<>一、介绍

传统的VPN一般是通过GRE、L2TP、PPTP、IPSec协议等隧道协议来实现私有网络间数据流在公网上的传送。而LSP本身就是公网上的隧道,所以用MPLS来实现VPN有天然的优势。
基于MPLS的VPN就是通过LSP将私有网络的不同分支联结起来,形成一个统一的网络。基于MPLS的VPN还支持对不同VPN间的互通控制。
CE:是用户边缘设备,可以是路由器,也可以是交换机或主机。
PE:是服务商边缘路由器,位于骨干网络。

在骨干网络中,还存在Provider,是服务提供商网络中的骨干路由器,不与CE直接相连。P设备只需要具备基本MPLS转发能力,可以将其配置为M-BGP的路由反射器,不维护VPN信息。

基于MPLS的VPN具有以下特点:

1、PE负责对VPN用户进行管理、建立各PE间LSP连接、同一VPN用户各分支间路由分派。
2、PE间的路由分派通常是用LDP或扩展的BGP协议实现。 3、支持不同分支间IP地址复用和不同VPN间互通。
4、减化了寻路步骤,提高了设备性能,加快了报文转发。

<>二、仿真软件

eNSP

<>三、仿真要求

1、AR1 与 AR5在同一 MPLS、VPN,能互通
2、AR6 与 AR7在同一 MPLS、VPN,能互通
3、AR2、 AR3、AR4形成环路,AR7可以访问这个环路

<>四、拓扑图

<>五、实验配置

(一)规划

AR2/3/4的环回均为x.x.x.x
AR1/5环回分别为192.168.1.1/192.168.4.1
AR6/7环回分别为192.168.1.2/192.168.4.2
AR7的公网分配地址为47.1.1.2

(二)配置思路

1、搭建实验,配置公网地址
3、在AR2/3/4上配置MPLS
4、在AR2/4上配置bgp
5、运用静态路由 AR2/4上重发布
6、AR2/6上开启RIP,AR4/7上开启OSPF
7、AR2/4上再进行重发布

