「MPLS-VPN」- 基础实验(华为设备)

  CREATED BY JENKINSBOT

拓扑信息

基础配置

整个环境基础 IP 地址,以用于实现三层网络互通;
配置 IGP 互通,实现 MPLS Domain 的 IP 互通;
配置 MPLS Domain 服务,实现 MPLS 环境;

注意,基础配置这里不再赘述,与常规配置并无差异;

配置 VRF 实例

VRF、RD、RT、Assign Interface to VRF 

[PE-01]ip vpn-instance CORP-01-HQ
[PE-01-vpn-instance-CORP-01-HQ-af-ipv4] route-distinguisher 100:1               # 建议两端配置不同参数
[PE-01-vpn-instance-CORP-01-HQ-af-ipv4] vpn-target 100:100 both                 # 两端的出入值需要对应保持一致

[PE-01-GigabitEthernet0/0/0] ip binding vpn-instance CORP-01-HQ
[PE-01-GigabitEthernet0/0/0] ip address 10.0.61.1 255.255.255.0

ping -vpn-instance CORP-01-HQ 10.0.61.6

--------------------------------------------------------------------------------

PE-02,配置类似,这里不再赘述

配置 IGP 协议(CE ⇔ PE)

使用 OSPF 协议: 

[PE-01]ospf 2 vpn-instance CORP-01-HQ
[PE-01-ospf-2]area 1
[PE-01-ospf-2-area-0.0.0.1]network 10.0.61.1 0.0.0.0

[CORP-01-HQ]ospf 1
[CORP-01-HQ-ospf-1]area 1	
[CORP-01-HQ-ospf-1-area-0.0.0.1]network 10.0.61.6 0.0.0.0
[CORP-01-HQ-ospf-1-area-0.0.0.1]network 10.6.6.6 0.0.0.0

display ip route-table vpn-instance CORP-01-HQ

--------------------------------------------------------------------------------

PE-02 与 CORP-01-SUB,配置类似,这里不再赘述

如果使用 BGP 协议:
1)[PE],需要到 [bgp] ipv4-family vpn-instance 中进行 peer enable;

配置 MP-BGP 协议(PE ⇒ PE)

[PE-01]bgp 100 
[PE-01-bgp]peer 10.4.4.4 as-number 100 
[PE-01-bgp]peer 10.4.4.4 connect-interface LoopBack 0
[PE-01-bgp]ipv4-family vpnv4 unicast 
[PE-01-bgp-af-vpnv4]peer 10.4.4.4 enable 

[PE-01-bgp]ipv4-family unicast                                                  # 拆除 IPv4 BGP Peer 关系,其与本实验无关; 	
[PE-01-bgp-af-ipv4]undo peer 10.4.4.4 enable
[PE-01-bgp-af-ipv4]display bgp peer                                             # 此时,输出应该为空

display bgp vpnv4 all peer                                                      # 查看 MP-BGP VPNv4 邻居关系

--------------------------------------------------------------------------------

PE-02,配置类似,这里不再赘述

IPv4 Family VPNv4 Unicast
Undo IPv4 Faily Unicast

路由引入(IGP ⇔ BGP)

Import OSPF Route in BGP VPN Instance 

// Local-CE (OSPF) => Local-PE (MP-BGP) 

[PE-01-bgp] ipv4-family vpn-instance CORP-01-HQ                                 # 进入 VRF-INST 再引入
[PE-01-bgp-CORP-01-HQ] import-route ospf 2

display bgp vpnv4 all routing-table
display bgp vpnv4 all routing-table label

// Remote-PE (MP-BGP) => Remote-CE (OSPF)

[PE-02]ospf 2 vpn-instance CORP-01-SUB
[PE-02-ospf-2]import-route bgp

[CORP-01-SUB]display ip routing-table

--------------------------------------------------------------------------------

同样,Remote-CE 的 路由需要进入 Local PE,也需要如上引入过程,配置类似,这里不再赘述;

访问测试

PC2 ping PC1: 

PC> ping 192.168.1.1

在 P-01 和 P-02 间,执行 ICMP 抓包: 

Frame 118: 82 bytes on wire (656 bits), 82 bytes captured (656 bits) on interface -, id 0
Ethernet II, Src: HuaweiTe_30:80:e3 (00:e0:fc:30:80:e3), Dst: HuaweiTe_ed:04:ed (00:e0:fc:ed:04:ed)
MultiProtocol Label Switching Header, Label: 1024, Exp: 0, S: 0, TTL: 125
MultiProtocol Label Switching Header, Label: 1032, Exp: 0, S: 1, TTL: 126
Internet Protocol Version 4, Src: 192.168.2.1, Dst: 192.168.1.1
Internet Control Message Protocol