思科MPLS VPN异地组网实现内网互联互通
思科MPLS VPN异地组网实现内网互联互通
用户5921339
发布于 2025-05-20 17:54:50
发布于 2025-05-20 17:54:50
MPLS VPN(Multiprotocol Label Switching Virtual Private Network)是一种基于MPLS技术构建的虚拟专用网络,专为企业提供高效、安全、可扩展的跨地域通信服务
一、实验网络拓扑图
说明:
- 运营商设备PE1、P、PE2通过isis(IGP)路由协议建立邻居关系,同时组成MPLS域;
- CE和SW之间通过ospf建立邻居关系;
- PE和CE通过直连口建立eBGP邻居,并将ospf和bgp路由相互进行重分布;
- PE1和PE2启用MP-BGP,实现CE1、SW1和CE2、SW2之间的网络能够互访。
二、实验目的:通过MPLS VPN实现Site-A到Site-B网络互通
三、设备配置
PE1配置:
ip vrf VPN
rd 65000:65000
route-target export 65000:65000
route-target import 65000:65000
!
ip cef
mpls label range 100 199
mpls label protocol ldp
interface Loopback0
ip address 1.1.1.1 255.255.255.255
isis circuit-type level-2-only
!
interface Ethernet0/0
ip vrf forwarding VPN
ip address 10.1.14.1 255.255.255.0
!
interface Ethernet0/1
ip address 12.1.1.1 255.255.255.0
ip router isis
mpls ip
isis network point-to-point
!
router isis
net 49.0001.1111.1111.1111.00
is-type level-2-only
metric-style wide
passive-interface Loopback0
!
router bgp 5000
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 3.3.3.3 remote-as 5000
neighbor 3.3.3.3 update-source Loopback0
!
address-family ipv4
exit-address-family
!
address-family vpnv4
neighbor 3.3.3.3 activate
neighbor 3.3.3.3 send-community extended
exit-address-family
!
address-family ipv4 vrf VPN
neighbor 10.1.14.4 remote-as 65000
neighbor 10.1.14.4 activate
neighbor 10.1.14.4 as-override
exit-address-family
!
mpls ldp router-id Loopback0 force
P配置:
ip cef
mpls label range 200 299
mpls label protocol ldp
interface Loopback0
ip address 2.2.2.2 255.255.255.255
isis circuit-type level-2-only
!
interface Ethernet0/1
ip address 12.1.1.2 255.255.255.0
ip router isis
mpls ip
isis network point-to-point
!
interface Ethernet0/2
ip address 23.1.1.2 255.255.255.0
ip router isis
mpls ip
isis network point-to-point
!
router isis
net 49.0001.2222.2222.2222.00
is-type level-2-only
metric-style wide
passive-interface Loopback0
!
mpls ldp router-id Loopback0 force
PE2配置:
ip vrf VPN
rd 65000:65000
route-target export 65000:65000
route-target import 65000:65000
!
ip cef
mpls label range 300 399
mpls label protocol ldp
!
interface Loopback0
ip address 3.3.3.3 255.255.255.255
isis circuit-type level-2-only
!
interface Ethernet0/0
ip vrf forwarding VPN
ip address 10.1.35.3 255.255.255.0
!
interface Ethernet0/1
ip address 23.1.1.3 255.255.255.0
ip router isis
mpls ip
isis network point-to-point
!
router isis
net 49.0001.3333.3333.3333.00
is-type level-2-only
metric-style wide
passive-interface Loopback0
!
router bgp 5000
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 1.1.1.1 remote-as 5000
neighbor 1.1.1.1 update-source Loopback0
!
address-family ipv4
exit-address-family
!
address-family vpnv4
neighbor 1.1.1.1 activate
neighbor 1.1.1.1 send-community extended
exit-address-family
!
address-family ipv4 vrf VPN
neighbor 10.1.35.5 remote-as 65000
neighbor 10.1.35.5 activate
neighbor 10.1.35.5 as-override
exit-address-family
!
mpls ldp router-id Loopback0 force
!
