华为配置BGP/MPLS IP VPN示例

作者：Monodyee | 2024-02-09 12:00:59

踩

配置BGP/MPLS IP VPN示例

组网图形

图1 BGP/MPLS IP VPN组网图

BGP/MPLS IP VPN简介
配置注意事项
组网需求
配置思路
操作步骤
配置文件

BGP/MPLS IP VPN简介

BGP/MPLS IP VPN是一种基于MPLS的L3VPN，组网方式灵活，可扩展性好，支持大规模部署。新增一个站点时，只需要修改提供该站点业务的边缘节点的配置。

BGP/MPLS IP VPN适用于位于不同地理位置的公司总部和分支之间需要相互通信的场景，由于通信数据需要穿越运营商的骨干网，可以使用BGP在骨干网上发布VPN路由，使用MPLS在骨干网上转发VPN报文；由于公司内部各个部门之间需要相互隔离，可以通过该功能实现不同VPN之间的路由隔离、地址空间隔离和访问隔离。

配置注意事项

本举例适用的产品和版本包括：
- S5700-HI、S5710-EI：V200R002C00及后续版本
- S5720-EI：V200R009C00及后续版本
- S5720-HI：V200R007C10及后续版本
- S5710-HI、S5730-HI、S5731-H、S5731-H-K、S5731S-H、S5732-H、S5732-H-K：适用版本请参见“案例适用的产品和版本说明”中的表1
- S5731-S、S6730-S：V200R022C00及后续版本
- S6700-EI：V200R005（C00&C01）
- S6720-EI、S6720S-EI、S6720-HI、S6730-H、S6730-H-K、S6730S-H：适用版本请参见“案例适用的产品和版本说明”中的表1
- S7703、S7706、S7712、S7703 PoE、S7706 PoE、S7710、S7905、S7908、S9703、S9706、S9712：适用版本请参见“案例适用的产品和版本说明”中的表1

SA系列单板、E3L系列单板不支持BGP/MPLS IP VPN功能，X1E系列单板在V200R006C00版本及后续版本支持BGP/MPLS IP VPN功能。

如需了解交换机软件配套详细信息，请点击Info-Finder，在选择产品系列或产品型号后，在“硬件中心”进行查询。

S5731-L和S5731S-L属于远端模块，不支持Web管理、YANG和命令行，仅支持通过中心交换机对其下发配置，相关操作请参见《S300, S500, S2700, S5700, S6700 V200R022C00 配置指南-设备管理》中的“智能极简园区网络配置（小行星方案）”。

组网需求

如图1所示：

CE1连接公司总部研发区、CE3连接分支机构研发区，CE1和CE3属于vpna；
CE2连接公司总部非研发区、CE4连接分支机构非研发区，CE2和CE4属于vpnb。

公司要求通过部署BGP/MPLS IP VPN，实现总部和分支机构的安全互通，同时要求研发区和非研发区间数据隔离。

配置思路

采用如下的思路配置BGP/MPLS IP VPN：

P、PE之间配置OSPF，实现骨干网的IP连通性。
PE、P上配置MPLS基本能力和MPLS LDP，建立MPLS LSP公网隧道，传输VPN数据。
PE1和PE2之间配置MP-IBGP，交换VPN路由信息。
PE1和PE2上配置VPN实例，其中，vpna使用的VPN-target属性为111:1，vpnb使用的VPN-target属性为222:2，以实现相同VPN间互通，不同VPN间隔离。同时，与CE相连的接口和相应的VPN实例绑定，以接入VPN用户。
CE与PE之间配置EBGP，交换VPN路由信息。

