HCIP - MPLS VPN experiment

MPLS  VPN实验

 一、实验要求：

1, R1和R5是客户A两个站点的CE设备,R6和R7是客户6两个站点的CE设备,通过HPLS VPN骨干网络分别连接不同客户的不同站点.
2, R1和R5采用静态路由的方式传递私网路由,R6通过RIP将私网路由传递给PE设备;R7通过osPF将私网路由传递给PE设备,
3, R7单独拉一根网线保证可以访问公网,R7可以访问R2/R3/R4环回

二、划分网段

1）合理划分网段
（1）MPLSThe division of backbone network segment
R2 - R3之间划分的网段为 --- 23.0.0.0/24

R3 - R4之间划分的网段为 --- 34.0.0.0/24

MPLSBackbone loopback network segment division

R2、R3、Ｒ4The loopback network segment, respectively2.2.2.2/24、3.3.3.3/24、4.4.4.4/24.

（2）The division of private segments
为了展示MPLS　VPNEnvironment between different customers won't influence each other reason for the private network configuration is the same network segment.

R1－R2与R2－R6Divide between segments are the same：192.168.2.0/24;R1与R6Divide the loopback network segment are：192.168.1.0/24.

R4－R5与R4－R7Divide between segments are the same：192.168.3.0/24;R1与R6Divide the loopback network segment are：192.168.4.0/24

（3）Special segment division
R7Need to access the public needs inR4与R7To configure a male segments between：47.0.0.0/24

三、进行地址配置

R1:

 R2:

 R3:

 R4:

 R5:

 R6:

R7:

 四、MPLSBackbone networks within theOSPF宣告

R1

[r2]ospf 1 router-id 2.2.2.2        
[r2-ospf-1]area 0        
[r2-ospf-1-area-0.0.0.0]network 2.2.2.2 0.0.0.0        
[r2-ospf-1-area-0.0.0.0]network 23.0.0.0 0.0.0.255
R2 

[r3]ospf 1 router-id 3.3.3.3
[r3-ospf-1]area 0
[r3-ospf-1-area-0.0.0.0]network 3.3.3.3 0.0.0.0        
[r3-ospf-1-area-0.0.0.0]network 23.0.0.0 0.0.0.255
[r3-ospf-1-area-0.0.0.0]network 34.0.0.0 0.0.0.255
R3

[r4]ospf 1 router-id 4.4.4.4        
[r4-ospf-1]area 0        
[r4-ospf-1-area-0.0.0.0]network 4.4.4.4 0.0.0.0
[r4-ospf-1-area-0.0.0.0]network 34.0.0.0 0.0.0.255
[r4-ospf-1-area-0.0.0.0]network 47.0.0.0 0.0.0.255　//由于要让R7Access to the total net so to declare

五、开启mpls使用ldpDynamically build

R2：

[r2]mpls lsr-id 2.2.2.2 //设置的idBe the loopback address of a router,And to ensure that the routing of the accessibility of.
[r2]mpls     //On the global openmpls
[r2-mpls]q   //On the global openmpls ldp
[r2]mpls ldp 
[r2-mpls-ldp]q
[r2]int g 0/0/2
[r2-GigabitEthernet0/0/2]mpls     //在接口上开启mpls     
[r2-GigabitEthernet0/0/2]mpls ldp //在接口上开启mpls ldp
R3：

[r3]mpls lsr-id 3.3.3.3
[r3]mpls
[r3]mpls ldp
[r3-mpls-ldp]q
[r3]int g 0/0/0
[r3-GigabitEthernet0/0/0]mpls        
[r3-GigabitEthernet0/0/0]mpls ldp
[r3-GigabitEthernet0/0/0]int g 0/0/1
[r3-GigabitEthernet0/0/1]mpls        
[r3-GigabitEthernet0/0/1]mpls ldp
R4：

[r4]mpls lsr-id 4.4.4.4
[r4]mpls
[r4-mpls]q
[r4]mpls ldp
[r4-mpls-ldp]q
[r4]int g 0/0/2
[r4-GigabitEthernet0/0/2]mpls        
[r4-GigabitEthernet0/0/2]mpls ldp

六、创建及配置VRF空间

       让R1与R2的VRF的aSpace to connect,让R6与R2的VRF的bSpace to connect;让R5与R4的VRF的aSpace to connect,让R7与R4的VRF的bSpace to connect.

（1）配置VRF - a
R2

[r2]ip vpn-instance a  //创建VRF-a空间
[r2-vpn-instance-a1]route-distinguisher 100:10  //配置RDValue is used to distinguish between different site traffic
[r2-vpn-instance-a1-af-ipv4]vpn-target 100:1 export-extcommunity // 配置出站RT用于区分不同VRF-a空间的流量,且与其他PEThe inbound equipmentRTThe value corresponding to the same
[r2-vpn-instance-a1-af-ipv4]vpn-target 100:2 import-extcommunity // 配置入站RT用于区分不同VRF-a空间的流量,且与其他PEEquipment of the outboundRTThe value corresponding to the same
[r2-vpn-instance-a1-af-ipv4]q
[r2-vpn-instance-a1]q
[r2]int g 0/0/0
[r2-GigabitEthernet0/0/0]ip binding vpn-instance a  //将接口绑定到对应的VRF-a空间上
[r2-GigabitEthernet0/0/0]ip add 192.168.2.2 24      //At this time on the interface configuration correspondingVRF-a的IP地址
R4

