二 、知识点
MPLS VPN网络一般由运营商搭建,用于向不同的客户提供VPN服务,使得用户的路由和数据能够通过该网络进行传递,且不同的用户之间的路由和数据完全隔离,互不影响。MPLS VPN控制层面:通过VRF和RD隔离不同用户的私网路由信息并构建唯一的VPNv4路由通过RT值控制VPNv4路由的发布和接收通过MP-BGP传递VPNv4路由前缀、标签以及RT等信息通过MPLS LDP构建公网标签转发路径MPLS转发层面:通过内外两层标签进行数据转发,内层标签区分私网数据,外层标签穿通公网网络。
1,MPLS VPN 配置
拓扑:
需求:
客户X及Y各自有2个站点,现需要通过MPLS VPN实现站点之间的互联,分别对应VPNX和VPNY;
互联接口、AS号及IP地址信息如图;
客户X站点与PE之间采用OSPF交互路由信息,客户Y站点与PE之间采用BGP交互路由信息。
配置思路:
MPLS VPN骨干网配置
1.1 IGP配置,实现骨干网的IP连通性。
1.2 MPLS与MPLS LDP配置,建立MPLS LSP公网隧道,传输VPN数据。
1.3 MP-BGP配置,建立后续传递VPNv4路由的MP-BGP对等体关系。
VPN用户接入配置
2.1 创建VPN实例并配置参数(RT、RD)
2.2 将接口加入VPN实例
2.3 配置PE与CE之间的路由交换
配置命令:
1,配置基本IP地址信息
**2,配置OSPF **
[PE1]ospf 1 router-id 10.10.1.1
[PE1-ospf-1]area 0
[PE1-ospf-1-area-0.0.0.0]net
[PE1-ospf-1-area-0.0.0.0]network 10.10.1.1 0.0.0.0
[PE1-ospf-1-area-0.0.0.0]net
[PE1-ospf-1-area-0.0.0.0]network 10.1.12.0 0.0.0.255
[PE1-ospf-1-area-0.0.0.0]q
[PE1-ospf-1]dis th
[P]ospf 1 router-id 10.10.2.2
[P-ospf-1]area 0
[P-ospf-1-area-0.0.0.0]net
[P-ospf-1-area-0.0.0.0]network 10.10.2.2 0.0.0.0
[P-ospf-1-area-0.0.0.0]net
[P-ospf-1-area-0.0.0.0]network 10.1.12.0 0.0.0.255
[P-ospf-1-area-0.0.0.0]net
[P-ospf-1-area-0.0.0.0]network 10.1.23.0 0.0.0.255
[PE2]ospf 1 router-id 10.10.3.3
[PE2-ospf-1]area 0
[PE2-ospf-1-area-0.0.0.0]net
[PE2-ospf-1-area-0.0.0.0]network 10.10.3.3 0.0.0.0
[PE2-ospf-1-area-0.0.0.0]net
[PE2-ospf-1-area-0.0.0.0]network 10.1.23.0 0.0.0.255
配置MPLS 、MPLS LDP
[PE1]mpls lsr-id 10.10.1.1
[PE1]mpls
[PE1]mpls ldp
[PE1]int g0/0/2
[PE1-GigabitEthernet0/0/2]mpls
[PE1-GigabitEthernet0/0/2]mpls ldp
[PE1-GigabitEthernet0/0/2]q
[PE1]route recursive-lookup tunnel
[P]mpls lsr-id 10.10.2.2
[P]mpls
[P]mpls ldp
[P]int g0/0/0
[P-GigabitEthernet0/0/0]mpls
[P-GigabitEthernet0/0/0]mpls ldp
[P-GigabitEthernet0/0/0]q
[P]int g0/0/1
[P-GigabitEthernet0/0/1]mpls
[P-GigabitEthernet0/0/1]mpls ldp
[PE2]mpls lsr-id 10.10.3.3
[PE2]mpls
[PE2]mpls ldp
[PE2]int g0/0/2
[PE2-GigabitEthernet0/0/2]mp
[PE2-GigabitEthernet0/0/2]mpls
[PE2-GigabitEthernet0/0/2]mp
[PE2-GigabitEthernet0/0/2]mpls dl
[PE2-GigabitEthernet0/0/2]mpls ld