操作步骤

在MPLS骨干网上配置IGP协议，实现骨干网PE和P的互通


# 配置PE1。
 
<HUAWEI> system-view
[HUAWEI] sysname PE1
[PE1] interface loopback 1
[PE1-LoopBack1] ip address 1.1.1.9 32
[PE1-LoopBack1] quit
[PE1] vlan batch 10 20 30
[PE1] interface gigabitethernet 1/0/0
[PE1-GigabitEthernet1/0/0] port link-type trunk
[PE1-GigabitEthernet1/0/0] port trunk allow-pass vlan 10 
[PE1-GigabitEthernet1/0/0] quit
[PE1] interface gigabitethernet 2/0/0
[PE1-GigabitEthernet2/0/0] port link-type trunk
[PE1-GigabitEthernet2/0/0] port trunk allow-pass vlan 20 
[PE1-GigabitEthernet2/0/0] quit
[PE1] interface gigabitethernet 3/0/0
[PE1-GigabitEthernet3/0/0] port link-type trunk
[PE1-GigabitEthernet3/0/0] port trunk allow-pass vlan 30 
[PE1-GigabitEthernet3/0/0] quit
[PE1] interface vlanif 30
[PE1-Vlanif30] ip address 172.1.1.1 24
[PE1-Vlanif30] quit
[PE1] ospf 1 router-id 1.1.1.9
[PE1-ospf-1] area 0
[PE1-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255
[PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0
[PE1-ospf-1-area-0.0.0.0] quit
[PE1-ospf-1] quit
# 配置P。
 
<HUAWEI> system-view
[HUAWEI] sysname P
[P] interface loopback 1
[P-LoopBack1] ip address 2.2.2.9 32
[P-LoopBack1] quit
[P] vlan batch 30 60
[P] interface gigabitethernet 1/0/0 
[P-GigabitEthernet1/0/0] port link-type trunk
[P-GigabitEthernet1/0/0] port trunk allow-pass vlan 30
[P-GigabitEthernet1/0/0] quit
[P] interface gigabitethernet 2/0/0 
[P-GigabitEthernet2/0/0] port link-type trunk
[P-GigabitEthernet2/0/0] port trunk allow-pass vlan 60
[P-GigabitEthernet2/0/0] quit
[P] interface vlanif 30
[P-Vlanif30] ip address 172.1.1.2 24
[P-Vlanif30] quit
[P] interface vlanif 60
[P-Vlanif60] ip address 172.2.1.1 24
[P-Vlanif60] quit
[P] ospf 1 router-id 2.2.2.9
[P-ospf-1] area 0
[P-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255
[P-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255
[P-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0
[P-ospf-1-area-0.0.0.0] quit
[P-ospf-1] quit
# 配置PE2。
 
<HUAWEI> system-view
[HUAWEI] sysname PE2
[PE2] interface loopback 1
[PE2-LoopBack1] ip address 3.3.3.9 32
[PE2-LoopBack1] quit
[PE2] vlan batch 40 50 60
[PE2] interface gigabitethernet 1/0/0
[PE2-GigabitEthernet1/0/0] port link-type trunk
[PE2-GigabitEthernet1/0/0] port trunk allow-pass vlan 40
[PE2-GigabitEthernet1/0/0] quit
[PE2] interface gigabitethernet 2/0/0 
[PE2-GigabitEthernet2/0/0] port link-type trunk
[PE2-GigabitEthernet2/0/0] port trunk allow-pass vlan 50
[PE2-GigabitEthernet2/0/0] quit
[PE2] interface gigabitethernet 3/0/0 
[PE2-GigabitEthernet3/0/0] port link-type trunk
[PE2-GigabitEthernet3/0/0] port trunk allow-pass vlan 60
[PE2-GigabitEthernet3/0/0] quit
[PE2] interface vlanif 60
[PE2-Vlanif60] ip address 172.2.1.2 24
[PE2-Vlanif60] quit
[PE2] ospf 1 router-id 3.3.3.9
[PE2-ospf-1] area 0
[PE2-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255
[PE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0
[PE2-ospf-1-area-0.0.0.0] quit
[PE2-ospf-1] quit

