华为设备配置虚拟专用网FRR
- 配置IP地址 [PE1-LoopBack1]ip add 1.1.1.1 32 [PE1-GigabitEthernet0/0/0]ip add 20.1.1.1 24 [PE1-GigabitEthernet0/0/1]ip add 30.1.1.1 24 [PE2-LoopBack1]ip add 2.2.2.2 32 [PE2-GigabitEthernet0/0/0]ip add 20.1.1.2 24 [PE2-GigabitEthernet0/0/1]ip add 10.1.1.2 24 [PE3-LoopBack1]ip add 3.3.3.3 32 [PE3-GigabitEthernet0/0/0]ip add 30.1.1.3 24 [PE3-GigabitEthernet0/0/1]ip add 10.2.1.3 24 [CE1-GigabitEthernet0/0/0]ip add 10.1.1.4 24 [CE1-GigabitEthernet0/0/1]ip add 10.2.1.4 24 [CE1-GigabitEthernet0/0/2]ip add 10.3.1.4 24
- 在MPLS骨干网上配置OSPF协议,实现骨干网PE互通 [PE1]ospf 1 [PE1-ospf-1]area 0 [PE1-ospf-1-area-0.0.0.0]network 1.1.1.1 0.0.0.0 [PE1-ospf-1-area-0.0.0.0]network 20.1.1.0 0.0.0.255 [PE1-ospf-1-area-0.0.0.0]network 30.1.1.0 0.0.0.255 [PE2]ospf 1 [PE2-ospf-1]area 0 [PE2-ospf-1-area-0.0.0.0]network 2.2.2.2 0.0.0.0 [PE2-ospf-1-area-0.0.0.0]network 20.1.1.0 0.0.0.255 [PE3]ospf 1 [PE3-ospf-1]area 0 [PE3-ospf-1-area-0.0.0.0]network 3.3.3.3 0.0.0.0 [PE3-ospf-1-area-0.0.0.0]network 30.1.1.0 0.0.0.255
- 在MPLS骨干网上配置MPLS基本能力和MPLS LDP,建立LDP LSP [PE1]mpls lsr-id 1.1.1.1 [PE1]mpls [PE1]mpls ldp [PE1-GigabitEthernet0/0/0]mpls [PE1-GigabitEthernet0/0/0]mpls ldp [PE1-GigabitEthernet0/0/1]mpls [PE1-GigabitEthernet0/0/1]mpls ldp [PE2]mpls lsr-id 2.2.2.2 [PE2]mpls [PE2]mpls ldp [PE2-GigabitEthernet0/0/0]mpls [PE2-GigabitEthernet0/0/0]mpls ldp [PE3]mpls lsr-id 3.3.3.3 [PE3]mpls [PE3]mpls ldp [PE3-GigabitEthernet0/0/0]mpls [PE3-GigabitEthernet0/0/0]mpls ldp
- 在PE设备上配置VPN实例,将CE接入PE [PE1]ip vpn-instance vpn1 [PE1-vpn-instance-vpn1]ipv4-family [PE1-vpn-instance-vpn1-af-ipv4]route-distinguisher 100:1 [PE1-vpn-instance-vpn1-af-ipv4]vpn-target 1:1 [PE2]ip vpn-instance vpn1 [PE2-vpn-instance-vpn1]ipv4-family [PE2-vpn-instance-vpn1-af-ipv4]route-distinguisher 100:2 [PE2-vpn-instance-vpn1-af-ipv4]vpn-target 1:1 [PE2-GigabitEthernet0/0/1]ip binding vpn-instance vpn1 [PE2-GigabitEthernet0/0/1]ip add 10.1.1.2 24 [PE3]ip vpn-instance vpn1 [PE3-vpn-instance-vpn1]ipv4-family [PE3-vpn-instance-vpn1]route-distinguisher 100:3 [PE3-vpn-instance-vpn1]vpn-target 1:1 [PE3-GigabitEthernet0/0/1]ip binding vpn-instance vpn1 [PE3-GigabitEthernet0/0/1]ip add 10.2.1.3 24
- 在PE1上引入直连VPN路由;在PE2与CE1,及PE3与CE1之间建立EBGP对等体,引入VPN路由 [PE1]bgp 100 [PE1-bgp]ipv4-family vpn-instance vpn1 [PE1-bgp-vpn1]import-route direct [PE2]bgp 100 [PE2-bgp]ipv4-family vpn-instance vpn1 [PE2-bgp-vpn1]peer 10.1.1.4 as-number 65410 [PE2-bgp-vpn1]import-route direct [PE3]bgp 100 [PE3-bgp]ipv4-family vpn-instance vpn1 [PE3-bgp-vpn1]peer 10.2.1.4 as-number 65410 [PE3-bgp-vpn1]import-route direct [CE1]bgp 65410 [CE1-bgp]peer 10.1.1.2 as-number 100 [CE1-bgp]peer 10.2.1.3 as-number 100 [CE1-bgp]import-route direct [CE1-bgp]network 10.3.1.0 24
- 在PE之间建立MP-IBGP对等体 [PE1]bgp 100 [PE1-bgp]peer 2.2.2.2 as-number 100 [PE1-bgp]peer 2.2.2.2 connect-interface LoopBack 1 [PE1-bgp]peer 3.3.3.3 as-number 100 [PE1-bgp]peer 3.3.3.3 connect-interface LoopBack 1 [PE1-bgp]ipv4-family vpnv4 [PE1-bgp-af-vpnv4]peer 2.2.2.2 enable [PE1-bgp-af-vpnv4]peer 3.3.3.3 enable [PE2]bgp 100 [PE2-bgp]peer 1.1.1.1 as-number 100 [PE2-bgp]peer 1.1.1.1 connect-interface LoopBack 1 [PE2-bgp]ipv4-family vpnv4 [PE2-bgp-af-vpnv4]peer 1.1.1.1 enable [PE3]bgp 100 [PE3-bgp]peer 1.1.1.1 as-number 100 [PE3-bgp]peer 1.1.1.1 connect-interface LoopBack 1 [PE3-bgp]ipv4-family vpnv4 [PE3-bgp-af-vpnv4]peer 1.1.1.1 enable
- 配置VPN FRR路由策略: 在PE1上配置备份下一跳,使PE3为PE2的备份,PE2出现故障时可以快速切换到PE3上 [PE1]ip ip-prefix v1 permit 2.2.2.2 32 [PE1]route-policy v1 permit node 10 [PE1-route-policy]if-match ip next-hop ip-prefix v1 [PE1-route-policy]apply backup-nexthop 3.3.3.3
- 使能VPN FRR [PE1]ip vpn-instance vpn1 [PE1-vpn-instance-vpn1]vpn frr route-policy v1
上一篇:
Java架构师技术进阶路线图