[PE2-GigabitEthernet0/0/2]mpls ldp
[PE2-GigabitEthernet0/0/2]q
[PE2]ro
[PE2]route re
[PE2]route recursive-lookup tu
[PE2]route recursive-lookup tunnel
[P]dis mpls ldp peer
配置MP-BGP
[PE1]bgp 123
[PE1-bgp]router-id 1.1.1.1
[PE1-bgp]peer 10.10.3.3 as-number 123
[PE1-bgp]peer 10.10.3.3 connect-interface LoopBack 0
[PE1-bgp]undo default ipv4-unicast
[PE1-bgp]ipv4-family vpnv4 unicast
[PE1-bgp-af-vpnv4]peer 10.10.3.3 enable
[PE1-bgp-af-vpnv4]peer 10.10.3.3 next-hop-local
[PE2]bgp 123
[PE2-bgp]router-id 3.3.3.3
[PE2-bgp]peer 10.10.1.1 as-number 123 //全局视图下建立对等体
[PE2-bgp]peer 10.10.1.1 connect-interface LoopBack 0 //指定与对端逻辑接口建立邻居关系的本地更新源为 本地的逻辑接口
[PE2-bgp]undo default ipv4-unicast //关闭默认的 IPV4协议视图
[PE2-bgp]ipv4-family vpnv4 unicast //进入到VPNV4 协议视图
[PE2-bgp-af-vpnv4]peer 10.10.1.1 enable //开启VPNV4 邻居关系功能
[PE2-bgp-af-vpnv4]peer 10.10.1.1 next-hop-local
[PE2]dis bgp vpnv4 all peer //查看MP-BGP 邻居关系
**配置 VPN实例: 每个站点的私有路由表 **
配置PE1 的 客户X 的 vpnx 表 —VRF
[PE1]ip vpn-instance vpnx
[PE1-vpn-instance-vpnx]route-distinguisher 100:1
[PE1-vpn-instance-vpnx-af-ipv4]q
[PE1-vpn-instance-vpnx]vpn-target 100:13 import-extcommunity
[PE1-vpn-instance-vpnx]vpn-target 100:31 export-extcommunity
[PE1-vpn-instance-vpnx]qu
[PE1]dis ip routing-table vpn-instance vpnx
配置PE1 的 客户Y 的 vpny 表 —VRF
[PE1]ip vpn-instance vpny
[PE1-vpn-instance-vpny]route-distinguisher 200:1
[PE1-vpn-instance-vpny-af-ipv4]q
[PE1-vpn-instance-vpny]vpn-target 200:24 import-extcommunity
[PE1-vpn-instance-vpny]vpn-target 200:42 export-extcommunity
[PE1-vpn-instance-vpny]q
将 vpnx 与客户X 相连的接口进行关联绑定
[PE1]int g0/0/0
[PE1-GigabitEthernet0/0/0]ip binding vpn-instance vpnx
[PE1-GigabitEthernet0/0/0]ip add 192.168.100.1 24
[PE1-GigabitEthernet0/0/0]q
将 vpny 与客户y 相连的接口进行关联绑定
[PE1]int g0/0/1
[PE1-GigabitEthernet0/0/1]ip binding vpn-instance vpny
[PE1-GigabitEthernet0/0/1]ip add 192.168.100.1 24
配置 CE1 与 PE1 路由互通 —OSPF
[PE1]ospf 2 vpn-instance vpnx
[PE1-ospf-2]area 0
[PE1-ospf-2-area-0.0.0.0]network 192.168.100.0 0.0.0.255
[PE1-ospf-2-area-0.0.0.0]q
[CE1]ospf 2 router-id 1.1.1.1
[CE1-ospf-2]area 0