(三)配置
AR1:
# interface GigabitEthernet0/0/0 ip address 192.168.2.1 255.255.255.0 #
interface LoopBack0 ip address192.168.1.1 255.255.255.0 # ip route-static
192.168.3.0 255.255.255.0 192.168.2.2 ip route-static 192.168.4.0 255.255.255.0
192.168.2.2
AR2:
# ip vpn-instance a ipv4-family route-distinguisher 1:1 vpn-target 1:1 export-
extcommunity vpn-target 1:1 import-extcommunity # ip vpn-instance b ipv4-family
route-distinguisher 2:2 vpn-target 2:2 export-extcommunity vpn-target 2:2 import
-extcommunity # mpls lsr-id 2.2.2.2 mpls # mpls ldp # interface GigabitEthernet0
/0/0 ip address 23.1.1.1 255.255.255.0 mpls mpls ldp # interface
GigabitEthernet0/0/1 ip binding vpn-instance a ip address 192.168.2.2 255.255
.255.0 mpls # interface GigabitEthernet0/0/2 ip binding vpn-instance b ip
address192.168.2.2 255.255.255.0 mpls # interface LoopBack0 ip address 2.2.2.2
255.255.255.0 # bgp 1 peer 4.4.4.4 as-number 1 peer 4.4.4.4 connect-interface
LoopBack0# ipv4-family unicast undo synchronization peer 4.4.4.4 enable peer 4.4
.4.4 next-hop-local # ipv4-family vpnv4 policy vpn-target peer 4.4.4.4 enable #
ipv4-family vpn-instance a import-route direct import-route static # ipv4-
family vpn-instance b import-route rip 1 # ospf 1 router-id 2.2.2.2 area 0.0.0.0
network2.2.2.2 0.0.0.0 network 23.1.0.0 0.0.255.255 # rip 1 vpn-instance b
undo summary version2 network 192.168.2.0 import-route bgp # ip route-static vpn
-instance a 192.168.1.0 255.255.255.0 192.168.2.1 # route recursive-lookup
tunnel
AR3:
# mpls lsr-id 3.3.3.3 mpls # mpls ldp # interface GigabitEthernet0/0/0 ip
address34.1.1.1 255.255.255.0 mpls mpls ldp # interface GigabitEthernet0/0/1 ip
address23.1.1.2 255.255.255.0 mpls mpls ldp # interface LoopBack0 ip address 3.3
.3.3 255.255.255.0 # ospf 1 router-id 3.3.3.3 area 0.0.0.0 network 3.3.3.3 0.0.0
.0 network 23.1.0.0 0.0.255.255 network 34.1.0.0 0.0.255.255 # route recursive-
lookup tunnel
AR4:
# ip vpn-instance a ipv4-family route-distinguisher 1:1 vpn-target 1:1 export-
extcommunity vpn-target 1:1 import-extcommunity # ip vpn-instance b ipv4-family
route-distinguisher 2:2 vpn-target 2:2 export-extcommunity vpn-target 2:2 import
-extcommunity # mpls lsr-id 4.4.4.4 mpls lsp-trigger all # mpls ldp # acl number
2000 rule 5 permit source 47.1.1.0 0.0.0.255 # firewall zone Local priority 15 #
interface GigabitEthernet0/0/0 ip binding vpn-instance a ip address 192.168.3.2
255.255.255.0 # interface GigabitEthernet0/0/1 ip address 34.1.1.2 255.255.255.0
mpls mpls ldp nat outbound2000 # interface GigabitEthernet0/0/2 ip binding vpn-
instance b ip address192.168.3.2 255.255.255.0 mpls # interface GigabitEthernet4
/0/0 ip address 47.1.1.1 255.255.255.0 # interface LoopBack0 ip address 4.4.4.4
255.255.255.0 # bgp 1 peer 2.2.2.2 as-number 1 peer 2.2.2.2 connect-interface
LoopBack0# ipv4-family unicast undo synchronization peer 2.2.2.2 enable peer 2.2
.2.2 next-hop-local # ipv4-family vpnv4 policy vpn-target peer 2.2.2.2 enable #
ipv4-family vpn-instance a import-route direct import-route static # ipv4-
family vpn-instance b import-route ospf 2 # ospf 1 router-id 4.4.4.4 area 0.0.0
.0 network 4.4.4.4 0.0.0.0 network 34.1.0.0 0.0.255.255 # ospf 2 vpn-instance b
import-route bgp area 0.0.0.0 network 192.168.3.0 0.0.0.255 # ip route-static
vpn-instance a 192.168.4.0 255.255.255.0 192.168.3.1 # route recursive-lookup
tunnel
AR5:
# interface GigabitEthernet0/0/1 ip address 192.168.3.1 255.255.255.0 #
interface LoopBack0 ip address192.168.4.1 255.255.255.0 # ip route-static
192.168.1.0 255.255.255.0 192.168.3.2 ip route-static 192.168.2.0 255.255.255.0
192.168.3.2
AR6:
# interface GigabitEthernet0/0/1 ip address 192.168.2.1 255.255.255.0 #
interface LoopBack0 ip address192.168.1.1 255.255.255.0 # rip 1 undo summary
version2 network 192.168.1.0 network 192.168.2.0
AR7:
# interface GigabitEthernet0/0/0 ip address 192.168.3.1 255.255.255.0 #
interface GigabitEthernet0/0/1 ip address 47.1.1.2 255.255.255.0 # interface
LoopBack0 ip address192.168.4.2 255.255.255.0 # ospf 1 area 0.0.0.0 network
192.168.3.0 0.0.0.255 network 192.168.4.0 0.0.0.255 # ip route-static 0.0.0.0
0.0.0.0 47.1.1.1
至此配置完成!

<>六、实验结果验证

AR1 能ping通AR5,不能ping通AR7。

AR6能ping通AR7,不能ping通AR5。

AR7能ping通环AR2/3/4环回。

技术
下载桌面版
GitHub
Gitee
SourceForge
百度网盘(提取码:draw)
云服务器优惠
华为云优惠券
腾讯云优惠券
阿里云优惠券
Vultr优惠券
站点信息
问题反馈
邮箱:[email protected]
吐槽一下
QQ群:766591547
关注微信