配置完成后，PE1和P、P和PE2之间应能建立OSPF邻居关系，执行display ospf peer命令可以看到邻居状态为Full。执行display ip routing-table命令可以看到PE之间学习到对方的Loopback1路由。

以PE1的显示为例：


[PE1] display ip routing-table
Route Flags: R - relay, D - download to fib, T - to vpn-instance
------------------------------------------------------------------------------
Routing Tables: Public
         Destinations : 8       Routes : 8
 
  Destination/Mask    Proto  Pre  Cost     Flags NextHop         Interface
 
         1.1.1.9/32   Direct 0    0           D  127.0.0.1       LoopBack1
         2.2.2.9/32   OSPF   10   1           D  172.1.1.2       Vlanif30
         3.3.3.9/32   OSPF   10   2           D  172.1.1.2       Vlanif30
        127.0.0.0/8   Direct 0    0           D  127.0.0.1       InLoopBack0
       127.0.0.1/32   Direct 0    0           D  127.0.0.1       InLoopBack0
       172.1.1.0/24   Direct 0    0           D  172.1.1.1       Vlanif30
       172.1.1.1/32   Direct 0    0           D  127.0.0.1       Vlanif30
       172.2.1.0/24   OSPF   10   2           D  172.1.1.2       Vlanif30
[PE1] display ospf peer
 
          OSPF Process 1 with Router ID 1.1.1.9
                  Neighbors
 
 Area 0.0.0.0 interface 172.1.1.1(Vlanif30)'s neighbors
 Router ID: 2.2.2.9         Address: 172.1.1.2
   State: Full  Mode:Nbr is  Master  Priority: 1
   DR: 172.1.1.2  BDR: 172.1.1.1  MTU: 0 
   Dead timer due in 37  sec
   Retrans timer interval: 5 
   Neighbor is up for 00:16:21
   Authentication Sequence: [ 0 ]

在MPLS骨干网上配置MPLS基本能力和MPLS LDP，建立LDP LSP


 
[PE1] mpls lsr-id 1.1.1.9
[PE1] mpls
[PE1-mpls] quit
[PE1] mpls ldp
[PE1-mpls-ldp] quit
[PE1] interface vlanif 30
[PE1-Vlanif30] mpls
[PE1-Vlanif30] mpls ldp
[PE1-Vlanif30] quit
 
[P] mpls lsr-id 2.2.2.9
[P] mpls
[P-mpls] quit
[P] mpls ldp
[P-mpls-ldp] quit
[P] interface vlanif 30
[P-Vlanif30] mpls
[P-Vlanif30] mpls ldp
[P-Vlanif30] quit
[P] interface vlanif 60
[P-Vlanif60] mpls
[P-Vlanif60] mpls ldp
[P-Vlanif60] quit
 
[PE2] mpls lsr-id 3.3.3.9
[PE2] mpls
[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit
[PE2] interface vlanif 60
[PE2-Vlanif60] mpls
[PE2-Vlanif60] mpls ldp
[PE2-Vlanif60] quit
 
 
[PE1] display mpls ldp session
 
 LDP Session(s) in Public Network
 Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM)
 A '*' before a session means the session is being deleted. 
 ------------------------------------------------------------------------------
 PeerID            Status      LAM  SsnRole  SsnAge       KASent/Rcv
 ------------------------------------------------------------------------------
 2.2.2.9:0          Operational DU   Passive  0000:00:01  6/6
 ------------------------------------------------------------------------------
 TOTAL: 1 session(s) Found.
 
