配置CE使用私网GRE接入
如下图所示,PE1和PE2位于MPLS骨干网中,CE1和PE1之间为私有网络,其间通过设备R1互联,CE2与PE2直连,CE1与CE2属于同一个VPN,要求他们之间能够互相通信;
PE1上没有与CE1直连的接口,无法将VPN实例与物理接口进行绑定,通过在CE1与PE1之间建立一条GRE隧道穿越私网,在PE1上将VPN与GRE隧道进行绑定,实现CE1通过GRE隧道接入到VPN中;
接口IP地址配置:
[r1]int g0/0/0
[r1-GigabitEthernet0/0/0]ip address 12.1.1.1 24
其他接口配置省略;
需要绑定VPN实例的接口,先不要配置IP地址,绑定时会将接口下所有配置删除,如上图中的R3 G0/0/1、R4 G0/0/1
配置MPLS VPN:
首先配置PE1与PE2之间的OSPF 100,其次构建MPLS
[r3]ospf 100 router-id 93.3.3.3
[r3-ospf-100]area 0
[r3-ospf-100-area-0.0.0.0]network 34.1.1.0 0.0.0.255
[r3-ospf-100-area-0.0.0.0]network 3.3.3.3 0.0.0.0
[r3]mpls lsr-id 3.3.3.3
[r3]mpls
[r3-mpls]lsp-trigger all
[r3]mpls ldp
[r3]int g0/0/0
[r3-GigabitEthernet0/0/0]mpls
[r3-GigabitEthernet0/0/0]mpls ldp
[r4]ospf 100 router-id 94.4.4.4
[r4-ospf-100]area 0
[r4-ospf-100-area-0.0.0.0]network 34.1.1.0 0.0.0.255
[r4-ospf-100-area-0.0.0.0]network 4.4.4.4 0.0.0.0
[r4]mpls lsr-id 4.4.4.4
[r4]mpls
[r4-mpls]lsp-trigger all
[r4]mpls ldp
[r4]int g0/0/0
[r4-GigabitEthernet0/0/0]mpls
[r4-GigabitEthernet0/0/0]mpls ldp
创建VPN实例:
[r3]ip vpn-instance vpn1
[r3-vpn-instance-vpn1]route-distinguisher 100:1
[r3-vpn-instance-vpn1-af-ipv4]vpn-target 111:1 export-extcommunity
[r3-vpn-instance-vpn1-af-ipv4]vpn-target 111:1 import-extcommunity
[r4]ip vpn-instance vpn1
[r4-vpn-instance-vpn1]route-distinguisher 200:1
[r4-vpn-instance-vpn1-af-ipv4]vpn-target 111:1 export-extcommunity
[r4-vpn-instance-vpn1-af-ipv4]vpn-target 111:1 import-extcommunity
创建GRE,并且绑定VPN实例:
[r1]int Tunnel 0/0/0
[r1-Tunnel0/0/0]ip address 100.1.1.1 24
[r1-Tunnel0/0/0]tunnel-protocol gre
[r1-Tunnel0/0/0]source 12.1.1.1
[r1-Tunnel0/0/0]destination 23.1.1.2
[r3]int Tunnel 0/0/0
[r3-Tunnel0/0/0]ip binding vpn-instance vpn1
Info: All IPv4 related configurations on this interface are removed!
Info: All IPv6 related configurations on this interface are removed!
[r3-Tunnel0/0/0]ip address 100.1.1.2 24
[r3-Tunnel0/0/0]tunnel-protocol gre
[r3-Tunnel0/0/0]source 23.1.1.2
[r3-Tunnel0/0/0]destination vpn-instance vpn1 12.1.1.1
将PE2的VPN实例绑定边缘接口:
[r4]int g0/0/1
[r4-GigabitEthernet0/0/1]ip binding vpn-instance vpn1
[r4-GigabitEthernet0/0/1]ip address 45.1.1.1 24
配置OSPF 200:
[r1]ospf 200 router-id 91.1.1.1
[r1-ospf-200]area 0
[r1-ospf-200-area-0.0.0.0]network 12.1.1.0 0.0.0.255
[r2]ospf 200 router-id 92.2.2.2
[r2-ospf-200]area 0
[r2-ospf-200-area-0.0.0.0]network 12.1.1.0 0.0.0.255
[r2-ospf-200-area-0.0.0.0]network 23.1.1.0 0.0.0.255
[r3]ospf 200 vpn-instance vpn1
[r3-ospf-200]area 0
[r3-ospf-200-area-0.0.0.0]network 23.1.1.0 0.0.0.255
配置ISIS 1:
[r1]isis 1
[r1-isis-1]network-entity 10.0000.0000.0001.00
[r1]int Tunnel 0/0/0
[r1-Tunnel0/0/0]isis enable 1
[r1]int l1
[r1-LoopBack1]isis enable 1
[r3]isis 1 vpn-instance vpn1
[r3-isis-1]network-entity 10.0000.0000.0002.00
[r3]int t0/0/0
[r3-Tunnel0/0/0]isis enable 1
[r4]isis 1 vpn-instance vpn1
[r4-isis-1]network-entity 10.0000.0000.0004.00
[r4]int g0/0/1
[r4-GigabitEthernet0/0/1]isis enable 1
[r5]isis 1
[r5-isis-1]network-entity 10.0000.0000.0003.00
[r5]int g0/0/1
[r5-GigabitEthernet0/0/1]isis enable 1
[r5]int l1
[r5-LoopBack1]isis enable 1
配置BGP:
[r3]bgp 1
[r3-bgp]peer 4.4.4.4 as-number 1
[r3-bgp]peer 4.4.4.4 connect-interface LoopBack 1
[r3-bgp]ipv4-family vpnv4
[r3-bgp-af-vpnv4]peer 4.4.4.4 enable
[r3-bgp]ipv4-family vpn-instance vpn1
[r3-bgp-vpn1]import-route isis 1
[r4]bgp 1
[r4-bgp]peer 3.3.3.3 as-number 1
[r4-bgp]peer 3.3.3.3 connect-interface LoopBack 1
[r4-bgp]ipv4-family vpnv4
[r4-bgp-af-vpnv4]peer 3.3.3.3 enable
[r4-bgp]ipv4-family vpn-instance vpn1
[r4-bgp-vpn1]import-route isis 1
配置ISIS协议路由引入:
[r3]isis 1
[r3-isis-1]import-route bgp
[r4]isis 1
[r4-isis-1]import-route bgp
查看配置结果:
[r1]tracert 5.5.5.5
traceroute to 5.5.5.5(5.5.5.5), max hops: 30 ,packet length: 40,press CTRL_C to break
1 100.1.1.2 20 ms 20 ms 20 ms
2 45.1.1.1 40 ms 30 ms 20 ms
3 45.1.1.2 40 ms 30 ms 30 ms
[r1]display ip routing-table 5.5.5.5
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Table : Public
Summary Count : 1
Destination/Mask Proto Pre Cost Flags NextHop Interface
5.5.5.5/32 ISIS-L2 15 74 D 100.1.1.2 Tunnel0/0/0