一、实验拓扑
二、实验需求
三、实验步骤
1、公网IP地址配置
bash
r2
[r2]int g0/0/1
[r2-GigabitEthernet0/0/1]ip ad 23.1.1.2 24
[r2-GigabitEthernet0/0/1]int lo 0
[r2-LoopBack0]ip ad 2.2.2.2 24
[r2-LoopBack0]q
r3
[r3]int g0/0/0
[r3-GigabitEthernet0/0/0]ip ad 23.1.1.3 24
[r3-GigabitEthernet0/0/0]int g0/0/1
[r3-GigabitEthernet0/0/1]ip ad 34.1.1.3 24
[r3-GigabitEthernet0/0/1]int lo0
[r3-LoopBack0]ip ad 3.3.3.3 24
[r3-LoopBack0]q
r4
[r4]int g0/0/0
[r4-GigabitEthernet0/0/0]ip ad 34.1.1.4 24
[r4-GigabitEthernet0/0/0]int lo0
[r4-LoopBack0]ip ad 4.4.4.4 24
[r4-LoopBack0]int g0/0/2
[r4-GigabitEthernet0/0/2]ip ad 47.1.1.4 24
[r4-GigabitEthernet0/0/2]q
r7
[r7]int g0/0/0
[r7-GigabitEthernet0/0/0]ip ad 47.1.1.7 24
[r7-GigabitEthernet0/0/0]q2、公网IGP路由协议配置
bash
r2
[r2]ospf 1 router-id 2.2.2.2
[r2-ospf-1]ar 0
[r2-ospf-1-area-0.0.0.0]network 23.1.1.0 0.0.0.255
[r2-ospf-1-area-0.0.0.0]network 2.2.2.2 0.0.0.0
[r2-ospf-1-area-0.0.0.0]q
[r2-ospf-1]q
r3
[r3]os 1 ro 3.3.3.3
[r3-ospf-1]ar 0
[r3-ospf-1-area-0.0.0.0]network 3.3.3.3 0.0.0.0
[r3-ospf-1-area-0.0.0.0]network 23.1.1.0 0.0.0.255
[r3-ospf-1-area-0.0.0.0]network 34.1.1.0 0.0.0.255
[r3-ospf-1-area-0.0.0.0]q
[r3-ospf-1]q
r4
[r4]os 1 ro 4.4.4.4
[r4-ospf-1]ar 0
[r4-ospf-1-area-0.0.0.0]network 34.1.1.0 0.0.0.255
[r4-ospf-1-area-0.0.0.0]network 4.4.4.4 0.0.0.0
[r4-ospf-1-area-0.0.0.0]q
[r4-ospf-1]q注:配置完成后需要检查OSPF邻居间的关系(邻居之间的状态为Full):[r3]display ospf peer brief
3、公网Mpls配置
bash
r2
[r2]mpls lsr-id 2.2.2.2
[r2]mpls
Info: Mpls starting, please wait... OK!
[r2-mpls]mpls ldp
[r2-mpls-ldp]int g0/0/1
[r2-GigabitEthernet0/0/1]mpls
[r2-GigabitEthernet0/0/1]mpls ldp
[r2-GigabitEthernet0/0/1]q
r3
[r3]mpls lsr-id 3.3.3.3
[r3]mpls
Info: Mpls starting, please wait... OK!
[r3-mpls]mpls ldp
[r3-mpls-ldp]int g0/0/0
[r3-GigabitEthernet0/0/0]mpls
[r3-GigabitEthernet0/0/0]mpls ldp
[r3-GigabitEthernet0/0/0]int g0/0/1
[r3-GigabitEthernet0/0/1]mpls
[r3-GigabitEthernet0/0/1]mpls ldp
[r3-GigabitEthernet0/0/0]q
r4
[r4]mpls lsr-id 4.4.4.4
[r4]mpls
Info: Mpls starting, please wait... OK!
[r4-mpls]mpls ldp
[r4-mpls-ldp]int g0/0/0
[r4-GigabitEthernet0/0/0]mpls
[r4-GigabitEthernet0/0/0]mpls ldp
[r4-GigabitEthernet0/0/0]q注:配置完成后进行检查:
方法①:检查TCP会话
方法②:查看邻居
4、Mpls-VPN配置
(1)私网A
bash
r2
[r2]ip vpn-instance a1 #创建名为a1的vrf空间
[r2-vpn-instance-a1]route-distinguisher 2:2 #RD值(进入IPV4的配置模式下)
[r2-vpn-instance-a1-af-ipv4]vpn-target 2:2 #RT值 必须对端的PE端一致
IVT Assignment result:
Info: VPN-Target assignment is successful.
EVT Assignment result:
Info: VPN-Target assignment is successful.