[PE1] display mpls ldp lsp
 
LDP LSP Information
 -------------------------------------------------------------------------------
 Flag after Out IF: (I) - LSP Is Only Iterated by RLFA
 -------------------------------------------------------------------------------
 DestAddress/Mask   In/OutLabel   UpstreamPeer     NextHop     OutInterface   
 -------------------------------------------------------------------------------
 1.1.1.9/32         3/NULL        2.2.2.9          127.0.0.1   InLoop0    
*1.1.1.9/32         Liberal/1024                   DS/2.2.2.9
 2.2.2.9/32         NULL/3        -                172.1.1.2   Vlanif30       
 2.2.2.9/32         1024/3        2.2.2.9          172.1.1.2   Vlanif30       
 3.3.3.9/32         NULL/1025     -                172.1.1.2   Vlanif30       
 3.3.3.9/32         1025/1025     2.2.2.9          172.1.1.2   Vlanif30      
 -------------------------------------------------------------------------------
 TOTAL: 5 Normal LSP(s) Found.
 TOTAL: 1 Liberal LSP(s) Found.
 TOTAL: 0 Frr LSP(s) Found.
 A '*' before an LSP means the LSP is not established 
 A '*' before a Label means the USCB or DSCB is stale 
 A '*' before a UpstreamPeer means the session is stale 
 A '*' before a DS means the session is stale 
 A '*' before a NextHop means the LSP is FRR LSP
 
在PE设备上配置VPN实例，将CE接入PE
 
[PE1] ip vpn-instance vpna
[PE1-vpn-instance-vpna] route-distinguisher 100:1
[PE1-vpn-instance-vpna-af-ipv4] vpn-target 111:1 both
[PE1-vpn-instance-vpna-af-ipv4] quit
[PE1-vpn-instance-vpna] quit
[PE1] ip vpn-instance vpnb
[PE1-vpn-instance-vpnb] route-distinguisher 100:2
[PE1-vpn-instance-vpnb-af-ipv4] vpn-target 222:2 both
[PE1-vpn-instance-vpnb-af-ipv4] quit
[PE1-vpn-instance-vpnb] quit
[PE1] interface vlanif 10
[PE1-Vlanif10] ip binding vpn-instance vpna
[PE1-Vlanif10] ip address 10.1.1.2 24
[PE1-Vlanif10] quit
[PE1] interface vlanif 20
[PE1-Vlanif20] ip binding vpn-instance vpnb
[PE1-Vlanif20] ip address 10.2.1.2 24
[PE1-Vlanif20] quit
 
[PE2] ip vpn-instance vpna
[PE2-vpn-instance-vpna] route-distinguisher 200:1
[PE2-vpn-instance-vpna-af-ipv4] vpn-target 111:1 both
[PE2-vpn-instance-vpna-af-ipv4] quit
[PE2-vpn-instance-vpna] quit
[PE2] ip vpn-instance vpnb
[PE2-vpn-instance-vpnb] route-distinguisher 200:2
[PE2-vpn-instance-vpnb-af-ipv4] vpn-target 222:2 both
[PE2-vpn-instance-vpnb-af-ipv4] quit
[PE2-vpn-instance-vpnb] quit
[PE2] interface vlanif 40
[PE2-Vlanif40] ip binding vpn-instance vpna
[PE2-Vlanif40] ip address 10.3.1.2 24
[PE2-Vlanif40] quit
[PE2] interface vlanif 50
[PE2-Vlanif50] ip binding vpn-instance vpnb
[PE2-Vlanif50] ip address 10.4.1.2 24
[PE2-Vlanif50] quit
 
<HUAWEI> system-view
[HUAWEI] sysname CE1
[CE1] vlan batch 10
[CE1] interface gigabitethernet 1/0/0
[CE1-GigabitEthernet1/0/0] port link-type trunk
[CE1-GigabitEthernet1/0/0] port trunk allow-pass vlan 10 
[CE1-GigabitEthernet1/0/0] quit
[CE1] interface vlanif 10
[CE1-Vlanif10] ip address 10.1.1.1 24
[CE1-Vlanif10] quit

配置完成后，在PE设备上执行display ip vpn-instance verbose命令可以看到VPN实例的配置情况。各PE能ping通自己接入的CE。

当PE上有多个接口绑定了同一个VPN，则使用ping -vpn-instance命令ping对端PE接入的CE时，要指定源IP地址，即要指定ping -vpn-instance vpn-instance-name -a source-ip-address dest-ip-address命令中的参数-a source-ip-address，否则可能ping不通。


