适用产品和版本
适用于所有版本。
AR100&AR120&AR160系列、AR301、AR301H和AR301W不支持此功能。
组网需求
如图1:
-
CE1、CE3属于vpna。
-
CE2、CE4属于vpnb。
-
vpna使用的VPN-target属性为111:1,vpnb为222:2。
-
不同VPN用户之间不能互相访问。
图1 配置BGP/MPLS IP VPN组网图
操作步骤
- 配置PE1
# sysname PE1 # ip vpn-instance vpna //创建VPN实例vpna ipv4-family route-distinguisher 100:1 vpn-target 111:1 export-extcommunity vpn-target 111:1 import-extcommunity # ip vpn-instance vpnb //创建VPN实例vpnb ipv4-family route-distinguisher 100:2 vpn-target 222:2 export-extcommunity vpn-target 222:2 import-extcommunity # mpls lsr-id 1.1.1.9 //配置MPLS mpls # mpls ldp //建立LDP # interface Ethernet1/0/0 //绑定VPN实例 ip binding vpn-instance vpna ip address 10.1.1.2 255.255.255.0 # interface Ethernet2/0/0 ip binding vpn-instance vpnb //绑定VPN实例 ip address 10.2.1.2 255.255.255.0 # interface Ethernet2/0/1 //接口使能MPLS ip address 172.1.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.9 255.255.255.255 # bgp 100 //配置MP-IBGP对等体 peer 3.3.3.9 as-number 100 peer 3.3.3.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 3.3.3.9 enable # ipv4-family vpnv4 //使能对等体交换VPNv4路由信息的能力 policy vpn-target peer 3.3.3.9 enable # ipv4-family vpn-instance vpna //配置PE与CE之间建立EBGP对等体关系,引入VPN路由 peer 10.1.1.1 as-number 65410 import-route direct # ipv4-family vpn-instance vpnb //配置PE与CE之间建立EBGP对等体关系,引入VPN路由 peer 10.2.1.1 as-number 65420 import-route direct # ospf 1 //配置公网路由 area 0.0.0.0 network 172.1.1.0 0.0.0.255 network 1.1.1.9 0.0.0.0 # return
- 配置P
# sysname P # mpls lsr-id 2.2.2.9 //配置MPLS mpls # mpls ldp # interface Ethernet1/0/0 ip address 172.1.1.2 255.255.255.0 mpls mpls ldp # interface Ethernet2/0/0 ip address 172.2.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.9 255.255.255.255 # ospf 1 //配置公网路由 area 0.0.0.0 network 172.1.1.0 0.0.0.255 network 172.2.1.0 0.0.0.255 network 2.2.2.9 0.0.0.0 # return
- 配置PE2
# sysname PE2 # ip vpn-instance vpna //创建VPN实例vpna ipv4-family route-distinguisher 200:1 vpn-target 111:1 export-extcommunity vpn-target 111:1 import-extcommunity # ip vpn-instance vpnb //创建VPN实例vpnb ipv4-family route-distinguisher 200:2 vpn-target 222:2 export-extcommunity vpn-target 222:2 import-extcommunity # mpls lsr-id 3.3.3.9 //配置MPLS LSR mpls # mpls ldp # interface Ethernet1/0/0 //绑定VPN实例 ip binding vpn-instance vpna ip address 10.3.1.2 255.255.255.0 # interface Ethernet2/0/0 //绑定VPN实例 ip binding vpn-instance vpnb ip address 10.4.1.2 255.255.255.0 # interface Ethernet2/0/1 //接口使能MPLS ip address 172.2.1.2 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 3.3.3.9 255.255.255.255 # bgp 100 //配置MP-IBGP对等体 peer 1.1.1.9 as-number 100 peer 1.1.1.9 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 1.1.1.9 enable # ipv4-family vpnv4 //使能对等体交换VPNv4路由信息的能力 policy vpn-target peer 1.1.1.9 enable # ipv4-family vpn-instance vpna //配置PE与CE之间建立EBGP对等体关系,引入VPN路由 peer 10.3.1.1 as-number 65430 import-route direct # ipv4-family vpn-instance vpnb //配置PE与CE之间建立EBGP对等体关系,引入VPN路由 peer 10.4.1.1 as-number 65440 import-route direct # ospf 1 //配置公网路由 area 0.0.0.0 network 172.2.1.0 0.0.0.255 network 3.3.3.9 0.0.0.0 # return
- 配置CE1
# sysname CE1 # interface Ethernet1/0/0 ip address 10.1.1.1 255.255.255.0 # bgp 65410 //在PE与CE之间建立EBGP对等体关系 peer 10.1.1.2 as-number 100 # ipv4-family unicast undo synchronization import-route direct //引入直连路由 peer 10.1.1.2 enable # return
- 配置CE2
# sysname CE2 # interface Ethernet1/0/0 ip address 10.2.1.1 255.255.255.0 # bgp 65420 //在PE与CE之间建立EBGP对等体关系 peer 10.2.1.2 as-number 100 # ipv4-family unicast undo synchronization import-route direct //引入直连路由 peer 10.2.1.2 enable # return
- 配置CE3
# sysname CE3 # interface Ethernet1/0/0 ip address 10.3.1.1 255.255.255.0 # bgp 65430 //在PE与CE之间建立EBGP对等体关系 peer 10.3.1.2 as-number 100 # ipv4-family unicast undo synchronization import-route direct //引入直连路由 peer 10.3.1.2 enable # return
- 配置CE4
# sysname CE4 # interface Ethernet1/0/0 ip address 10.4.1.1 255.255.255.0 # bgp 65440 //在PE与CE之间建立EBGP对等体关系 peer 10.4.1.2 as-number 100 # ipv4-family unicast undo synchronization import-route direct //引入直连路由 peer 10.4.1.2 enable # return
配置注意事项
- PE之间必须使用32位掩码的Loopback接口地址来建立MP-IBGP对等体关系,以便能够迭代到隧道。