[r2-vpn-instance-a1-af-ipv4]q
[r2-vpn-instance-a1]q
[r2]int g0/0/2 #绑定接口(私网与公网相连的公网设备的接口)
[r2-GigabitEthernet0/0/2]ip binding vpn-instance a1 #关联到vpn空间
Info: All IPv4 related configurations on this interface are removed!
Info: All IPv6 related configurations on this interface are removed!
[r2-GigabitEthernet0/0/2]ip ad 192.168.2.2 24 #配置私有ip地址
[r2-GigabitEthernet0/0/2]q
r4
[r4]ip vpn-instance a2
[r4-vpn-instance-a2]route-distinguisher 2:2
[r4-vpn-instance-a2-af-ipv4]vpn-target 2:2
IVT Assignment result:
Info: VPN-Target assignment is successful.
EVT Assignment result:
Info: VPN-Target assignment is successful.
[r4-vpn-instance-a2-af-ipv4]q
[r4-vpn-instance-a2]q
[r4]int g0/0/2
[r4-GigabitEthernet0/0/2]ip binding vpn-instance a2
Info: All IPv4 related configurations on this interface are removed!
Info: All IPv6 related configurations on this interface are removed!
[r4-GigabitEthernet0/0/2]ip ad 192.168.3.4 24
[r4-GigabitEthernet0/0/2]q(2)私网B
bash
r2
[r2]ip vpn-instance b1 #创建名为b1的vrf空间
[r2-vpn-instance-b1]route-distinguisher 1:1 #RD值(进入IPV4的配置模式下)
[r2-vpn-instance-b1-af-ipv4]vpn-target 1:1 #RT值 必须对端的PE端一致
IVT Assignment result:
Info: VPN-Target assignment is successful.
EVT Assignment result:
Info: VPN-Target assignment is successful.
[r2-vpn-instance-b1-af-ipv4]q
[r2-vpn-instance-b1]q
[r2]int g0/0/0 #绑定接口(私网与公网相连的公网设备的接口)
[r2-GigabitEthernet0/0/0]ip binding vpn-instance b1 #关联到vpn空间
Info: All IPv4 related configurations on this interface are removed!
Info: All IPv6 related configurations on this interface are removed!
[r2-GigabitEthernet0/0/0]ip ad 192.168.2.2 24 #配置私有ip地址
[r2-GigabitEthernet0/0/0]q
r4
[r4]ip vpn-instance b2
[r4-vpn-instance-b2]route-distinguisher 1:1
[r4-vpn-instance-b2-af-ipv4]vpn-target 1:1
IVT Assignment result:
Info: VPN-Target assignment is successful.
EVT Assignment result:
Info: VPN-Target assignment is successful.
[r4-vpn-instance-b2-af-ipv4]q
[r4-vpn-instance-b2]q
[r4]int g0/0/1
[r4-GigabitEthernet0/0/1]ip binding vpn-instance b2
Info: All IPv4 related configurations on this interface are removed!
Info: All IPv6 related configurations on this interface are removed!
[r4-GigabitEthernet0/0/1]ip ad 192.168.3.4 24
[r4-GigabitEthernet0/0/1]q注:因为r2的g0/0/0接口绑定在VPN空间,因此r2 ping r1不通,但是r1 ping r2 能通
例如:[r2]ping -vpn-instance b1 192.168.2.1可使r2 ping r1 通
5、私网IP地址配置
bash
r1
[r1]int g0/0/0
[r1-GigabitEthernet0/0/0]ip ad 192.168.2.1 24
[r1-GigabitEthernet0/0/0]int lo0
[r1-LoopBack0]ip ad 192.168.1.1 24
[r1-LoopBack0]q
r5
[r5]int g0/0/0
[r5-GigabitEthernet0/0/0]ip ad 192.168.3.5 24
[r5-GigabitEthernet0/0/0]int lo0
[r5-LoopBack0]ip ad 192.168.4.1 24
[r5-LoopBack0]q
r6
[r6]int g0/0/0
[r6-GigabitEthernet0/0/0]ip ad 192.168.2.6 24
[r6-GigabitEthernet0/0/0]int lo0
[r6-LoopBack0]ip ad 192.168.1.1 24
[r6-LoopBack0]q
r7
[r7]int g0/0/0
[r7-GigabitEthernet0/0/0]ip ad 192.168.3.7 24
