好消息,超酷的在线虚拟网络实验室上线了!点击开始实验

为获得更好的浏览效果,建议您使用 Firefox 或者 Chrome 浏览器



8.11 MCE典型配置

【需求】

路由器MCE通过多实例CE实现VPN互通

 

【组网图】

 

【配置脚本-OSPF多实例方式】

MCE配置脚本

#

sysname MCE

#

radius scheme system

#

ip vpn-instance vpna                                  /创建vpna/

route-distinguisher 100:1                         /配置RD,可不用配置RT/

#

ip vpn-instance vpnb                                 /创建vpnb/

route-distinguisher 200:1                        /配置RD,可不用配置RT/

#

domain system

#

interface Ethernet1/0/0

#

interface Ethernet1/0/0.10

ip binding vpn-instance vpna

ip address 192.168.15.2 255.255.255.0

vlan-type dot1q vid 10

#

interface Ethernet1/0/0.20

ip binding vpn-instance vpnb

ip address 192.168.16.2 255.255.255.0

vlan-type dot1q vid 20

#

interface NULL0

#

interface LoopBack10

ip binding vpn-instance vpna

ip address 192.168.16.1 255.255.255.0

#

interface LoopBack20

ip binding vpn-instance vpnb

ip address 192.168.26.1 255.255.255.0

#

ospf 10 vpn-instance vpna                               /ospf 进程10vpna绑定/

vpn-instance-capability simple                     /配置路由器成为多实例CE /

import-route direct

area 0.0.0.0

network 192.168.15.0 0.0.0.255

network 192.168.16.0 0.0.0.255

#

ospf 20 vpn-instance vpnb                              /ospf 进程20vpnb绑定/

vpn-instance-capability simple                    /配置路由器成为多实例CE /

area 0.0.0.0

network 192.168.25.0 0.0.0.255

network 192.168.26.0 0.0.0.255

#

user-interface con 0

user-interface vty 0 4

#

return

RT1配置脚本

#

sysname RT1

#

router id 1.1.1.1

#

mpls lsr-id 1.1.1.1

#

radius scheme system

#

mpls

#

mpls ldp

#

ip vpn-instance vpna

route-distinguisher 100:1

vpn-target 100:1 export-extcommunity

vpn-target 100:1 import-extcommunity

#

ip vpn-instance vpnb

route-distinguisher 200:1

vpn-target 200:1 export-extcommunity

vpn-target 200:1 import-extcommunity

#

domain system

#

interface Ethernet1/0/0

#

interface Ethernet1/0/0.10

ip binding vpn-instance vpna

ip address 192.168.15.1 255.255.255.0

vlan-type dot1q vid 10

#

interface Ethernet1/0/0.20

ip binding vpn-instance vpnb

ip address 192.168.25.1 255.255.255.0

vlan-type dot1q vid 20

#

interface Serial2/0/0

link-protocol ppp

ip address 10.0.0.1 255.255.255.252

mpls

mpls ldp enable

#

interface NULL0

#

interface LoopBack0

ip address 1.1.1.1 255.255.255.255

#

interface LoopBack11

ip binding vpn-instance vpna

ip address 192.168.11.1 255.255.255.0

#

interface LoopBack21

ip binding vpn-instance vpnb

ip address 192.168.21.1 255.255.255.0

#

bgp 100

undo synchronization

group inter internal

peer 2.2.2.2 group inter

peer 2.2.2.2 connect-interface LoopBack0

#

ipv4-family vpn-instance vpna

import-route direct

import-route ospf 10                                     /引入ospf 10路由/

undo synchronization

#

ipv4-family vpn-instance vpnb

import-route direct

import-route ospf 20                                   /引入ospf 20路由/

undo synchronization

#

ipv4-family vpnv4

peer inter enable

peer 2.2.2.2 group inter

#

ospf 1

area 0.0.0.0

network 1.1.1.1 0.0.0.0

network 10.0.0.0 0.0.0.3

network 10.0.0.8 0.0.0.3

#

ospf 10 vpn-instance vpna                                /ospf 进程10vpna绑定/

import-route bgp                                                /引入BGP私网路由/

import-route direct

area 0.0.0.0

network 192.168.15.0 0.0.0.255

#

ospf 20 vpn-instance vpnb                                /ospf 进程20vpnb绑定/

import-route bgp                                                /引入BGP私网路由/

import-route direct

area 0.0.0.0

network 192.168.25.0 0.0.0.255

#

user-interface con 0

user-interface vty 0 4

#

return

 

注:RT2RT3的配置和普通MPLS/VPN的配置一致,可以参考前面的典型配置

 