以PE1为例：
 
[PE1] display ip vpn-instance verbose
 Total VPN-Instances configured : 2
 Total IPv4 VPN-Instances configured : 2
 Total IPv6 VPN-Instances configured : 0
 
 VPN-Instance Name and ID : vpna, 1
  Interfaces : Vlanif10
 Address family ipv4
  Create date : 2014-11-03 02:39:34+00:00
  Up time : 0 days, 22 hours, 24 minutes and 53 seconds
  Route Distinguisher : 100:1
  Export VPN Targets :  111:1
  Import VPN Targets :  111:1
  Label Policy : label per instance
  Per-Instance Label : 4098
  Log Interval : 5
 
 VPN-Instance Name and ID : vpnb, 2
  Interfaces : Vlanif20
 Address family ipv4
  Create date : 2014-11-03 02:39:34+00:00
  Up time : 0 days, 22 hours, 24 minutes and 53 seconds
  Route Distinguisher : 100:2
  Export VPN Targets :  222:2
  Import VPN Targets :  222:2
  Label Policy : label per instance
  Per-Instance Label : 4098
  Log Interval : 5
  
[PE1] ping -vpn-instance vpna 10.1.1.1
  PING 10.1.1.1: 56  data bytes, press CTRL_C to break
    Reply from 10.1.1.1: bytes=56 Sequence=1 ttl=255 time=5 ms
    Reply from 10.1.1.1: bytes=56 Sequence=2 ttl=255 time=3 ms
    Reply from 10.1.1.1: bytes=56 Sequence=3 ttl=255 time=3 ms
    Reply from 10.1.1.1: bytes=56 Sequence=4 ttl=255 time=3 ms
    Reply from 10.1.1.1: bytes=56 Sequence=5 ttl=255 time=16 ms
 
  --- 10.1.1.1 ping statistics ---
    5 packet(s) transmitted
    5 packet(s) received
    0.00% packet loss
    round-trip min/avg/max = 3/6/16 ms

在PE与CE之间建立EBGP对等体关系，引入VPN路由


# 配置连接公司总部研发区的CE1。CE2、CE3和CE4的配置与CE1类似，详见配置文件。
 
[CE1] bgp 65410
[CE1-bgp] peer 10.1.1.2 as-number 100
[CE1-bgp] import-route direct
[CE1-bgp] quit
# 配置PE1。PE2的配置与PE1类似，详见配置文件。
 
[PE1] bgp 100
[PE1-bgp] ipv4-family vpn-instance vpna
[PE1-bgp-vpna] peer 10.1.1.1 as-number 65410
[PE1-bgp-vpna] import-route direct
[PE1-bgp-vpna] quit
[PE1-bgp] ipv4-family vpn-instance vpnb
[PE1-bgp-vpnb] peer 10.2.1.1 as-number 65420
[PE1-bgp-vpnb] import-route direct
[PE1-bgp-vpnb] quit
[PE1-bgp] quit
配置完成后，在PE设备上执行display bgp vpnv4 vpn-instance peer命令，可以看到PE与CE之间的BGP对等体关系已建立，并达到Established状态。
 
以PE1与CE1的对等体关系为例：
 
[PE1] display bgp vpnv4 vpn-instance vpna peer
 
 BGP local router ID : 1.1.1.9
 Local AS number : 100
 VPN-Instance vpna, Router ID 1.1.1.9:
 Total number of peers : 1                 Peers in established state : 1
 
  Peer            V    AS  MsgRcvd  MsgSent  OutQ  Up/Down       State      PrefRcv
 
  10.1.1.1        4 65410       11        9     0 00:07:25      Established       1