[r4]ip vpn-instance a
[r4-vpn-instance-a2]route-distinguisher 100:10
[r4-vpn-instance-a2-af-ipv4]vpn-target 100:2 import-extcommunity  //与其他PEEquipment of the outboundRTThe value corresponding to the same
[r4-vpn-instance-a2-af-ipv4]vpn-target 100:1 export-extcommunity  //与其他PEThe inbound equipmentRTThe value corresponding to the same
[r4-vpn-instance-a2-af-ipv4]q
[r4-vpn-instance-a2]q
[r4]int g 0/0/1
[r4-GigabitEthernet0/0/1]ip binding vpn-instance a
[r4-GigabitEthernet0/0/1]ip ad 192.168.3.1 24
（2）配置VRF - b
R2

[r2]ip vpn-instance b
[r2-vpn-instance-b1]route-distinguisher 100:11
[r2-vpn-instance-b1-af-ipv4]vpn-target 100:3 both    //Through this command can be inbound and outboundRT值都改成100:3
[r2-vpn-instance-b1-af-ipv4]q
[r2-vpn-instance-b1]q
[r2]int g 0/0/1
[r2-GigabitEthernet0/0/1]ip binding vpn-instance b
[r2-GigabitEthernet0/0/1]ip ad 192.168.2.2 24
R4

[r4]ip vpn-instance b
[r4-vpn-instance-b2]route-distinguisher 100:11
[r4-vpn-instance-b2-af-ipv4]vpn-target 100:3 both
[r4-vpn-instance-b2-af-ipv4]q
[r4-vpn-instance-b2]q
[r4]int g 0/0/2
[r4-GigabitEthernet0/0/2]ip binding vpn-instance b
[r4-GigabitEthernet0/0/2]ip add 192.168.3.1 24

七、编写客户AStatic routing between the site

R1Static routing on writing

[r1]ip route-static 192.168.3.0 24 192.168.2.2
 
[r1]ip route-static 192.168.4.0 24 192.168.2.2
R2Static routing on writing

[r2]ip route-static vpn-instance a 192.168.1.0 24 192.168.2.1 //必须在VFR-aThe static routes to write
R4Static routing on writing

[r4]ip route-static vpn-instance a 192.168.4.0 24 192.168.3.2
R5Static routing on writing

[r5]ip route-static 192.168.1.0 24 192.168.3.1
 [r5]ip route-static 192.168.2.0 24 192.168.3.1

八、编写客户BRouting between the site

（1）用rip宣告R2、R6上的路由
[r2]rip 1 v        
[r2]rip 1 vpn-instance b  //在VRF-b中进行rip的宣告
[r2-rip-1]v 2        
[r2-rip-1]network 192.168.1.0
[r2-rip-1]network 192.168.2.0
 
[r6]rip 1        
[r6-rip-1]v 2
[r6-rip-1]network 192.168.2.0
（2）用ospf宣告R4、R7上的路由
[r4]ospf 2 vpn-instance b router-id 4.4.4.4  //在VRF-b中进行ospf的宣告
[r4-ospf-2]area 0
[r4-ospf-2-area-0.0.0.0]network 192.168.3.0 0.0.0.255
[r7]ospf 1 router-id 7.7.7.7
[r7-ospf-1]area 0
[r7-ospf-1-area-0.0.0.0]network 192.168.3.0 0.0.0.255
[r7-ospf-1-area-0.0.0.0]network 192.168.4.0 0.0.0.255

九、配置MP-BGP

R2

[r2]bgp 1
[r2-bgp]router-id 2.2.2.2        
[r2-bgp]peer 4.4.4.4 as 1
[r2-bgp]peer 4.4.4.4 connect-interface LoopBack 0        
[r2-bgp]ipv4-family vpnv4   //开启MP-BGP
[r2-bgp-af-vpnv4]peer 4.4.4.4 enable

R4

[r4]bgp 1
[r4-bgp]router-id 4.4.4.4
[r4-bgp]peer 2.2.2.2 as 1
[r4-bgp]peer 2.2.2.2 connect-interface LoopBack 0        
[r4-bgp]ipv4-family vpnv4        
[r4-bgp-af-vpnv4]peer 2.2.2.2 enable

十、Routing to redistribute

（1）客户A
R2

[r2]bgp 1
[r2-bgp]ipv4-family vpn-instance a  //在BGP的VRF-aRedistribute the customerAStatic routing and direct routing
[r2-bgp-a1]import-route direct
[r2-bgp-a1]import-route static

R4

[r4]bgp 1
[r4-bgp]ipv4-family vpnv4
[r4-bgp]ipv4-family vpn-instance a
[r4-bgp-a2]import-route direct
[r4-bgp-a2]import-route static
（2）客户B
R2

[r2]bgp 1 
[r2-bgp]ipv4-family vpn-instance b  //在BGP的VRF-aRedistribute the customerB的rip协议
[r2-bgp-b]import-route rip 1
[r2-bgp-b]q
[r2-bgp]q
 
 
[r2]rip 1                          //在ripIn the agreement to redistributebgp协议
[r2-rip-1]import-route bgp

R4

[r4]bgp 1
[r4-bgp]ipv4-family vpn-instance b
[r4-bgp-b]import-route ospf 2
[r4-bgp-b]q
 
[r4]ospf 2        
[r4-ospf-2]import-route bgp

十一、R7可以访问公网

        由于R7Have a path to a public network cable,且在R4的ospf进程1中宣告,So we only need to be in at this timeR7The default can be configured on a want to public

[r7]ip route-static 0.0.0.0 0 47.0.0.1
 

十二、结果检测

（1）客户A

R1　ping　R5的环回

（２）客户Ｂ

R６　ping　R７的环回

2）R7可以访问R2、R3、R4环回

R7　ping　R2、Ｒ3、Ｒ4的环回