配置设备之间部署BGP/MPLS IP VPN实现互通的示例

适用产品和版本

适用于所有版本。

AR100&AR120&AR160系列、AR301、AR301H和AR301W不支持此功能。

组网需求

如图1:

  • CE1、CE3属于vpna。

  • CE2、CE4属于vpnb。

  • vpna使用的VPN-target属性为111:1,vpnb为222:2。

  • 不同VPN用户之间不能互相访问。

图1 配置BGP/MPLS IP VPN组网图

操作步骤
  1. 配置PE1
    #
     sysname PE1
    #
    ip vpn-instance vpna  //创建VPN实例vpna
     ipv4-family
      route-distinguisher 100:1
      vpn-target 111:1 export-extcommunity
      vpn-target 111:1 import-extcommunity
    #
    ip vpn-instance vpnb  //创建VPN实例vpnb
     ipv4-family
      route-distinguisher 100:2
      vpn-target 222:2 export-extcommunity
      vpn-target 222:2 import-extcommunity
    #
    mpls lsr-id 1.1.1.9  //配置MPLS
    mpls
    #
    mpls ldp  //建立LDP
    #
    interface Ethernet1/0/0  //绑定VPN实例
     ip binding vpn-instance vpna
     ip address 10.1.1.2 255.255.255.0
    #
    interface Ethernet2/0/0
     ip binding vpn-instance vpnb  //绑定VPN实例
     ip address 10.2.1.2 255.255.255.0
    #
    interface Ethernet2/0/1  //接口使能MPLS
     ip address 172.1.1.1 255.255.255.0
     mpls
     mpls ldp
    #
    interface LoopBack1
     ip address 1.1.1.9 255.255.255.255
    #
    bgp 100  //配置MP-IBGP对等体
     peer 3.3.3.9 as-number 100
     peer 3.3.3.9 connect-interface LoopBack1
     #
     ipv4-family unicast
      undo synchronization
      peer 3.3.3.9 enable
     #
     ipv4-family vpnv4  //使能对等体交换VPNv4路由信息的能力
      policy vpn-target
      peer 3.3.3.9 enable
     #
     ipv4-family vpn-instance vpna  //配置PE与CE之间建立EBGP对等体关系,引入VPN路由
      peer 10.1.1.1 as-number 65410
      import-route direct
     #
     ipv4-family vpn-instance vpnb  //配置PE与CE之间建立EBGP对等体关系,引入VPN路由
      peer 10.2.1.1 as-number 65420
      import-route direct
    #
    ospf 1  //配置公网路由
     area 0.0.0.0
      network 172.1.1.0 0.0.0.255
      network 1.1.1.9 0.0.0.0
    #
    return
  2. 配置P
    #
     sysname P
    #
    mpls lsr-id 2.2.2.9  //配置MPLS
    mpls
    #
    mpls ldp
    #
    interface Ethernet1/0/0
     ip address 172.1.1.2 255.255.255.0
     mpls
     mpls ldp
    #
    interface Ethernet2/0/0
     ip address 172.2.1.1 255.255.255.0
     mpls
     mpls ldp
    #
    interface LoopBack1
     ip address 2.2.2.9 255.255.255.255
    #
    ospf 1  //配置公网路由
     area 0.0.0.0
      network 172.1.1.0 0.0.0.255
      network 172.2.1.0 0.0.0.255
      network 2.2.2.9 0.0.0.0
    #
    return
  3. 配置PE2
    #
     sysname PE2
    #
    ip vpn-instance vpna  //创建VPN实例vpna
     ipv4-family
      route-distinguisher 200:1
      vpn-target 111:1 export-extcommunity
      vpn-target 111:1 import-extcommunity
    #
    ip vpn-instance vpnb  //创建VPN实例vpnb
     ipv4-family
      route-distinguisher 200:2
      vpn-target 222:2 export-extcommunity
      vpn-target 222:2 import-extcommunity
    #
    mpls lsr-id 3.3.3.9  //配置MPLS LSR
    mpls
    #
    mpls ldp
    #
    interface Ethernet1/0/0 //绑定VPN实例
     ip binding vpn-instance vpna
     ip address 10.3.1.2 255.255.255.0
    #
    interface Ethernet2/0/0  //绑定VPN实例
     ip binding vpn-instance vpnb
     ip address 10.4.1.2 255.255.255.0
    #
    interface Ethernet2/0/1  //接口使能MPLS
     ip address 172.2.1.2 255.255.255.0
     mpls
     mpls ldp
    #
    interface LoopBack1
     ip address 3.3.3.9 255.255.255.255
    #
    bgp 100  //配置MP-IBGP对等体
     peer 1.1.1.9 as-number 100
     peer 1.1.1.9 connect-interface LoopBack1
     #
     ipv4-family unicast
      undo synchronization
      peer 1.1.1.9 enable
     #
     ipv4-family vpnv4  //使能对等体交换VPNv4路由信息的能力
      policy vpn-target
      peer 1.1.1.9 enable
     #
     ipv4-family vpn-instance vpna  //配置PE与CE之间建立EBGP对等体关系,引入VPN路由
      peer 10.3.1.1 as-number 65430
      import-route direct
     #
     ipv4-family vpn-instance vpnb  //配置PE与CE之间建立EBGP对等体关系,引入VPN路由
      peer 10.4.1.1 as-number 65440
      import-route direct
    #
    ospf 1  //配置公网路由
     area 0.0.0.0
      network 172.2.1.0 0.0.0.255
      network 3.3.3.9 0.0.0.0
    #
    return
  4. 配置CE1
    #
     sysname CE1
    #
    interface Ethernet1/0/0
     ip address 10.1.1.1 255.255.255.0
    #
    bgp 65410  //在PE与CE之间建立EBGP对等体关系
     peer 10.1.1.2 as-number 100
     #
     ipv4-family unicast
      undo synchronization
      import-route direct  //引入直连路由
      peer 10.1.1.2 enable
    #
    return
  5. 配置CE2
    #
     sysname CE2
    #
    interface Ethernet1/0/0
     ip address 10.2.1.1 255.255.255.0
    #
    bgp 65420  //在PE与CE之间建立EBGP对等体关系
     peer 10.2.1.2 as-number 100
     #
     ipv4-family unicast
      undo synchronization
      import-route direct  //引入直连路由
      peer 10.2.1.2 enable
    #
    return
  6. 配置CE3
    #
     sysname CE3
    #
    interface Ethernet1/0/0
     ip address 10.3.1.1 255.255.255.0
    #
    bgp 65430  //在PE与CE之间建立EBGP对等体关系
     peer 10.3.1.2 as-number 100
     #
     ipv4-family unicast
      undo synchronization
      import-route direct  //引入直连路由
      peer 10.3.1.2 enable
    #
    return
  7. 配置CE4
    #
     sysname CE4
    #
    interface Ethernet1/0/0
     ip address 10.4.1.1 255.255.255.0
    #
    bgp 65440  //在PE与CE之间建立EBGP对等体关系
     peer 10.4.1.2 as-number 100
     #
     ipv4-family unicast
      undo synchronization
      import-route direct  //引入直连路由
      peer 10.4.1.2 enable
    #
    return
配置注意事项
  • PE之间必须使用32位掩码的Loopback接口地址来建立MP-IBGP对等体关系,以便能够迭代到隧道。