CE1配置:
interface Loopback0
ip address 4.4.4.4 255.255.255.255
!
interface Ethernet0/0
ip address 10.1.14.4 255.255.255.0
!
interface Ethernet0/1
ip address 10.1.46.4 255.255.255.0
!
router ospf 100
router-id 4.4.4.4
redistribute bgp 65000 subnets
network 4.4.4.4 0.0.0.0 area 0
network 10.1.46.0 0.0.0.255 area 0
!
router bgp 65000
bgp router-id 10.1.14.4
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 10.1.14.1 remote-as 5000
!
address-family ipv4
redistribute ospf 100 match internal external 1 external 2
neighbor 10.1.14.1 activate
exit-address-family
!
CE2配置:
interface Loopback0
ip address 5.5.5.5 255.255.255.255
!
interface Ethernet0/0
ip address 10.1.35.5 255.255.255.0
!
interface Ethernet0/1
ip address 10.1.57.5 255.255.255.0
!
router ospf 100
router-id 5.5.5.5
redistribute bgp 65000 subnets
network 5.5.5.5 0.0.0.0 area 0
network 10.1.57.0 0.0.0.255 area 0
!
router bgp 65000
bgp router-id 10.1.35.5
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 10.1.35.3 remote-as 5000
!
address-family ipv4
redistribute ospf 100 match internal external 1 external 2
neighbor 10.1.35.3 activate
exit-address-family
!
SW1配置:
interface Loopback0
ip address 6.6.6.6 255.255.255.255
!
interface Ethernet0/0
no switchport
ip address 10.1.46.6 255.255.255.0
!
interface Vlan1
ip address 172.16.0.100 255.255.0.0
!
router ospf 100
router-id 6.6.6.6
network 6.6.6.6 0.0.0.0 area 0
network 10.1.46.0 0.0.0.255 area 0
network 172.16.0.0 0.0.255.255 area 0
!
SW2配置:
interface Loopback0
ip address 7.7.7.7 255.255.255.255
!
interface Ethernet0/0
no switchport
ip address 10.1.57.7 255.255.255.0
!
interface Vlan1
ip address 192.168.0.100 255.255.255.0
!
router ospf 100
router-id 7.7.7.7
network 7.7.7.7 0.0.0.0 area 0
network 10.1.57.0 0.0.0.255 area 0
network 192.168.0.0 0.0.0.255 area 0
!
四、验证结果:
在SW1上trace到SW2的路由,并查看本地所有路由条目:
SW1#traceroute 192.168.0.100
Type escape sequence to abort.
Tracing the route to 192.168.0.100
VRF info: (vrf in name/id, vrf out name/id)
1 10.1.46.4 1 msec 1 msec 0 msec
2 10.1.14.1 1 msec 0 msec 1 msec
3 12.1.1.2 [MPLS: Labels 200/308 Exp 0] 1 msec 1 msec 1 msec
4 10.1.35.3 [MPLS: Label 308 Exp 0] 1 msec 1 msec 0 msec
5 10.1.35.5 1 msec 1 msec 1 msec
6 10.1.57.7 1 msec 1 msec 1 msec
在SW2上trace到SW1的路由,并查看本地所有路由条目:
SW2#traceroute 172.16.0.100
Type escape sequence to abort.
Tracing the route to 172.16.0.100
VRF info: (vrf in name/id, vrf out name/id)
1 10.1.57.5 1 msec 0 msec 0 msec
2 10.1.35.3 1 msec 0 msec 1 msec
3 23.1.1.2 [MPLS: Labels 201/108 Exp 0] 1 msec 1 msec 1 msec
4 10.1.14.1 [MPLS: Label 108 Exp 0] 1 msec 1 msec 0 msec
5 10.1.14.4 1 msec 1 msec 1 msec
6 10.1.46.6 1 msec 1 msec 1 msec
本文参与 腾讯云自媒体同步曝光计划,分享自微信公众号。
原始发表:2025-05-12,如有侵权请联系 cloudcommunity@tencent.com 删除
评论
登录后参与评论
推荐阅读
腾讯云开发者
