华为mpls vpn方案A配制案例

yenggd2024-02-24 13:03

每台路由的loopback 0口和设备名对应,如ar1:1.1.1.1

AR3和AR6上面不起bgp,只跑ospf和mpls

最终实现1.1.1.1通8.8.8.8

方案A的特点是asbr之间交互的是普通的ip报文 ,互相双方都认为自己对端是ce设备。

如果有多个vpn业务的话,asbr之间要用子接口了,要么多个物理接口,所以方案A只适用于少的vpn业务方案

配置命令:

R1和R8省略,它们是常规的bgp配置

R2:

router id 2.2.2.2

wlan ac-global carrier id other ac id 0

set cpu-usage threshold 80 restore 75

ip vpn-instance vpn

ipv4-family

route-distinguisher 100:1

vpn-target 100:1 export-extcommunity

vpn-target 100:1 import-extcommunity

mpls lsr-id 2.2.2.2

mpls

mpls ldp

aaa

authentication-scheme default

authorization-scheme default

accounting-scheme default

domain default

domain default_admin

local-user admin password cipher % % K8m.Nt84DZ}e#<0`8bmE3Uw}% %

local-user admin service-type http

firewall zone Local

priority 15

interface GigabitEthernet0/0/0

ip binding vpn-instance vpn

ip address 10.0.12.2 255.255.255.0

interface GigabitEthernet0/0/1

ip address 10.0.23.2 255.255.255.0

mpls

mpls ldp

interface GigabitEthernet0/0/2

interface NULL0

interface LoopBack0

ip address 2.2.2.2 255.255.255.255

ospf enable 1 area 0.0.0.0

bgp 100

peer 4.4.4.4 as-number 100

peer 4.4.4.4 connect-interface LoopBack0

ipv4-family unicast

undo synchronization

peer 4.4.4.4 enable

ipv4-family vpnv4

policy vpn-target

peer 4.4.4.4 enable

ipv4-family vpn-instance vpn

network 2.2.2.2 255.255.255.255

peer 10.0.12.1 as-number 65001

ospf 1

area 0.0.0.0

network 10.0.23.2 0.0.0.0

user-interface con 0

authentication-mode password

user-interface vty 0 4

user-interface vty 16 20

R3:

router id 3.3.3.3

wlan ac-global carrier id other ac id 0

set cpu-usage threshold 80 restore 75

mpls lsr-id 3.3.3.3

mpls

mpls ldp

aaa

authentication-scheme default

authorization-scheme default

accounting-scheme default

domain default

domain default_admin

local-user admin password cipher % % K8m.Nt84DZ}e#<0`8bmE3Uw}% %

local-user admin service-type http

firewall zone Local

priority 15

interface GigabitEthernet0/0/0

ip address 10.0.23.3 255.255.255.0

mpls

mpls ldp

interface GigabitEthernet0/0/1

ip address 10.0.34.3 255.255.255.0

mpls

mpls ldp

interface GigabitEthernet0/0/2

interface NULL0

interface LoopBack0

ip address 3.3.3.3 255.255.255.255

ospf enable 1 area 0.0.0.0

ospf 1

area 0.0.0.0

network 10.0.23.3 0.0.0.0

network 10.0.34.3 0.0.0.0

R4

router id 4.4.4.4

wlan ac-global carrier id other ac id 0

set cpu-usage threshold 80 restore 75

ip vpn-instance vpn

ipv4-family

route-distinguisher 100:1

vpn-target 100:1 export-extcommunity

vpn-target 100:1 import-extcommunity

mpls lsr-id 4.4.4.4

mpls

mpls ldp

aaa

authentication-scheme default

authorization-scheme default

accounting-scheme default

domain default

domain default_admin

local-user admin password cipher % % K8m.Nt84DZ}e#<0`8bmE3Uw}% %

local-user admin service-type http

firewall zone Local

priority 15

interface GigabitEthernet0/0/0

ip address 10.0.34.4 255.255.255.0

mpls

mpls ldp

interface GigabitEthernet0/0/1

ip binding vpn-instance vpn

ip address 10.0.45.4 255.255.255.0

interface GigabitEthernet0/0/2

interface NULL0

interface LoopBack0

ip address 4.4.4.4 255.255.255.255

ospf enable 1 area 0.0.0.0

bgp 100

peer 2.2.2.2 as-number 100

peer 2.2.2.2 connect-interface LoopBack0

ipv4-family unicast

undo synchronization

peer 2.2.2.2 enable

ipv4-family vpnv4

policy vpn-target

peer 2.2.2.2 enable

ipv4-family vpn-instance vpn

peer 10.0.45.5 as-number 200

ospf 1

area 0.0.0.0

network 10.0.34.4 0.0.0.0

R5

router id 5.5.5.5

wlan ac-global carrier id other ac id 0

set cpu-usage threshold 80 restore 75

ip vpn-instance vpn

ipv4-family

route-distinguisher 100:1

vpn-target 100:1 export-extcommunity

vpn-target 100:1 import-extcommunity

mpls lsr-id 5.5.5.5

mpls

mpls ldp

aaa

authentication-scheme default

authorization-scheme default

accounting-scheme default

domain default

domain default_admin

local-user admin password cipher % % K8m.Nt84DZ}e#<0`8bmE3Uw}% %

local-user admin service-type http

firewall zone Local

priority 15

interface GigabitEthernet0/0/0

ip binding vpn-instance vpn

ip address 10.0.45.5 255.255.255.0

interface GigabitEthernet0/0/1

ip address 10.0.56.5 255.255.255.0

mpls

mpls ldp

interface GigabitEthernet0/0/2

interface NULL0

interface LoopBack0

ip address 5.5.5.5 255.255.255.255

ospf enable 1 area 0.0.0.0

bgp 200

peer 7.7.7.7 as-number 200

peer 7.7.7.7 connect-interface LoopBack0

ipv4-family unicast

undo synchronization

peer 7.7.7.7 enable

ipv4-family vpnv4

policy vpn-target

peer 7.7.7.7 enable

ipv4-family vpn-instance vpn

peer 10.0.45.4 as-number 100

ospf 1

area 0.0.0.0

network 10.0.56.5 0.0.0.0

R6

router id 6.6.6.6

wlan ac-global carrier id other ac id 0

set cpu-usage threshold 80 restore 75

mpls lsr-id 6.6.6.6

mpls

mpls ldp

aaa

authentication-scheme default

authorization-scheme default

accounting-scheme default

domain default

domain default_admin

local-user admin password cipher % % K8m.Nt84DZ}e#<0`8bmE3Uw}% %

local-user admin service-type http

firewall zone Local

priority 15

interface GigabitEthernet0/0/0

ip address 10.0.56.6 255.255.255.0

mpls

mpls ldp

interface GigabitEthernet0/0/1

ip address 10.0.67.6 255.255.255.0

mpls

mpls ldp

interface GigabitEthernet0/0/2

interface NULL0

interface LoopBack0

ip address 6.6.6.6 255.255.255.255

ospf enable 1 area 0.0.0.0

ospf 1

area 0.0.0.0

network 10.0.56.6 0.0.0.0

network 10.0.67.6 0.0.0.0

R7

router id 7.7.7.7

wlan ac-global carrier id other ac id 0

set cpu-usage threshold 80 restore 75

ip vpn-instance vpn

ipv4-family

route-distinguisher 100:1

vpn-target 100:1 export-extcommunity

vpn-target 100:1 import-extcommunity

mpls lsr-id 7.7.7.7

mpls

mpls ldp

aaa

authentication-scheme default

authorization-scheme default

accounting-scheme default

domain default

domain default_admin

local-user admin password cipher % % K8m.Nt84DZ}e#<0`8bmE3Uw}% %

local-user admin service-type http

firewall zone Local

priority 15

interface GigabitEthernet0/0/0

ip address 10.0.67.7 255.255.255.0

mpls

mpls ldp

interface GigabitEthernet0/0/1

ip binding vpn-instance vpn

ip address 10.0.78.7 255.255.255.0

interface GigabitEthernet0/0/2

interface NULL0

interface LoopBack0

ip address 7.7.7.7 255.255.255.255

ospf enable 1 area 0.0.0.0

bgp 200

peer 5.5.5.5 as-number 200

peer 5.5.5.5 connect-interface LoopBack0

ipv4-family unicast

undo synchronization

peer 5.5.5.5 enable

ipv4-family vpnv4

policy vpn-target

peer 5.5.5.5 enable

ipv4-family vpn-instance vpn

peer 10.0.78.8 as-number 65002

ospf 1

area 0.0.0.0

network 10.0.67.7 0.0.0.0

相关推荐
低头不见2 小时前
tcp的粘包拆包问题,如何解决?
网络·网络协议·tcp/ip
SKYDROID云卓小助手3 小时前
三轴云台之相机技术篇
运维·服务器·网络·数码相机·音视频
yuzhangfeng6 小时前
【云计算物理网络】从传统网络到SDN:云计算的网络演进之路
网络·云计算
TDengine (老段)6 小时前
TDengine 中的关联查询
大数据·javascript·网络·物联网·时序数据库·tdengine·iotdb
zhu12893035567 小时前
网络安全的现状与防护措施
网络·安全·web安全
zhu12893035568 小时前
网络安全与防护策略
网络·安全·web安全
沫夕残雪9 小时前
HTTP,请求响应报头,以及抓包工具的讨论
网络·vscode·网络协议·http
π2709 小时前
爬虫:网络请求(通信)步骤,http和https协议
网络·爬虫
zhu128930355610 小时前
网络安全基础与防护策略
网络·安全·web安全
古希腊掌握嵌入式的神12 小时前
[物联网iot]对比WIFI、MQTT、TCP、UDP通信协议
网络·物联网·网络协议·tcp/ip·udp
热门推荐
01我决定放弃搞 Java 了02DeepSeek各版本说明与优缺点分析03如何在WPS和Word/Excel中直接使用DeepSeek功能04RAG 实践- Ollama+RagFlow 部署本地知识库05本地化部署AI知识库:基于Ollama+DeepSeek+AnythingLLM保姆级教程06从零安装 LLaMA-Factory 微调 Qwen 大模型成功及所有的坑07如何本地部署AI智能体平台,带你手搓一个AI Agent08苍穹外卖面试总结09DeepSeek RAGFlow构建本地知识库系统10【芯片封测学习专栏 -- D2D 和 C2C 之间的区别】