华为MPLS VPN Option-C方案二(无RR环境)

拓扑如下:

说明:大体上跟Option-C方案一很相似,但是只会传递两层标签。配置如下

配置如下:只放PE和ASBR配置,其他设备配置过去简单

PE1:

#
 sysname AR2-PE1
#
ip vpn-instance PE1
 ipv4-family
  route-distinguisher 2:2
  vpn-target 100:100 export-extcommunity
  vpn-target 100:100 import-extcommunity
#
mpls lsr-id 2.2.2.2
mpls
#
mpls ldp
#
#
interface GigabitEthernet0/0/0
 ip binding vpn-instance PE1
 ip address 10.0.12.2 255.255.255.0 
#
interface GigabitEthernet0/0/1
 ip address 10.0.23.2 255.255.255.0 
 mpls
 mpls ldp
#
interface LoopBack0
 ip address 2.2.2.2 255.255.255.255 
#
bgp 100
 peer 7.7.7.7 as-number 200 
 peer 7.7.7.7 ebgp-max-hop 10 
 peer 7.7.7.7 connect-interface LoopBack0
 #
 ipv4-family unicast
  undo synchronization
  peer 7.7.7.7 enable
 # 
 ipv4-family vpnv4
  policy vpn-target
  peer 7.7.7.7 enable
 #
 ipv4-family vpn-instance PE1 
  import-route static
#
ospf 1 router-id 2.2.2.2 
 area 0.0.0.0 
  network 2.2.2.2 0.0.0.0 
  network 10.0.23.2 0.0.0.0 
#
ip route-static vpn-instance PE1 1.1.1.1 255.255.255.255 10.0.12.1
#

ARBR1:

#
 sysname AR4-ASBR1
#
mpls lsr-id 4.4.4.4
mpls
 lsp-trigger bgp-label-route
#
mpls ldp
#
#
acl number 2000  
 rule 5 permit source 7.7.7.7 0 
#
interface GigabitEthernet0/0/0
 ip address 10.0.34.4 255.255.255.0 
 mpls
 mpls ldp
#
interface GigabitEthernet0/0/1
 ip address 10.0.45.4 255.255.255.0 
 mpls
#
interface LoopBack0
 ip address 4.4.4.4 255.255.255.255 
#
bgp 100
 peer 10.0.45.5 as-number 200 
 #
 ipv4-family unicast
  undo synchronization
  network 2.2.2.2 255.255.255.255 
  peer 10.0.45.5 enable
  peer 10.0.45.5 route-policy 1 export
  peer 10.0.45.5 label-route-capability
#
ospf 1 router-id 4.4.4.4 
 import-route bgp route-policy PE
 area 0.0.0.0 
  network 4.4.4.4 0.0.0.0 
  network 10.0.34.4 0.0.0.0 
#
route-policy PE permit node 10 
 if-match acl 2000 
#
route-policy PE permit node 20 
#
route-policy 1 permit node 10 
 apply mpls-label
#

PE2:

#
 sysname AR7-PE2
#
ip vpn-instance PE2
 ipv4-family
  route-distinguisher 7:7
  vpn-target 100:100 export-extcommunity
  vpn-target 100:100 import-extcommunity
#
mpls lsr-id 7.7.7.7
mpls                                      
#
mpls ldp
#
interface GigabitEthernet0/0/0
 ip address 10.0.67.7 255.255.255.0 
 mpls
 mpls ldp
#
interface GigabitEthernet0/0/1
 ip binding vpn-instance PE2
 ip address 10.0.78.7 255.255.255.0       
#
interface LoopBack0
 ip address 7.7.7.7 255.255.255.255 
#
bgp 200
 peer 2.2.2.2 as-number 100 
 peer 2.2.2.2 ebgp-max-hop 10 
 peer 2.2.2.2 connect-interface LoopBack0
 #
 ipv4-family unicast
  undo synchronization
  peer 2.2.2.2 enable
 # 
 ipv4-family vpnv4
  policy vpn-target
  peer 2.2.2.2 enable
 #
 ipv4-family vpn-instance PE2 
  import-route static
#                                         
ospf 1 router-id 7.7.7.7 
 area 0.0.0.0 
  network 7.7.7.7 0.0.0.0 
  network 10.0.67.7 0.0.0.0 
#
ip route-static vpn-instance PE2 8.8.8.8 255.255.255.255 10.0.78.8
#

ASBR2:

#
 sysname AR5-ASBR2
#
mpls lsr-id 5.5.5.5
mpls
 lsp-trigger bgp-label-route
#
mpls ldp
#
#
acl number 2000                           
 rule 5 permit source 2.2.2.2 0 
#
aaa 
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default 
 domain default_admin 
 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
 local-user admin service-type http
#
firewall zone Local
 priority 15
#
interface GigabitEthernet0/0/0
 ip address 10.0.45.5 255.255.255.0 
 mpls
#
interface GigabitEthernet0/0/1
 ip address 10.0.56.5 255.255.255.0 
 mpls
 mpls ldp
#
interface LoopBack0
 ip address 5.5.5.5 255.255.255.255 
#
bgp 200
 peer 10.0.45.4 as-number 100 
 #
 ipv4-family unicast
  undo synchronization
  network 7.7.7.7 255.255.255.255 
  peer 10.0.45.4 enable
  peer 10.0.45.4 route-policy 1 export
  peer 10.0.45.4 label-route-capability
#
ospf 1 router-id 5.5.5.5 
 import-route bgp route-policy PE
 area 0.0.0.0 
  network 5.5.5.5 0.0.0.0 
  network 10.0.56.5 0.0.0.0 
#
route-policy 1 permit node 10 
 apply mpls-label                         
#
route-policy PE permit node 10 
 if-match acl 2000 
#
route-policy PE permit node 20 
#

华为MPLS VPN Option-C方案二(无RR环境)》有3个想法

发表评论

您的电子邮箱地址不会被公开。

此站点使用Akismet来减少垃圾评论。了解我们如何处理您的评论数据