当前位置：网站首页>Hcip (Huawei Senior Network Security Engineer) (Experiment 8) (MPLS basic experiment)

1、R1 and R5 It's the customer A Two sites CE equipment ,R6 and R7 It's the customer B Two sites CE equipment . equipment MPLS VPN The backbone network connects different sites of different customers .

2、R1 and R5 Use static routing to transfer private network routing ;R6 adopt RIP Pass private network route to PE equipment ;R7 adopt OSPF Pass private network route to PE equipment .

3、R1 And R2 Use static routing between private networks ;R4 And R5 Use static routing between private networks ;R2 And R6 Use between private networks RIP;R4 And R7 Use between private networks OSPF.

3、R7 Pull a separate network cable to ensure access to the public network ,R7 You can visit R2、R3、R4 Loopback .

Experimental thinking

1、 First, configure the backbone link IP Address and loopback interface , start-up IGP agreement OSPF And activation MPLS passageway .

2、 Configure... For the customer site IP Address and loopback interface , And divide different channels , Configure related routing protocols .

3、 The intermediate backbone link is started MP-BGP The protocol enables routing information to be transmitted .

4、 stay R7 Configure the default route on , bring R7 You can visit R2、R3、R4 Loopback .

Experimental steps and configuration

1、 Backbone links IP Address and loopback interface configuration

[r2]int g0/0/2
[r2-GigabitEthernet0/0/2]ip a 23.0.0.1 24
[r2-GigabitEthernet0/0/2]int lo0
[r2-LoopBack0]ip a 2.2.2.2 24

[r3]int g0/0/0
[r3-GigabitEthernet0/0/0]ip a 23.0.0.2 24
[r3-GigabitEthernet0/0/0]int g0/0/1
[r3-GigabitEthernet0/0/1]ip a 34.0.0.1 24
[r3-GigabitEthernet0/0/1]int lo0
[r3-LoopBack0]ip a 3.3.3.3 24

[r4]int g0/0/0
[r4-GigabitEthernet0/0/0]ip a 34.0.0.2 24
[r4-GigabitEthernet0/0/0]int g4/0/0
[r4-GigabitEthernet4/0/0]ip a 47.0.0.2 24
[r4-GigabitEthernet4/0/0]int lo0
[r4-LoopBack0]ip a 4.4.4.4 24

[r7]int g0/0/1
[r7-GigabitEthernet0/0/1]ip a 47.0.0.1 24

2、 start-up IGP agreement OSPF

[r2]ospf 1 router-id 2.2.2.2
[r2-ospf-1]a 0
[r2-ospf-1-area-0.0.0.0]network 23.0.0.0 0.0.0.255

R3
[r3]ospf 1 router-id 3.3.3.3
[r3-ospf-1]a 0
[r3-ospf-1-area-0.0.0.0]network 23.0.0.0 0.0.0.255
[r3-ospf-1-area-0.0.0.0]network 34.0.0.0 0.0.0.255
[r3-ospf-1-area-0.0.0.0]network 3.3.3.3 0.0.0.0

[r4]ospf 1 router-id 4.4.4.4
[r4-ospf-1]a 0
[r4-ospf-1-area-0.0.0.0]network 34.0.0.0 0.0.0.255
[r4-ospf-1-area-0.0.0.0]network 47.0.0.0 0.0.0.255
[r4-ospf-1-area-0.0.0.0]network 4.4.4.4 0.0.0.0

3、 start-up MPLS, build MPLS Domain

[r2]mpls lsr-id 2.2.2.2
[r2]mpls
Info: Mpls starting, please wait... OK!
[r2]mpls ldp
[r2]int g0/0/2
[r2-GigabitEthernet0/0/2]mpls
[r2-GigabitEthernet0/0/2]mpls ldp

[r3]mpls lsr-id 3.3.3.3
[r3]mpls
Info: Mpls starting, please wait... OK!
[r3]mpls ldp
[r3]int g0/0/0
[r3-GigabitEthernet0/0/0]mpls
[r3-GigabitEthernet0/0/0]mpls ldp
[r3]int g0/0/1
[r3-GigabitEthernet0/0/1]mpls
[r3-GigabitEthernet0/0/1]mpls ldp

[r4]mpls lsr-id 4.4.4.4
[r4]mpls
Info: Mpls starting, please wait... OK!
[r4]mpls ldp
[r4]int g0/0/0
[r4-GigabitEthernet0/0/0]mpls
[r4-GigabitEthernet0/0/0]mpls ldp

4、 stay R2、R4 The two border routers are configured with channels of two different sites

[r2]ip vpn-instance a Customer A Flow channel
[r2-vpn-instance-a]route-distinguisher 100:100
[r2-vpn-instance-a-af-ipv4]vpn-target 100:1 both
IVT Assignment result:
Info: VPN-Target assignment is successful.
EVT Assignment result:
Info: VPN-Target assignment is successful.
[r2]int g0/0/0
[r2-GigabitEthernet0/0/0]ip binding vpn-instance a
Info: All IPv4 related configurations on this interface are removed!
Info: All IPv6 related configurations on this interface are removed!


[r2]ip vpn-instance b Customer B Flow channel
[r2-vpn-instance-b]route-distinguisher 200:200
[r2-vpn-instance-b-af-ipv4]vpn-target 200:1 both
IVT Assignment result:
Info: VPN-Target assignment is successful.
EVT Assignment result:
Info: VPN-Target assignment is successful.
[r2]int g0/0/1
[r2-GigabitEthernet0/0/1]ip binding vpn-instance b
Info: All IPv4 related configurations on this interface are removed!
Info: All IPv6 related configurations on this interface are removed!

