

peer 3.3.3.3 enable

peer 10.0.45.5 enable

ospf 1

area 0.0.0.0

network 10.0.34.4 0.0.0.0

R5

router id 5.5.5.5

wlan ac-global carrier id other ac id 0

set cpu-usage threshold 80 restore 75

mpls lsr-id 5.5.5.5

mpls

mpls ldp

aaa

authentication-scheme default

authorization-scheme default

accounting-scheme default

domain default

domain default_admin

local-user admin password cipher % % K8m.Nt84DZ}e#<0`8bmE3Uw}% %

local-user admin service-type http

firewall zone Local

priority 15

interface GigabitEthernet0/0/0

ip address 10.0.45.5 255.255.255.0

mpls

interface GigabitEthernet0/0/1

ip address 10.0.56.5 255.255.255.0

mpls

mpls ldp

interface GigabitEthernet0/0/2

ip address 10.0.57.5 255.255.255.0

ospf enable 1 area 0.0.0.0

mpls

mpls ldp

interface NULL0

interface LoopBack0

ip address 5.5.5.5 255.255.255.255

ospf enable 1 area 0.0.0.0

bgp 200

peer 6.6.6.6 as-number 200

peer 6.6.6.6 connect-interface LoopBack0

peer 10.0.45.4 as-number 100

ipv4-family unicast

undo synchronization

peer 6.6.6.6 enable

peer 10.0.45.4 enable

ipv4-family vpnv4

undo policy vpn-target

peer 6.6.6.6 enable

peer 10.0.45.4 enable

ospf 1

area 0.0.0.0

network 10.0.56.5 0.0.0.0

R6

router id 6.6.6.6

wlan ac-global carrier id other ac id 0

set cpu-usage threshold 80 restore 75

mpls lsr-id 6.6.6.6

mpls

mpls ldp

aaa

authentication-scheme default

authorization-scheme default

accounting-scheme default

domain default

domain default_admin

local-user admin password cipher % % K8m.Nt84DZ}e#<0`8bmE3Uw}% %

local-user admin service-type http

firewall zone Local

priority 15

interface GigabitEthernet0/0/0

ip address 10.0.56.6 255.255.255.0

mpls

mpls ldp

interface GigabitEthernet0/0/1

ip address 10.0.67.6 255.255.255.0

mpls

mpls ldp

interface GigabitEthernet0/0/2

interface NULL0

interface LoopBack0

ip address 6.6.6.6 255.255.255.255

ospf enable 1 area 0.0.0.0

bgp 200

peer 5.5.5.5 as-number 200

peer 5.5.5.5 connect-interface LoopBack0

peer 7.7.7.7 as-number 200

peer 7.7.7.7 connect-interface LoopBack0

ipv4-family unicast

undo synchronization

peer 5.5.5.5 enable

peer 7.7.7.7 enable

ipv4-family vpnv4

undo policy vpn-target

peer 5.5.5.5 enable

peer 5.5.5.5 reflect-client

peer 7.7.7.7 enable

peer 7.7.7.7 reflect-client

ospf 1

area 0.0.0.0

network 10.0.56.6 0.0.0.0

network 10.0.67.6 0.0.0.0

R7

router id 7.7.7.7

wlan ac-global carrier id other ac id 0

set cpu-usage threshold 80 restore 75

ip vpn-instance vpn

ipv4-family

route-distinguisher 100:1

vpn-target 100:1 export-extcommunity

vpn-target 100:1 import-extcommunity

mpls lsr-id 7.7.7.7

mpls

mpls ldp

aaa

authentication-scheme default

authorization-scheme default

accounting-scheme default

domain default

domain default_admin

local-user admin password cipher % % K8m.Nt84DZ}e#<0`8bmE3Uw}% %

local-user admin service-type http

firewall zone Local

priority 15

interface GigabitEthernet0/0/0

ip address 10.0.67.7 255.255.255.0

mpls

mpls ldp

interface GigabitEthernet0/0/1

ip binding vpn-instance vpn

ip address 10.0.78.7 255.255.255.0

interface GigabitEthernet0/0/2

ip address 10.0.57.7 255.255.255.0

ospf enable 1 area 0.0.0.0

mpls

mpls ldp

interface NULL0

interface LoopBack0

ip address 7.7.7.7 255.255.255.255

ospf enable 1 area 0.0.0.0

bgp 200

peer 6.6.6.6 as-number 200

peer 6.6.6.6 connect-interface LoopBack0

ipv4-family unicast

undo synchronization

peer 6.6.6.6 enable

ipv4-family vpnv4

policy vpn-target

peer 6.6.6.6 enable

ipv4-family vpn-instance vpn

peer 10.0.78.8 as-number 65002

ospf 1

area 0.0.0.0

network 10.0.67.7 0.0.0.0

相关推荐
jinan88637 分钟前
加密软件的发展:从古典密码到量子安全
大数据·运维·服务器·网络·安全·web安全
您8131 小时前
二十、FTP云盘
linux·服务器·网络
August_._2 小时前
【JavaWeb】详细讲解 HTTP 协议
java·网络·网络协议·http
Koma_zhe3 小时前
【远程管理绿联NAS】家庭云存储无公网IP解决方案:绿联NAS安装内网穿透
网络·网络协议·tcp/ip
环信即时通讯云3 小时前
实战|使用环信Flutter SDK构建鸿蒙HarmonyOS应用及推送配置
flutter·华为·harmonyos
_waylau3 小时前
【HarmonyOS NEXT+AI】问答 03:找不到 DevEco Studio Cangjie Plugin 下载链接?
华为·开源·harmonyos·仓颉
network_tester3 小时前
是德科技E5080B网络分析仪深度评测:5G/车载雷达测试实战指南
网络·科技·测试工具·5g·硬件架构·信号处理·射频工程
乐维_lwops4 小时前
IT监控平台(进阶篇):IT资源一键发现功能解析
网络·资源监控·it监控平台
匀泪4 小时前
HCIP(OSPF )(2)
网络
春_4 小时前
IP范围转IP掩码
java·服务器·网络·tcp/ip
热门推荐
01我决定放弃搞 Java 了02RAG 实践- Ollama+RagFlow 部署本地知识库03DeepSeek各版本说明与优缺点分析04计算机视觉——基于 Yolov8 目标检测与 OpenCV 光流实现目标追踪05Scipy||第三章 线性代数 (scipy.linalg)06如何在WPS和Word/Excel中直接使用DeepSeek功能07Qt实现文件传输服务器端(图文详解+代码详细注释)08汽车上的各种质量:整备质量、总质量、装载质量、簧上质量、簧下质量09本地化部署AI知识库:基于Ollama+DeepSeek+AnythingLLM保姆级教程10鸿蒙界面开发(四):支付宝首页开发实战