[r7-GigabitEthernet0/0/0]int g0/0/1
[r7-GigabitEthernet0/0/1]ip ad 47.1.1.7 24
[r7-GigabitEthernet0/0/1]int lo0
[r7-LoopBack0]ip ad 192.168.4.2 24
[r7-LoopBack0]q6、R1和R5编写静态路由
bash
r1
[r1]ip route-static 192.168.3.0 24 192.168.2.2
[r1]ip route-static 192.168.4.0 24 192.168.2.2
r2
[r2]ip route-static vpn-instance b1 192.168.1.0 24 192.168.2.1
r5
[r5]ip route-static 192.168.1.0 24 192.168.3.4
[r5]ip route-static 192.168.2.0 24 192.168.3.4
r4
[r4]ip route-static vpn-instance b2 192.168.4.0 24 192.168.3.57、R2和R4间建立BPG邻居关系
bash
r2
#公有
[r2]bgp 1
[r2-bgp]router-id 2.2.2.2
[r2-bgp]peer 4.4.4.4 as-number 1
[r2-bgp]peer 4.4.4.4 connect-interface lo0
#VPN空间
[r2-bgp]ipv4-family vpnv4
[r2-bgp-af-vpnv4]peer 4.4.4.4 enable
[r2-bgp-af-vpnv4]q
[r2-bgp]q
r4
[r4]bgp 1
[r4-bgp]router-id 4.4.4.4
[r4-bgp]peer 2.2.2.2 as-number 1
[r4-bgp]peer 2.2.2.2 connect-interface lo0
[r4-bgp]ipv4-family vpnv4
[r4-bgp-af-vpnv4]peer 2.2.2.2 enable
[r4-bgp-af-vpnv4]q
[r4-bgp]q查看r2上bgp邻居(上为公有,下为VPN空间)
8、宣告路由
bash
r2
#私网A
[r2]rip 1 vpn-instance a1
[r2-rip-1]v 2
[r2-rip-1]network 192.168.2.0
[r2-rip-1]q
#私网B
[r2]bgp 1
[r2-bgp]ipv4-family vpn-instance b1
[r2-bgp-b1]import-route static
[r2-bgp-b1]import-route direct
[r2-bgp-b1]q
[r2-bgp]q
r4
#私网A
[r4]ospf 2 vpn-instance a2
[r4-ospf-2]ar 0
[r4-ospf-2-area-0.0.0.0]network 192.168.3.0 0.0.0.255
[r4-ospf-2-area-0.0.0.0]q
[r4-ospf-2]q
#私网B
[r4]bgp 1
[r4-bgp]ipv4-family vpn-instance b2
[r4-bgp-b2]import-route static
[r4-bgp-b2]import-route direct
[r4-bgp-b2]q
[r4-bgp]q
r6
[r6]rip 1
[r6-rip-1]v 2
[r6-rip-1]network 192.168.1.0
[r6-rip-1]network 192.168.2.0
[r6-rip-1]q
r7
[r7]os 1 ro 7.7.7.7
[r7-ospf-1]ar 0
[r7-ospf-1-area-0.0.0.0]network 192.168.3.0 0.0.0.255
[r7-ospf-1-area-0.0.0.0]network 192.168.4.2 0.0.0.0
[r7-ospf-1-area-0.0.0.0]q
[r7-ospf-1]q9、启动标签调用隧道功能
bash
r2
[r2]route recursive-lookup tunnel
r4
[r4]route recursive-lookup tunnel 10、双向重发布
bash
r2
[r2]rip vpn-instance a1
[r2-rip-1]import-route bgp
[r2-rip-1]q
[r2]bgp 1
[r2-bgp]ipv4-family vpn-instance a1
[r2-bgp-a1]import-route rip 1
[r2-bgp-a1]q
[r2-bgp]q
r4
[r4]ospf 2 vpn-instance a2
[r4-ospf-2]import-route bgp
[r4-ospf-2]q
[r4]bgp 1
[r4-bgp]ipv4-family vpn-instance a2
[r4-bgp-a2]import-route ospf 2
[r4-bgp-a2]q
[r4-bgp]q11、r4和r7公网连接
bash
r4
[r4]int g4/0/0
[r4-GigabitEthernet4/0/0]ip ad 47.1.1.4 24
[r4-GigabitEthernet4/0/0]q
[r4]ospf 1
[r4-ospf-1]ar 0
[r4-ospf-1-area-0.0.0.0]network 47.1.1.0 0.0.0.255
[r4-ospf-1-area-0.0.0.0]q
[r4-ospf-1]silent-interface g4/0/0
[r4-ospf-1]q
r7
[r7]ip route-static 0.0.0.0 0 47.1.1.4四、实验结果测试
1、R1可以访问R5但是不能访问R7
2、R6可以访问R7但是不能访问R5
3、R7可以访问公网环回
附:查看VPN空间相关信息的命令
bash
#查看VPN空间bgp邻居表
[r2]dis bgp vpnv4 all peer
#查看VPN空间路由表
[r2]dis ip routing-table vpn-instance b1
#查看VPN空间bgp路由表
[r2]dis bgp vpnv4 vpn-instance b1 routing-table
#查看VPN空间fib表
[r2]dis fib vpn-instance b1