[r2]int g0/0/0
[r2-GigabitEthernet0/0/0]ip a 192.168.2.2 24
[r2-GigabitEthernet0/0/0]int g0/0/1
[r2-GigabitEthernet0/0/1]ip a 172.16.2.2 24

[r4]ip vpn-instance a                                                         Customer A Flow channel
[r4-vpn-instance-a]route-distinguisher 100:100
[r4-vpn-instance-a-af-ipv4]vpn-target 100:1 both
IVT Assignment result:
Info: VPN-Target assignment is successful.
EVT Assignment result:
Info: VPN-Target assignment is successful.
[r4]int g0/0/1
[r4-GigabitEthernet0/0/1]ip binding vpn-instance a
Info: All IPv4 related configurations on this interface are removed!
Info: All IPv6 related configurations on this interface are removed!

[r4]ip vpn-instance b                                                         Customer B Flow channel
[r4-vpn-instance-b]route-distinguisher 200:200
[r4-vpn-instance-b-af-ipv4]vpn-target 200:1 both
IVT Assignment result:
Info: VPN-Target assignment is successful.
EVT Assignment result:
Info: VPN-Target assignment is successful.
[r4]int g0/0/2
[r4-GigabitEthernet0/0/2]ip binding vpn-instance b
Info: All IPv4 related configurations on this interface are removed!
Info: All IPv6 related configurations on this interface are removed!

[r4]int g0/0/1
[r4-GigabitEthernet0/0/1]ip a 192.168.3.2 24
[r4]int g0/0/2
[r4-GigabitEthernet0/0/2]ip a 172.16.3.2 24

5、 Configure the private network device IP Address and loopback interface

[r1]int g0/0/0
[r1-GigabitEthernet0/0/0]ip a 192.168.2.1 24
[r1-GigabitEthernet0/0/0]int lo0
[r1-LoopBack0]ip a 192.168.1.1 24

[r6-GigabitEthernet0/0/0]ip a 172.16.2.1 24
[r6-GigabitEthernet0/0/0]int lo0
[r6-LoopBack0]ip a 172.16.1.1 24

[r5-GigabitEthernet0/0/0]ip a 192.168.3.1 24
[r5-GigabitEthernet0/0/0]int lo0
[r5-LoopBack0]ip a 192.168.4.1 24

[r7-GigabitEthernet0/0/0]ip a 172.168.3.1 24
[r7-GigabitEthernet0/0/0]int lo0
[r7-LoopBack0]ip a 172.16.4.1 24

6、 Static configuration routing

[r1]ip route-static 192.168.3.0 24 192.168.2.2
[r1]ip route-static 192.168.4.0 24 192.168.2.2

[r2]ip route-static vpn-instance a 192.168.1.0 24 192.168.2.1

[r5]ip route-static 192.168.1.0 24 192.168.3.2
[r5]ip route-static 192.168.2.0 24 192.168.3.2

[r4]ip route-static vpn-instance a 192.168.4.0 24 192.168.3.1

7、 Dynamic routing configuration

[r6]rip 1
[r6-rip-1]v 2
[r6-rip-1]network 172.16.0.0

[r2]rip 1 vpn-instance b
[r2-rip-1]v 2
[r2-rip-1]network 172.16.0.0

[r7]ospf 1 router-id 7.7.7.7
[r7-ospf-1]a 0
[r7-ospf-1-area-0.0.0.0]network 172.16.0.0 0.0.255.255

[r4]ospf 2 vpn-instance b router-id 4.4.4.4
[r4-ospf-2]a 0
[r4-ospf-2-area-0.0.0.0]network 172.16.0.0 0.0.255.255

8、R2 And R4 establish BGP Relationship

[r2]bgp 1
[r2-bgp]router-id 2.2.2.2
[r2-bgp]peer 4.4.4.4 as 1
[r2-bgp]peer 4.4.4.4 connect-interface LoopBack 0
[r2-bgp]ipv4-family vpnv4
[r2-bgp-af-vpnv4]peer 4.4.4.4 enable

[r4]bgp 1
[r4-bgp]router-id 4.4.4.4
[r4-bgp]peer 2.2.2.2 as 1
[r4-bgp]peer 2.2.2.2 connect-interface LoopBack 0
[r4-bgp]ipv4-family vpnv4
[r4-bgp-af-vpnv4]peer 2.2.2.2 enable

9、 Publish route

[r2-bgp]ipv4-family vpn-instance a take R1 Static and direct republishing
[r2-bgp-a]import-route static
[r2-bgp-a]import-route direct

[r4-bgp]ipv4-family vpn-instance a take R5 Static and direct republishing
[r4-bgp-a]import-route static
[r4-bgp-a]import-route direct

[r2-bgp]ipv4-family vpn-instance b take RIP And BGP Conduct two-way republishing
[r2-bgp-b]import-route rip 1
[r2]rip
[r2-rip-1]import-route bgp

[r4-bgp]ipv4-family vpn-instance b take BGP And OSPF Conduct two-way republishing
[r4-bgp-b]import-route ospf 2
[r4]ospf 2
[r4-ospf-2]import-route bgp