在PE之间建立MP-IBGP对等体关系


# 配置PE1。
 
[PE1] bgp 100
[PE1-bgp] peer 3.3.3.9 as-number 100
[PE1-bgp] peer 3.3.3.9 connect-interface loopback 1
[PE1-bgp] ipv4-family vpnv4
[PE1-bgp-af-vpnv4] peer 3.3.3.9 enable
[PE1-bgp-af-vpnv4] quit
[PE1-bgp] quit
# 配置PE2。
 
[PE2] bgp 100
[PE2-bgp] peer 1.1.1.9 as-number 100
[PE2-bgp] peer 1.1.1.9 connect-interface loopback 1
[PE2-bgp] ipv4-family vpnv4
[PE2-bgp-af-vpnv4] peer 1.1.1.9 enable
[PE2-bgp-af-vpnv4] quit
[PE2-bgp] quit
配置完成后，在PE设备上执行display bgp peer或display bgp vpnv4 all peer命令，可以看到PE之间的BGP对等体关系已建立，并达到Established状态。
 
[PE1] display bgp peer
 
 BGP local router ID : 1.1.1.9
 Local AS number : 100
 Total number of peers : 1                 Peers in established state : 1
 
  Peer            V    AS  MsgRcvd  MsgSent  OutQ  Up/Down       State              PrefRcv
 
  3.3.3.9         4   100       12        6     0 00:02:21        Established       0
[PE1] display bgp vpnv4 all peer
 
BGP local router ID : 1.1.1.9
 Local AS number : 100
 Total number of peers : 3                 Peers in established state : 3
 
  Peer            V    AS  MsgRcvd  MsgSent    OutQ  Up/Down    State        PrefRcv
 
  3.3.3.9         4   100   12      18         0     00:09:38   Established   0
  Peer of IPv4-family for vpn instance :
 
 VPN-Instance vpna, Router ID 1.1.1.9: 
  10.1.1.1        4   65410  25     25         0     00:17:57   Established   1
 VPN-Instance vpnb, Router ID 1.1.1.9: 
  10.2.1.1        4   65420  21     22         0     00:17:10   Established   1

检查配置结果


在PE设备上执行display ip routing-table vpn-instance命令，可以看到去往对端CE的路由。
 
以PE1的显示为例：
 
[PE1] display ip routing-table vpn-instance vpna
Route Flags: R - relay, D - download to fib, T - to vpn-instance
------------------------------------------------------------------------------
Routing Tables: vpna
         Destinations : 3        Routes : 3
 
Destination/Mask    Proto  Pre  Cost     Flags NextHop         Interface
 
     10.1.1.0/24    Direct 0    0        D     10.1.1.2        Vlanif10
     10.1.1.2/32    Direct 0    0        D     127.0.0.1       Vlanif10
    10.3.1.0/24     IBGP   255  0        RD    3.3.3.9         Vlanif30
[PE1] display ip routing-table vpn-instance vpnb
Route Flags: R - relay, D - download to fib, T - to vpn-instance
------------------------------------------------------------------------------
Routing Tables: vpnb
         Destinations : 3        Routes : 3
 
Destination/Mask    Proto  Pre  Cost     Flags NextHop         Interface
 
     10.2.1.0/24    Direct 0    0        D     10.2.1.2        Vlanif20
     10.2.1.2/32    Direct 0    0        D     127.0.0.1       Vlanif20
    10.4.1.0/24    IBGP    255  0        RD    3.3.3.9         Vlanif30
同一VPN的CE能够相互Ping通，不同VPN的CE不能相互Ping通。
 
