华为mpls vpn方案A配制案例

yenggd2024-02-24 13:03

每台路由的loopback 0口和设备名对应,如ar1:1.1.1.1

AR3和AR6上面不起bgp,只跑ospf和mpls

最终实现1.1.1.1通8.8.8.8

方案A的特点是asbr之间交互的是普通的ip报文 ,互相双方都认为自己对端是ce设备。

如果有多个vpn业务的话,asbr之间要用子接口了,要么多个物理接口,所以方案A只适用于少的vpn业务方案

配置命令:

R1和R8省略,它们是常规的bgp配置

R2:

router id 2.2.2.2

wlan ac-global carrier id other ac id 0

set cpu-usage threshold 80 restore 75

ip vpn-instance vpn

ipv4-family

route-distinguisher 100:1

vpn-target 100:1 export-extcommunity

vpn-target 100:1 import-extcommunity

mpls lsr-id 2.2.2.2

mpls

mpls ldp

aaa

authentication-scheme default

authorization-scheme default

accounting-scheme default

domain default

domain default_admin

local-user admin password cipher % % K8m.Nt84DZ}e#<0`8bmE3Uw}% %

local-user admin service-type http

firewall zone Local

priority 15

interface GigabitEthernet0/0/0

ip binding vpn-instance vpn

ip address 10.0.12.2 255.255.255.0

interface GigabitEthernet0/0/1

ip address 10.0.23.2 255.255.255.0

mpls

mpls ldp

interface GigabitEthernet0/0/2

interface NULL0

interface LoopBack0

ip address 2.2.2.2 255.255.255.255

ospf enable 1 area 0.0.0.0

bgp 100

peer 4.4.4.4 as-number 100

peer 4.4.4.4 connect-interface LoopBack0

ipv4-family unicast

undo synchronization

peer 4.4.4.4 enable

ipv4-family vpnv4

policy vpn-target

peer 4.4.4.4 enable

ipv4-family vpn-instance vpn

network 2.2.2.2 255.255.255.255

peer 10.0.12.1 as-number 65001

ospf 1

area 0.0.0.0

network 10.0.23.2 0.0.0.0

user-interface con 0

authentication-mode password

user-interface vty 0 4

user-interface vty 16 20

R3:

router id 3.3.3.3

wlan ac-global carrier id other ac id 0

set cpu-usage threshold 80 restore 75

mpls lsr-id 3.3.3.3

mpls

mpls ldp

aaa

authentication-scheme default

authorization-scheme default

accounting-scheme default

domain default

domain default_admin

local-user admin password cipher % % K8m.Nt84DZ}e#<0`8bmE3Uw}% %

local-user admin service-type http

firewall zone Local

priority 15

interface GigabitEthernet0/0/0

ip address 10.0.23.3 255.255.255.0

mpls

mpls ldp

interface GigabitEthernet0/0/1

ip address 10.0.34.3 255.255.255.0

mpls

mpls ldp

interface GigabitEthernet0/0/2

interface NULL0

interface LoopBack0

ip address 3.3.3.3 255.255.255.255

ospf enable 1 area 0.0.0.0

ospf 1

area 0.0.0.0

network 10.0.23.3 0.0.0.0

network 10.0.34.3 0.0.0.0

R4

router id 4.4.4.4

wlan ac-global carrier id other ac id 0

set cpu-usage threshold 80 restore 75

ip vpn-instance vpn

ipv4-family

route-distinguisher 100:1

vpn-target 100:1 export-extcommunity

vpn-target 100:1 import-extcommunity

mpls lsr-id 4.4.4.4

mpls

mpls ldp

aaa

authentication-scheme default

authorization-scheme default

accounting-scheme default

domain default

domain default_admin

local-user admin password cipher % % K8m.Nt84DZ}e#<0`8bmE3Uw}% %

local-user admin service-type http

firewall zone Local

priority 15

interface GigabitEthernet0/0/0

ip address 10.0.34.4 255.255.255.0

mpls

mpls ldp

interface GigabitEthernet0/0/1

ip binding vpn-instance vpn

ip address 10.0.45.4 255.255.255.0

interface GigabitEthernet0/0/2

interface NULL0

interface LoopBack0

ip address 4.4.4.4 255.255.255.255

ospf enable 1 area 0.0.0.0

bgp 100

peer 2.2.2.2 as-number 100

peer 2.2.2.2 connect-interface LoopBack0

ipv4-family unicast

undo synchronization

peer 2.2.2.2 enable

ipv4-family vpnv4

policy vpn-target

peer 2.2.2.2 enable

ipv4-family vpn-instance vpn

peer 10.0.45.5 as-number 200

ospf 1

area 0.0.0.0

network 10.0.34.4 0.0.0.0

R5

router id 5.5.5.5

wlan ac-global carrier id other ac id 0

set cpu-usage threshold 80 restore 75

ip vpn-instance vpn

ipv4-family

route-distinguisher 100:1

vpn-target 100:1 export-extcommunity

vpn-target 100:1 import-extcommunity

mpls lsr-id 5.5.5.5

mpls

mpls ldp

aaa

authentication-scheme default

authorization-scheme default

accounting-scheme default

domain default

domain default_admin

local-user admin password cipher % % K8m.Nt84DZ}e#<0`8bmE3Uw}% %

local-user admin service-type http

firewall zone Local

priority 15

interface GigabitEthernet0/0/0

ip binding vpn-instance vpn

ip address 10.0.45.5 255.255.255.0

interface GigabitEthernet0/0/1

ip address 10.0.56.5 255.255.255.0

mpls

mpls ldp

interface GigabitEthernet0/0/2

interface NULL0

interface LoopBack0

ip address 5.5.5.5 255.255.255.255

ospf enable 1 area 0.0.0.0

bgp 200

peer 7.7.7.7 as-number 200

peer 7.7.7.7 connect-interface LoopBack0

ipv4-family unicast

undo synchronization

peer 7.7.7.7 enable

ipv4-family vpnv4

policy vpn-target

peer 7.7.7.7 enable

ipv4-family vpn-instance vpn

peer 10.0.45.4 as-number 100

ospf 1

area 0.0.0.0

network 10.0.56.5 0.0.0.0

R6

router id 6.6.6.6

wlan ac-global carrier id other ac id 0

set cpu-usage threshold 80 restore 75

mpls lsr-id 6.6.6.6

mpls

mpls ldp

aaa

authentication-scheme default

authorization-scheme default

accounting-scheme default

domain default

domain default_admin

local-user admin password cipher % % K8m.Nt84DZ}e#<0`8bmE3Uw}% %

local-user admin service-type http

firewall zone Local

priority 15

interface GigabitEthernet0/0/0

ip address 10.0.56.6 255.255.255.0

mpls

mpls ldp

interface GigabitEthernet0/0/1

ip address 10.0.67.6 255.255.255.0

mpls

mpls ldp

interface GigabitEthernet0/0/2

interface NULL0

interface LoopBack0

ip address 6.6.6.6 255.255.255.255

ospf enable 1 area 0.0.0.0

ospf 1

area 0.0.0.0

network 10.0.56.6 0.0.0.0

network 10.0.67.6 0.0.0.0

R7

router id 7.7.7.7

wlan ac-global carrier id other ac id 0

set cpu-usage threshold 80 restore 75

ip vpn-instance vpn

ipv4-family

route-distinguisher 100:1

vpn-target 100:1 export-extcommunity

vpn-target 100:1 import-extcommunity

mpls lsr-id 7.7.7.7

mpls

mpls ldp

aaa

authentication-scheme default

authorization-scheme default

accounting-scheme default

domain default

domain default_admin

local-user admin password cipher % % K8m.Nt84DZ}e#<0`8bmE3Uw}% %

local-user admin service-type http

firewall zone Local

priority 15

interface GigabitEthernet0/0/0

ip address 10.0.67.7 255.255.255.0

mpls

mpls ldp

interface GigabitEthernet0/0/1

ip binding vpn-instance vpn

ip address 10.0.78.7 255.255.255.0

interface GigabitEthernet0/0/2

interface NULL0

interface LoopBack0

ip address 7.7.7.7 255.255.255.255

ospf enable 1 area 0.0.0.0

bgp 200

peer 5.5.5.5 as-number 200

peer 5.5.5.5 connect-interface LoopBack0

ipv4-family unicast

undo synchronization

peer 5.5.5.5 enable

ipv4-family vpnv4

policy vpn-target

peer 5.5.5.5 enable

ipv4-family vpn-instance vpn

peer 10.0.78.8 as-number 65002

ospf 1

area 0.0.0.0

network 10.0.67.7 0.0.0.0

相关推荐
像风一样!29 分钟前
NFS文件存储
linux·服务器·网络·nfs文件存储
LRX_19892742 分钟前
网络管理员教程(初级)第六版--第2章 局域网技术
网络·计算机网络
羚羊角uou1 小时前
【Linux网络】Socket编程UDP
linux·服务器·网络
AORO20252 小时前
北斗短报文终端是什么?有什么功能?你能用到吗?
大数据·网络·5g·智能手机·信息与通信
2503_928411562 小时前
10.23 @Observed深层监听
华为·harmonyos·鸿蒙
SunkingYang2 小时前
C++变量与函数命名规范技术指南 (基于华为编码规范与现代C++最佳实践)
c++·华为·编码规范·命名规则·命名规范·函数名字·成员变量
张紫娃2 小时前
ipconfig详解
网络·智能路由器
王嘉俊9253 小时前
HarmonyOS 项目入门:构建跨设备智能应用的强大框架
华为·harmonyos
Francek Chen3 小时前
【HarmonyOS 6 特别发布】鸿蒙 6 正式登场:功能升级,构建跨设备安全流畅新生态
人工智能·华为·harmonyos·harmonyos 6
测试开发Kevin3 小时前
EDR:现代网络安全的“哨兵”与“侦探”
网络·安全
热门推荐
01BongoCat - 跨平台键盘猫动画工具02GitHub 镜像站点03UV安装并设置国内源04GitLab 零基础入门指南:从安装到项目管理全流程05Linux下V2Ray安装配置指南062025软件测试面试八股文(含答案+文档)07Labelme从安装到标注:零基础完整指南08在VSCode配置Java开发环境的保姆级教程(适配各类AI编程IDE)09NVIDIA显卡驱动、CUDA、cuDNN 和 TensorRT 版本匹配指南10【vue篇】Vue 项目中的静态资源管理:assets vs static 终极指南