全网最详MPLS VPN（Option A跨域）实验详解（华为ENSP）

全网最详MPLS VPN（Option A跨域）实验详解（华为ENSP）

引用

CSDN

1.

https://m.blog.csdn.net/myrouya/article/details/144739651

一、实验拓扑

本实验使用华为ENSP设备，主要涉及MPLS VPN（Option A跨域）的配置。实验拓扑图展示了各设备的连接关系。

二、实验要求

1. 在AS 200内部，使用OSPF 10建立邻居关系，并使用BGP协议建立公网连接。IBGP邻居使用环回接口地址，格式为X.X.X.X/32；EBGP邻居使用物理接口建立。
2. 使用MPLS VPN实现两端私网的互通，仅传递以192开头的业务网段。

三、实验思路

• 蓝色部分表示OSPF 11区域
• 红色部分表示OSPF 10和BGP 100/200区域
• 黄色部分表示两个MPLS VPN实例（由于涉及两个AS，需要使用两个VPN实例）

四、实验步骤

AR1配置

interface Mp-group0/0/0
ip address 10.0.0.1 255.255.255.0
nat outbound 2000

interface Serial3/0/0
link-protocol ppp
ppp mp Mp-group 0/0/0

interface Serial3/0/1
link-protocol ppp
ppp mp Mp-group 0/0/0

ospf 1 router-id 1.1.1.1
default-route-advertise
area 0.0.0.0
network 172.16.0.18 0.0.0.0
network 172.16.0.22 0.0.0.0
network 172.16.0.26 0.0.0.0

ospf 11
area 0.0.0.0
network 0.0.0.0 255.255.255.255
network 10.0.0.1 0.0.0.0

AR2配置

ospf 10
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 10.0.1.2 0.0.0.0
network 100.100.100.100 0.0.0.0

ospf 11 router-id 2.2.2.2 vpn-instance a
import-route bgp
area 0.0.0.0
network 10.0.0.2 0.0.0.0

bgp 100
peer 11.11.11.11 as-number 100
peer 11.11.11.11 connect-interface LoopBack1

ipv4-family unicast
undo synchronization
peer 11.11.11.11 enable

ipv4-family vpnv4
policy vpn-target
peer 11.11.11.11 enable

ipv4-family vpn-instance a
import-route ospf 11

ip vpn-instance a
ipv4-family
route-distinguisher 100:1
vpn-target 100:1 export-extcommunity
vpn-target 100:1 import-extcommunity

interface Mp-group0/0/0
ip binding vpn-instance a
ip address 10.0.0.2 255.255.255.0

interface Serial3/0/0
link-protocol ppp
ppp mp Mp-group 0/0/0

interface Serial3/0/1
link-protocol ppp
ppp mp Mp-group 0/0/0

mpls lsr-id 2.2.2.2
mpls
mpls ldp

interface GigabitEthernet0/0/0
ip address 10.0.1.2 255.255.255.0
mpls
mpls ldp

AR11配置

ip vpn-instance a
ipv4-family
route-distinguisher 100:1
vpn-target 100:1 export-extcommunity
vpn-target 100:1 import-extcommunity

mpls lsr-id 11.11.11.11
mpls
mpls ldp

interface GigabitEthernet0/0/0
ip address 10.0.1.11 255.255.255.0
mpls
mpls ldp

bgp 100
peer 2.2.2.2 as-number 100
peer 2.2.2.2 connect-interface LoopBack1
peer 10.0.3.12 as-number 200

ipv4-family unicast
undo synchronization
peer 2.2.2.2 enable
peer 2.2.2.2 next-hop-local
peer 10.0.3.12 enable

ipv4-family vpnv4
policy vpn-target
peer 2.2.2.2 enable

ipv4-family vpn-instance a
peer 10.0.3.12 as-number 200

ospf 10
area 0.0.0.0
network 10.0.1.11 0.0.0.0
network 11.11.11.11 0.0.0.0

interface GigabitEthernet0/0/1
ip binding vpn-instance a
ip address 10.0.3.11 255.255.255.0

AR12配置

ip vpn-instance a
ipv4-family
route-distinguisher 200:1
vpn-target 200:1 export-extcommunity
vpn-target 200:1 import-extcommunity

mpls lsr-id 12.12.12.12
mpls
mpls ldp

interface GigabitEthernet0/0/1
ip address 10.0.4.12 255.255.255.0
mpls
mpls ldp

bgp 200
peer 3.3.3.3 as-number 200
peer 3.3.3.3 connect-interface LoopBack1
peer 10.0.3.11 as-number 100

ipv4-family unicast
undo synchronization
peer 3.3.3.3 enable
peer 3.3.3.3 next-hop-local
peer 10.0.3.11 enable

ipv4-family vpnv4
policy vpn-target
peer 3.3.3.3 enable

ipv4-family vpn-instance a
peer 10.0.3.11 as-number 100

ospf 10
area 0.0.0.0
network 10.0.4.12 0.0.0.0
network 12.12.12.12 0.0.0.0

interface GigabitEthernet0/0/0
ip binding vpn-instance a
ip address 10.0.3.12 255.255.255.0

AR3配置

ospf 10
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 10.0.4.3 0.0.0.0

ospf 11 router-id 3.3.3.3 vpn-instance a
import-route bgp
area 0.0.0.0
network 10.0.2.3 0.0.0.0

bgp 200
peer 12.12.12.12 as-number 200
peer 12.12.12.12 connect-interface LoopBack0

ipv4-family unicast
undo synchronization
peer 12.12.12.12 enable

ipv4-family vpnv4
policy vpn-target
peer 12.12.12.12 enable

ipv4-family vpn-instance a
import-route ospf 11

ip vpn-instance a
ipv4-family
route-distinguisher 200:1
vpn-target 200:1 export-extcommunity
vpn-target 200:1 import-extcommunity

interface GigabitEthernet0/0/1
ip binding vpn-instance a
ip address 10.0.2.3 255.255.255.0

mpls lsr-id 3.3.3.3
mpls
mpls ldp

interface GigabitEthernet0/0/0
ip address 10.0.4.3 255.255.255.0
mpls
mpls ldp

AR4配置

ospf 11
area 0.0.0.0
network 4.4.4.4 0.0.0.0
network 10.0.2.4 0.0.0.0

五、实验结果验证

查看AR2设备的VPN路由表：

[a2]dis ip routing-table vpn-instance a
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: a
Destinations : 7 Routes : 7
Destination/Mask Proto Pre Cost Flags NextHop Interface
4.4.4.4/32 IBGP 255 0 RD 11.11.11.11 GigabitEthernet
0/0/0
10.0.0.0/24 Direct 0 0 D 10.0.0.2 Mp-group0/0/0
10.0.0.1/32 Direct 0 0 D 10.0.0.1 Mp-group0/0/0
10.0.0.2/32 Direct 0 0 D 127.0.0.1 Mp-group0/0/0
10.0.0.255/32 Direct 0 0 D 127.0.0.1 Mp-group0/0/0
10.0.2.0/24 IBGP 255 0 RD 11.11.11.11 GigabitEthernet
0/0/0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
[a2]

验证PC1到AR4上行接口的连通性：

PC1 ping AR4的上行接口

结果显示连通性正常，说明MPLS VPN配置成功。