【配置脚本-静态路由方式】

MCE配置脚本

#

sysname MCE

#

radius scheme system

#

ip vpn-instance vpna                                  /创建vpna/

route-distinguisher 100:1                         /配置RD,可不用配置RT/

#

ip vpn-instance vpnb                                 /创建vpnb/

route-distinguisher 200:1                        /配置RD,可不用配置RT/

#

domain system

#

interface Ethernet1/0/0

#

interface Ethernet1/0/0.10                                    /创建子接口/

ip binding vpn-instance vpna                              /绑定到vpna/

ip address 192.168.15.2 255.255.255.0

vlan-type dot1q vid 10

#

interface Ethernet1/0/0.20                                    /创建子接口/

ip binding vpn-instance vpnb                             /绑定到vpnb/

ip address 192.168.16.2 255.255.255.0

vlan-type dot1q vid 20

#

interface NULL0

#

interface LoopBack10

ip binding vpn-instance vpna

ip address 192.168.16.1 255.255.255.0

#

interface LoopBack20

ip binding vpn-instance vpnb

ip address 192.168.26.1 255.255.255.0

#

ip route-static vpn-instance vpna 0.0.0.0 0.0.0.0 192.168.15.1  preference 60

/vpna内创建缺省路由/

ip route-static vpn-instance vpnb 0.0.0.0 0.0.0.0 192.168.25.1  preference 60

/vpnb内创建缺省路由/

#

user-interface con 0

user-interface vty 0 4

#

return

RT1配置脚本

#

sysname RT1

#

router id 1.1.1.1

#

mpls lsr-id 1.1.1.1

#

radius scheme system

#

mpls

#

mpls ldp

#

ip vpn-instance vpna

route-distinguisher 100:1

vpn-target 100:1 export-extcommunity

vpn-target 100:1 import-extcommunity

#

ip vpn-instance vpnb

route-distinguisher 200:1

vpn-target 200:1 export-extcommunity

vpn-target 200:1 import-extcommunity

#

domain system

#

interface Ethernet1/0/0

#

interface Ethernet1/0/0.10                                /创建子接口/

ip binding vpn-instance vpna                          /绑定到vpna/

ip address 192.168.15.1 255.255.255.0

vlan-type dot1q vid 10

#

interface Ethernet1/0/0.20                                 /创建子接口/

ip binding vpn-instance vpnb                           /绑定到vpnb/

ip address 192.168.25.1 255.255.255.0

vlan-type dot1q vid 20

#

interface Serial2/0/0

link-protocol ppp

ip address 10.0.0.1 255.255.255.252

mpls

mpls ldp enable

#

interface NULL0

#

interface LoopBack0

ip address 1.1.1.1 255.255.255.255

#

interface LoopBack11

ip binding vpn-instance vpna

ip address 192.168.11.1 255.255.255.0

#

interface LoopBack21

ip binding vpn-instance vpnb

ip address 192.168.21.1 255.255.255.0

#

bgp 100

undo synchronization

group inter internal

peer 2.2.2.2 group inter

peer 2.2.2.2 connect-interface LoopBack0

peer 4.4.4.4 group inter

peer 4.4.4.4 connect-interface LoopBack0

#

ipv4-family vpn-instance vpna

import-route direct

import-route static                              /引入静态路由/

undo synchronization

#

ipv4-family vpn-instance vpnb

import-route direct

import-route static                                /引入静态路由/

undo synchronization

#

ipv4-family vpnv4

peer inter enable

peer 2.2.2.2 group inter

peer 4.4.4.4 group inter

#

ospf 1

area 0.0.0.0

network 1.1.1.1 0.0.0.0

network 10.0.0.0 0.0.0.3

network 10.0.0.8 0.0.0.3

#

ip route-static vpn-instance vpna 192.168.16.0 255.255.255.0 192.168.15.2  pref

erence 60                                   /vpna内创建静态路由/

ip route-static vpn-instance vpnb 192.168.26.0 255.255.255.0 192.168.25.2  pref

erence 60                                  /vpnb内创建静态路由/

#

user-interface con 0

user-interface vty 0 4

#

return

 

注:RT2RT3的配置和普通MPLS/VPN的配置一致,可以参考前面的典型配置

 


 

【验证】

MCE中vpnavpnb都可以学习到私网路由,并可以ping通

[MCE]disp ip rout vpn-instance vpna                                            

  vpna   Route Information                                                     

 Routing Table:  vpna   Route-Distinguisher:   100:1                           

Destination/Mask   Protocol Pre  Cost        Nexthop         Interface         

192.168.11.0/24    O_ASE    150  1           192.168.15.1    Ethernet1/0/0.10  

192.168.12.0/24    O_ASE    150  1           192.168.15.1    Ethernet1/0/0.10  

192.168.13.0/24    O_ASE    150  1           192.168.15.1    Ethernet1/0/0.10   

192.168.15.0/24    DIRECT   0    0           192.168.15.2    Ethernet1/0/0.10  

192.168.15.2/32    DIRECT   0    0           127.0.0.1       InLoopBack0       

192.168.16.0/24    DIRECT   0    0           192.168.16.1    LoopBack10        

192.168.16.1/32    DIRECT   0    0           127.0.0.1       InLoopBack0       

[MCE]    

 

【提示】

1 使用OSPF方式,需要在PE1上进行OSPFBGP路由的相互引入,来实现路由的互通

2 创建vpnVRF只是为了将接口和OSPF进程绑定到对应的vpn,因此可以不用配置RT

 

X Close
X Close