例如：连接公司总部研发区的CE1能够Ping通连接分支机构研发区的CE3（10.3.1.1），但不能Ping通连接分支机构非研发区的CE4（10.4.1.1）。
 
[CE1] ping 10.3.1.1
  PING 10.3.1.1: 56  data bytes, press CTRL_C to break
    Reply from 10.3.1.1: bytes=56 Sequence=1 ttl=253 time=72 ms
    Reply from 10.3.1.1: bytes=56 Sequence=2 ttl=253 time=34 ms
    Reply from 10.3.1.1: bytes=56 Sequence=3 ttl=253 time=50 ms
    Reply from 10.3.1.1: bytes=56 Sequence=4 ttl=253 time=50 ms
    Reply from 10.3.1.1: bytes=56 Sequence=5 ttl=253 time=34 ms
  --- 10.3.1.1 ping statistics ---
    5 packet(s) transmitted
    5 packet(s) received
    0.00% packet loss
    round-trip min/avg/max = 34/48/72 ms

配置文件


PE1的配置文件
 
#
sysname PE1
#
vlan batch 10 20 30
#
ip vpn-instance vpna
 ipv4-family
  route-distinguisher 100:1
  vpn-target 111:1 export-extcommunity
  vpn-target 111:1 import-extcommunity
#
ip vpn-instance vpnb
 ipv4-family
  route-distinguisher 100:2
  vpn-target 222:2 export-extcommunity
  vpn-target 222:2 import-extcommunity
#
mpls lsr-id 1.1.1.9
mpls
#
mpls ldp
#
interface Vlanif10
 ip binding vpn-instance vpna
 ip address 10.1.1.2 255.255.255.0
# 
interface Vlanif20
 ip binding vpn-instance vpnb
 ip address 10.2.1.2 255.255.255.0
#
interface Vlanif30
 ip address 172.1.1.1 255.255.255.0
 mpls
 mpls ldp
#
interface GigabitEthernet1/0/0
 port link-type trunk
 port trunk allow-pass vlan 10
# 
interface GigabitEthernet2/0/0
 port link-type trunk
 port trunk allow-pass vlan 20
#
interface GigabitEthernet3/0/0
 port link-type trunk
 port trunk allow-pass vlan 30
#
interface LoopBack1
 ip address 1.1.1.9 255.255.255.255
# 
bgp 100
 peer 3.3.3.9 as-number 100
 peer 3.3.3.9 connect-interface LoopBack1
 #
 ipv4-family unicast
  undo synchronization
  peer 3.3.3.9 enable
 #
 ipv4-family vpnv4
  policy vpn-target
  peer 3.3.3.9 enable
 #
 ipv4-family vpn-instance vpna
  import-route direct
  peer 10.1.1.1 as-number 65410
 #
 ipv4-family vpn-instance vpnb
  import-route direct
  peer 10.2.1.1 as-number 65420
#
ospf 1 router-id 1.1.1.9
 area 0.0.0.0
  network 1.1.1.9 0.0.0.0
  network 172.1.1.0 0.0.0.255
#
return
P的配置文件
 
#
sysname P
#
vlan batch 30 60
#
mpls lsr-id 2.2.2.9
mpls
#
mpls ldp
# 
interface Vlanif30
 ip address 172.1.1.2 255.255.255.0
 mpls
 mpls ldp
#
interface Vlanif60
 ip address 172.2.1.1 255.255.255.0
 mpls
 mpls ldp
#
interface GigabitEthernet1/0/0
 port link-type trunk
 port trunk allow-pass vlan 30
# 
interface GigabitEthernet2/0/0
 port link-type trunk
 port trunk allow-pass vlan 60
# 
interface LoopBack1
 ip address 2.2.2.9 255.255.255.255
#
ospf 1 router-id 2.2.2.9
 area 0.0.0.0
  network 2.2.2.9 0.0.0.0
  network 172.1.1.0 0.0.0.255
  network 172.2.1.0 0.0.0.255
#
return
PE2的配置文件
 