[CE1-ospf-2-area-0.0.0.0]network 192.168.1.1 0.0.0.0
[CE1-ospf-2-area-0.0.0.0]network 192.168.100.0 0.0.0.255
[CE1-ospf-2-area-0.0.0.0]q
[PE1]ospf 2 vpn-instance vpnx //将 BGP 路由引入到 VPNX 中
[PE1-ospf-2]import-route bgp
[PE1-ospf-2]q
[PE1]bgp 123
[PE1-bgp]ipv4-family vpn-instance vpnx //向BBG注入的是 VPNX的路由表的路由 ,而不是公网的IP路由表的路由
[PE1-bgp-vpnx]import-route ospf 2
[PE1]dis bgp vpnv4 al routing-table //查看Mp-BGP路由表注入的路由信息
配置PE2 的 客户X 的 vpnx 表 —VRF
[PE2]ip vpn-instance vpnx
[PE2-vpn-instance-vpnx]route-distinguisher 100:1
[PE2-vpn-instance-vpnx-af-ipv4]q
[PE2-vpn-instance-vpnx]vpn-target 100:13 export-extcommunity
[PE2-vpn-instance-vpnx]vpn-target 100:31 import-extcommunity
[PE2-vpn-instance-vpnx]q
[PE2]int g0/0/0
[PE2-GigabitEthernet0/0/0]ip binding vpn-instance vpnx
[PE2-GigabitEthernet0/0/0]ip add 192.168.200.1 24
配置PE2 的 客户y 的 vpny 表 —VRF
[PE2]ip vpn-instance vpny
[PE2-vpn-instance-vpny]route-distinguisher 200:1
[PE2-vpn-instance-vpny-af-ipv4]q
[PE2-vpn-instance-vpny]vpn-target 200:24 export-extcommunity
[PE2-vpn-instance-vpny]vpn-target 200:42 import-extcommunity
[PE2-vpn-instance-vpny]q
[PE2]int g0/0/1
[PE2-GigabitEthernet0/0/1]ip binding vpn-instance vpny
[PE2-GigabitEthernet0/0/1]ip add 192.168.200.1 24
配置 CE3 与 PE2 路由互通 —OSPF
[CE3]ospf 2 router-id 3.3.3.3
[CE3-ospf-2]area 0
[CE3-ospf-2-area-0.0.0.0]network 192.168.200.0 0.0.0.255
[CE3-ospf-2-area-0.0.0.0]network 192.168.2.1 0.0.0.0
[PE2]ospf 2 vpn-instance vpnx
[PE2-ospf-2]area 0
[PE2-ospf-2-area-0.0.0.0]network 192.168.200.0 0.0.0.255
[PE2]ospf 2 vpn-instance vpnx
[PE2-ospf-2]import-route bgp
[PE2-ospf-2]q
[PE2]bgp 123
[PE2-bgp]ipv4-family vpn-instance vpnx
[PE2-bgp-vpnx]import-route ospf 2
查询命令:
**[PE2]dis bgp vpnv4 vpn-instance vpnx routing-table **
BGP Local router ID is 3.3.3.3
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
VPN-Instance vpnx, Router ID 3.3.3.3:
Total Number of Routes: 4
Network NextHop MED LocPrf PrefVal Path/Ogn
*>i 192.168.1.1/32 10.10.1.1 2 100 0 ?
** > 192.168.2.1/32 0.0.0.0 2 0 ?*
*>i 192.168.100.0 10.10.1.1 0 100 0 ?
