华为mpls vpn方案B配置案例带RR

yenggd2024-02-24 8:12

方案B的特点是asbr互连要开mpls,但不开ldp,因为要用mpls标签转发数据包。

asbr设备上不用起vpn-instance,把vpnv4路由过滤关掉即可接收经过的vpnv4的vpn-instance路由

拓扑图中的业务数据和控制数据会自动分开不用特别的设置,原因是mpls是根据IGP的优先级进行转发的,也就是根据ospf转发,ospf会自动选择最优的下面走,所以业务数据会自动走下面,只有路由控制数据才会走上面RR

R2

router id 2.2.2.2

wlan ac-global carrier id other ac id 0

set cpu-usage threshold 80 restore 75

ip vpn-instance vpn

ipv4-family

route-distinguisher 100:1

vpn-target 100:1 export-extcommunity

vpn-target 100:1 import-extcommunity

mpls lsr-id 2.2.2.2

mpls

mpls ldp

aaa

authentication-scheme default

authorization-scheme default

accounting-scheme default

domain default

domain default_admin

local-user admin password cipher % % K8m.Nt84DZ}e#<0`8bmE3Uw}% %

local-user admin service-type http

firewall zone Local

priority 15

interface GigabitEthernet0/0/0

ip binding vpn-instance vpn

ip address 10.0.12.2 255.255.255.0

interface GigabitEthernet0/0/1

ip address 10.0.23.2 255.255.255.0

mpls

mpls ldp

interface GigabitEthernet0/0/2

ip address 10.0.24.2 255.255.255.0

ospf enable 1 area 0.0.0.0

mpls

mpls ldp

interface NULL0

interface LoopBack0

ip address 2.2.2.2 255.255.255.255

ospf enable 1 area 0.0.0.0

bgp 100

peer 3.3.3.3 as-number 100

peer 3.3.3.3 connect-interface LoopBack0

ipv4-family unicast

undo synchronization

peer 3.3.3.3 enable

ipv4-family vpnv4

policy vpn-target

peer 3.3.3.3 enable

ipv4-family vpn-instance vpn

peer 10.0.12.1 as-number 65001

ospf 1

area 0.0.0.0

network 10.0.23.2 0.0.0.0

R3:

router id 3.3.3.3

wlan ac-global carrier id other ac id 0

set cpu-usage threshold 80 restore 75

mpls lsr-id 3.3.3.3

mpls

mpls ldp

aaa

authentication-scheme default

authorization-scheme default

accounting-scheme default

domain default

domain default_admin

local-user admin password cipher % % K8m.Nt84DZ}e#<0`8bmE3Uw}% %

local-user admin service-type http

firewall zone Local

priority 15

interface GigabitEthernet0/0/0

ip address 10.0.23.3 255.255.255.0

mpls

mpls ldp

interface GigabitEthernet0/0/1

ip address 10.0.34.3 255.255.255.0

mpls

mpls ldp

interface GigabitEthernet0/0/2

interface NULL0

interface LoopBack0

ip address 3.3.3.3 255.255.255.255

ospf enable 1 area 0.0.0.0

bgp 100

peer 2.2.2.2 as-number 100

peer 2.2.2.2 connect-interface LoopBack0

peer 4.4.4.4 as-number 100

peer 4.4.4.4 connect-interface LoopBack0

ipv4-family unicast

undo synchronization

peer 2.2.2.2 enable

peer 4.4.4.4 enable

ipv4-family vpnv4

undo policy vpn-target

peer 2.2.2.2 enable

peer 2.2.2.2 reflect-client

peer 4.4.4.4 enable

peer 4.4.4.4 reflect-client

ospf 1

area 0.0.0.0

network 10.0.23.3 0.0.0.0

network 10.0.34.3 0.0.0.0

R4

router id 4.4.4.4

wlan ac-global carrier id other ac id 0

set cpu-usage threshold 80 restore 75

mpls lsr-id 4.4.4.4

mpls

mpls ldp

aaa

authentication-scheme default

authorization-scheme default

accounting-scheme default

domain default

domain default_admin

local-user admin password cipher % % K8m.Nt84DZ}e#<0`8bmE3Uw}% %

local-user admin service-type http

firewall zone Local

priority 15

interface GigabitEthernet0/0/0

ip address 10.0.34.4 255.255.255.0

mpls

mpls ldp

interface GigabitEthernet0/0/1

ip address 10.0.45.4 255.255.255.0

mpls

interface GigabitEthernet0/0/2

ip address 10.0.24.4 255.255.255.0

ospf enable 1 area 0.0.0.0

mpls

mpls ldp

interface NULL0

interface LoopBack0

ip address 4.4.4.4 255.255.255.255

ospf enable 1 area 0.0.0.0

bgp 100

peer 3.3.3.3 as-number 100

peer 3.3.3.3 connect-interface LoopBack0

peer 10.0.45.5 as-number 200

ipv4-family unicast

undo synchronization

peer 3.3.3.3 enable

peer 10.0.45.5 enable

ipv4-family vpnv4

undo policy vpn-target

peer 3.3.3.3 enable

peer 10.0.45.5 enable

ospf 1

area 0.0.0.0

network 10.0.34.4 0.0.0.0

R5

router id 5.5.5.5

wlan ac-global carrier id other ac id 0

set cpu-usage threshold 80 restore 75

mpls lsr-id 5.5.5.5

mpls

mpls ldp

aaa

authentication-scheme default

authorization-scheme default

accounting-scheme default

domain default

domain default_admin

local-user admin password cipher % % K8m.Nt84DZ}e#<0`8bmE3Uw}% %

local-user admin service-type http

firewall zone Local

priority 15

interface GigabitEthernet0/0/0

ip address 10.0.45.5 255.255.255.0

mpls

interface GigabitEthernet0/0/1

ip address 10.0.56.5 255.255.255.0

mpls

mpls ldp

interface GigabitEthernet0/0/2

ip address 10.0.57.5 255.255.255.0

ospf enable 1 area 0.0.0.0

mpls

mpls ldp

interface NULL0

interface LoopBack0

ip address 5.5.5.5 255.255.255.255

ospf enable 1 area 0.0.0.0

bgp 200

peer 6.6.6.6 as-number 200

peer 6.6.6.6 connect-interface LoopBack0

peer 10.0.45.4 as-number 100

ipv4-family unicast

undo synchronization

peer 6.6.6.6 enable

peer 10.0.45.4 enable

ipv4-family vpnv4

undo policy vpn-target

peer 6.6.6.6 enable