#
sysname PE2
#
vlan batch 40 50 60
#
ip vpn-instance vpna
 ipv4-family
  route-distinguisher 200:1
  vpn-target 111:1 export-extcommunity
  vpn-target 111:1 import-extcommunity
#
ip vpn-instance vpnb
 ipv4-family
  route-distinguisher 200:2
  vpn-target 222:2 export-extcommunity
  vpn-target 222:2 import-extcommunity
#
mpls lsr-id 3.3.3.9
mpls
#
mpls ldp
#
interface Vlanif40
 ip binding vpn-instance vpna
 ip address 10.3.1.2 255.255.255.0
#
interface Vlanif50
 ip binding vpn-instance vpnb
 ip address 10.4.1.2 255.255.255.0
#
interface Vlanif60
 ip address 172.2.1.2 255.255.255.0
 mpls
 mpls ldp
#
interface GigabitEthernet1/0/0
 port link-type trunk
 port trunk allow-pass vlan 40
# 
interface GigabitEthernet2/0/0
 port link-type trunk
 port trunk allow-pass vlan 50
# 
interface GigabitEthernet3/0/0
 port link-type trunk
 port trunk allow-pass vlan 60
# 
interface LoopBack1
 ip address 3.3.3.9 255.255.255.255
#
bgp 100
 peer 1.1.1.9 as-number 100
 peer 1.1.1.9 connect-interface LoopBack1
 #
 ipv4-family unicast
  undo synchronization
  peer 1.1.1.9 enable
 #
 ipv4-family vpnv4
  policy vpn-target
  peer 1.1.1.9 enable 
 #
 ipv4-family vpn-instance vpna
  import-route direct
  peer 10.3.1.1 as-number 65430
 #
 ipv4-family vpn-instance vpnb
  import-route direct
  peer 10.4.1.1 as-number 65440
#
ospf 1 router-id 3.3.3.9
 area 0.0.0.0
  network 3.3.3.9 0.0.0.0
  network 172.2.1.0 0.0.0.255
# 
return
连接公司总部研发区的CE1的配置文件
 
#
sysname CE1
#
vlan batch 10
#
interface Vlanif10
 ip address 10.1.1.1 255.255.255.0
#
interface GigabitEthernet1/0/0
 port link-type trunk
 port trunk allow-pass vlan 10
#
bgp 65410
 peer 10.1.1.2 as-number 100
 #
 ipv4-family unicast
  undo synchronization
  import-route direct
  peer 10.1.1.2 enable
#
return
连接公司总部非研发区的CE2的配置文件
 
#
sysname CE2
#
vlan batch 20
#
interface Vlanif20
 ip address 10.2.1.1 255.255.255.0
#
interface GigabitEthernet1/0/0
 port link-type trunk
 port trunk allow-pass vlan 20
#
bgp 65420
 peer 10.2.1.2 as-number 100
 #
 ipv4-family unicast
  undo synchronization
  import-route direct
  peer 10.2.1.2 enable
#
return
连接分支机构研发区的CE3的配置文件
 
#
sysname CE3
#
vlan batch 40
#
interface Vlanif40
 ip address 10.3.1.1 255.255.255.0
#
interface GigabitEthernet1/0/0
 port link-type trunk
 port trunk allow-pass vlan 40
#
bgp 65430
 peer 10.3.1.2 as-number 100
 #
 ipv4-family unicast
  undo synchronization
  import-route direct
  peer 10.3.1.2 enable
#
return
连接分支机构非研发区的CE4的配置文件
 
#
sysname CE4
#
vlan batch 50
#
interface Vlanif50
 ip address 10.4.1.1 255.255.255.0
#
interface GigabitEthernet1/0/0
 port link-type trunk
 port trunk allow-pass vlan 50
#
bgp 65440
 peer 10.4.1.2 as-number 100
 #
 ipv4-family unicast
  undo synchronization
  import-route direct
  peer 10.4.1.2 enable
#
return

声明：本文内容由网友自发贡献，不代表【wpsshop博客】立场，版权归原作者所有，本站不承担相应法律责任。如您发现有侵权的内容，请联系我们。转载请注明出处：https://www.wpsshop.cn/w/Monodyee/article/detail/71789