** > 192.168.200.0 0.0.0.0 0 0 ?*
**
[PE2]dis mpls lsp**
LSP Information: BGP LSP
-------------------------------------------------------------------------------
FEC In/Out Label In/Out IF Vrf Name
**192.168.2.1/32 1026/NULL -/- vpnx **
192.168.200.0/24 1027/NULL -/- vpnx
LSP Information: LDP LSP
-------------------------------------------------------------------------------
FEC In/Out Label In/Out IF Vrf Name
10.10.3.3/32 3/NULL -/-
10.10.1.1/32 NULL/1024 -/GE0/0/2
10.10.1.1/32 1024/1024 -/GE0/0/2
10.10.2.2/32 NULL/3 -/GE0/0/2
10.10.2.2/32 1025/3 -/GE0/0/2
[PE2]dis ip routing-table vpn-instance vpnx
Route Flags: R - relay, D - download to fib
Routing Tables: vpnx
Destinations : 7 Routes : 7
Destination/Mask Proto Pre Cost Flags NextHop Interface
192.168.1.1/32 IBGP 255 2 RD 10.10.1.1 GigabitEthernet0/0/2
192.168.2.1/32 OSPF 10 1 D 192.168.200.2 GigabitEthernet0/0/0
192.168.100.0/24 IBGP 255 0 RD 10.10.1.1 GigabitEthernet0/0/2
192.168.200.0/24 Direct 0 0 D 192.168.200.1 GigabitEthernet0/0/0
192.168.200.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0
192.168.200.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
[PE2]dis bgp vpnv4 vpn-instance vpnx routing-table 192.168.1.1 32
BGP local router ID : 3.3.3.3
Local AS number : 123
VPN-Instance vpnx, Router ID 3.3.3.3:
Paths: 1 available, 1 best, 1 select
BGP routing table entry information of 192.168.1.1/32:
Label information (Received/Applied): 1026/NULL
From: 10.10.1.1 (1.1.1.1)
Route Duration: 00h38m57s
Relay Tunnel Out-Interface: GigabitEthernet0/0/2
Relay token: 0x1
Original nexthop: 10.10.1.1
Qos information : 0x0
Ext-Community:RT <100 : 31>, OSPF DOMAIN ID <0.0.0.0 : 0>,
OSPF RT <0.0.0.0 : 1 : 0>, OSPF ROUTER ID <192.168.100.1 : 0>
AS-path Nil, origin incomplete, MED 2, localpref 100, pref-val 0, valid, intern
al, best, select, active, pre 255, IGP cost 2
Not advertised to any peer yet
配置CE2 与 PE1 路由互通 —BGP
[CE2]bgp 100
[CE2-bgp]router-id 2.2.2.2
[CE2-bgp]peer 192.168.100.1 as-number 123
[CE2-bgp]network 192.168.1.1 32
[PE1]bgp 123
[PE1-bgp]ipv4-family vpn-instance vpny
[PE1-bgp-vpny]peer 192.168.100.2 as-number 100
配置CE4 与 PE2 路由互通 —BGP
[PE2]bgp 123
[PE2-bgp]ipv4-family vpn-instance vpny
[PE2-bgp-vpny]peer 192.168.200.2 as-number 200
[CE4]bgp 200
[CE4-bgp]router-id 4.4.4.4
[CE4-bgp]peer 192.168.200.1 as-number 123
[CE4-bgp]network 192.168.2.1 32
[CE4]dis bgp routing-table
BGP Local router ID is 4.4.4.4
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
Total Number of Routes: 2
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 192.168.1.1/32 192.168.200.1 0 123 100i
*> 192.168.2.1/32 0.0.0.0 0 0 i
[CE4]ping -a 192.168.2.1 192.168.1.1
PING 192.168.1.1: 56 data bytes, press CTRL_C to break
Reply from 192.168.1.1: bytes=56 Sequence=1 ttl=252 time=210 ms
Reply from 192.168.1.1: bytes=56 Sequence=2 ttl=252 time=60 ms
Reply from 192.168.1.1: bytes=56 Sequence=3 ttl=252 time=50 ms
Reply from 192.168.1.1: bytes=56 Sequence=4 ttl=252 time=40 ms
Reply from 192.168.1.1: bytes=56 Sequence=5 ttl=252 time=40 ms更多资源------>黑凤梨 (zhangwujistudy) - Gitee.com
![【QT5-程序控制电源-[GPIB-USB-HS]-SCPI协议-上位机-基础样例【2】】](https://img-blog.csdnimg.cn/b8cbae930c5e4fa3aa611470c05809d8.png)