peer 10.0.45.4 enable

ospf 1

area 0.0.0.0

network 10.0.56.5 0.0.0.0

R6

router id 6.6.6.6

wlan ac-global carrier id other ac id 0

set cpu-usage threshold 80 restore 75

mpls lsr-id 6.6.6.6

mpls

mpls ldp

aaa

authentication-scheme default

authorization-scheme default

accounting-scheme default

domain default

domain default_admin

local-user admin password cipher % % K8m.Nt84DZ}e#<0`8bmE3Uw}% %

local-user admin service-type http

firewall zone Local

priority 15

interface GigabitEthernet0/0/0

ip address 10.0.56.6 255.255.255.0

mpls

mpls ldp

interface GigabitEthernet0/0/1

ip address 10.0.67.6 255.255.255.0

mpls

mpls ldp

interface GigabitEthernet0/0/2

interface NULL0

interface LoopBack0

ip address 6.6.6.6 255.255.255.255

ospf enable 1 area 0.0.0.0

bgp 200

peer 5.5.5.5 as-number 200

peer 5.5.5.5 connect-interface LoopBack0

peer 7.7.7.7 as-number 200

peer 7.7.7.7 connect-interface LoopBack0

ipv4-family unicast

undo synchronization

peer 5.5.5.5 enable

peer 7.7.7.7 enable

ipv4-family vpnv4

undo policy vpn-target

peer 5.5.5.5 enable

peer 5.5.5.5 reflect-client

peer 7.7.7.7 enable

peer 7.7.7.7 reflect-client

ospf 1

area 0.0.0.0

network 10.0.56.6 0.0.0.0

network 10.0.67.6 0.0.0.0

R7

router id 7.7.7.7

wlan ac-global carrier id other ac id 0

set cpu-usage threshold 80 restore 75

ip vpn-instance vpn

ipv4-family

route-distinguisher 100:1

vpn-target 100:1 export-extcommunity

vpn-target 100:1 import-extcommunity

mpls lsr-id 7.7.7.7

mpls

mpls ldp

aaa

authentication-scheme default

authorization-scheme default

accounting-scheme default

domain default

domain default_admin

local-user admin password cipher % % K8m.Nt84DZ}e#<0`8bmE3Uw}% %

local-user admin service-type http

firewall zone Local

priority 15

interface GigabitEthernet0/0/0

ip address 10.0.67.7 255.255.255.0

mpls

mpls ldp

interface GigabitEthernet0/0/1

ip binding vpn-instance vpn

ip address 10.0.78.7 255.255.255.0

interface GigabitEthernet0/0/2

ip address 10.0.57.7 255.255.255.0

ospf enable 1 area 0.0.0.0

mpls

mpls ldp

interface NULL0

interface LoopBack0

ip address 7.7.7.7 255.255.255.255

ospf enable 1 area 0.0.0.0

bgp 200

peer 6.6.6.6 as-number 200

peer 6.6.6.6 connect-interface LoopBack0

ipv4-family unicast

undo synchronization

peer 6.6.6.6 enable

ipv4-family vpnv4

policy vpn-target

peer 6.6.6.6 enable

ipv4-family vpn-instance vpn

peer 10.0.78.8 as-number 65002

ospf 1

area 0.0.0.0

network 10.0.67.7 0.0.0.0

相关推荐
B2_Proxy26 分钟前
IP 来源合规性,正在成为全球业务的隐性门槛
网络·爬虫·网络协议·安全
MMME~1 小时前
Ansible Playbook高效自动化实战指南
网络·自动化·ansible
数据安全科普王2 小时前
从 HTTP/1.1 到 HTTP/3:协议演进如何改变 Web 性能?
网络·其他
舰长1152 小时前
linux 实现文件共享的实现方式比较
linux·服务器·网络
学***54232 小时前
如何轻松避免网络负载过大
开发语言·网络·php
weixin_395448912 小时前
main.c_cursor_0129
前端·网络·算法
CS创新实验室2 小时前
《计算机网络》深入学:路由算法与路径选择
网络·计算机网络·算法
程序员清洒3 小时前
Flutter for OpenHarmony:Scaffold 与 AppBar — 应用基础结构搭建
flutter·华为·鸿蒙
拉轰小郑郑3 小时前
鸿蒙ArkTS中Object类型与类型断言的理解
华为·harmonyos·arkts·openharmony·object·类型断言
星辰徐哥3 小时前
鸿蒙APP开发从入门到精通:页面路由与组件跳转
华为·harmonyos
热门推荐
01GitHub 镜像站点02Clawdbot 中文汉化版 接入微信、飞书032026美赛A题智能手机电池续航时间预测的连续时间数学模型04OpenCode 入门教程:介绍 · 安装 · 配置第三方 API (如 Claude)052025 年大语言模型发展回顾:关键突破、意外转折与 2026 年展望06【Milvus】向量数据库pymilvus使用教程072026数学建模美赛题目特点与选题建议,常用四大模型汇总08Claude Code Skills 实用使用手册09一种新的LCA算法10Linux下V2Ray安装配置指南