hcip实验（14）

 一，首先给mpls vpn骨干网络配置公网IP地址
R2

R3

 R4

二，使用OSPF获取公网IP的路由条目

 ospf 1 router-id 2.2.2.2 
 area 0.0.0.0 
 network 2.2.2.2 0.0.0.0 
 network 23.0.0.0 0.0.0.255

三，创建mlps

[r2]mpls lsr-id 2.2.2.2  ---mpls的router-id，要为本地设备的真实ip地址，且邻居可达
[r2]mpls   ---全局开启mpls协议
[r2]mpls ldp  ---激活LDP协议
[r2-GigabitEthernet0/0/1]mpls  ---接口开启mpls协议
[r2-GigabitEthernet0/0/1]mpls ldp  ---接口激活LDP协议
注意：MLPS域的每一个接口都要开启

四，配置MPLS VPN
（一）配置R2的vpn

配置vpn a
[r2]ip vpn-instance a   ---创建名为a的vrf空间
[r2-vpn-instance-a]route-distinguisher 100:100  ---配置RD值
[r2-vpn-instance-a-af-ipv4]vpn-target 100:1 ?   ---配置PT值
  both                    ---出站和入站一样 
  export-extcommunity     ---配置出站RT
  import-extcommunity     ---配置入站RT
[r2-vpn-instance-a-af-ipv4]vpn-target 100:1 both 
[r2]int g0/0/0
[r2-GigabitEthernet0/0/0]ip binding vpn-instance a  ---关联到vrf空间
[r2-GigabitEthernet0/0/0]ip address 192.168.2.2 24  ---配置私有ip地址

配置vpn b
[r2]ip vpn-instance b
[r2-vpn-instance-b]route-distinguisher 200:200
[r2-vpn-instance-b-af-ipv4]vpn-target 200:1 both 
[r2]int g0/0/2
[r2-GigabitEthernet0/0/2]ip binding vpn-instance b
[r2-GigabitEthernet0/0/2]ip address 172.16.2.2 24

（二）配置R4的vpn

配置vpn a
[r4]ip vpn-instance a
[r4-vpn-instance-a]route-distinguisher 100:100
[r4-vpn-instance-a-af-ipv4]vpn-target 100:1 both 
[r4]int g0/0/1
[r4-GigabitEthernet0/0/1]ip binding vpn-instance a
[r4-GigabitEthernet0/0/1]ip address 192.168.3.2 24

配置vpn b
[r4]ip vpn-instance b
[r4-vpn-instance-b]route-distinguisher 200:200    
[r4-vpn-instance-b-af-ipv4]vpn-target 200:1 both 
[r4]int g0/0/2
[r4-GigabitEthernet0/0/2]ip binding vpn-instance b
[r4-GigabitEthernet0/0/2]ip address 172.16.3.2 24

（三）配置r1,r5,r6,r7IP地址

[r1-GigabitEthernet0/0/0]ip address 192.168.2.1 24
[r1-LoopBack0]ip address 192.168.1.1 24
[r5-GigabitEthernet0/0/0]ip address 192.168.3.1 24
[r5-LoopBack0]ip address 192.168.4.1 24
[r6-GigabitEthernet0/0/0]ip address 172.16.2.1 24
[r6-LoopBack0]ip address 172.16.1.1 24
[r7-GigabitEthernet0/0/0]ip address 172.16.3.1 24
[r7-LoopBack0]ip address 172.16.4.1 24

注：在关联到vrf空间前不能配置接口ip，否则该地址的直连路由将进入公有路由表

[r2]display  ip routing-table vpn-instance a  ---查看空间内的私有路由表

[r2]ping -vpn-instance  a  192.168.2.1   正常测试将在公有路由表中查询记录；该命令为基于VRF空间

五，配置BGP建邻

R2:
[r2]bgp 1
[r2-bgp]router-id 2.2.2.2
[r2-bgp]peer 4.4.4.4 as-number 1
[r2-bgp]peer 4.4.4.4 connect-interface LoopBack  0
[r2-bgp]ipv4-family vpnv4   ---进入vpnv4
[r2-bgp-af-vpnv4]peer 4.4.4.4 enable  --- 开启VPNv4建邻关系
R4:
[r4]bgp 1
[r4-bgp]router-id 4.4.4.4
[r4-bgp]peer 2.2.2.2 as-number 1
[r4-bgp]peer 2.2.2.2 connect-interface LoopBack 0
[r4-bgp]ipv4-family vpnv4
[r4-bgp-af-vpnv4]peer 2.2.2.2 enable

六，给R1-R2 和 R4-R5配置静态，使其可以互相访问
（一）配置静态路由

R1：
[r1]ip route-static 192.168.3.0 24 192.168.1.2
[r1]ip route-static 192.168.4.0 24 192.168.1.2
R2：
[r2]ip route-static vpn-instance a 192.168.1.0 192.168.2.1
R4:
[r4]ip route-static vpn-instance a 192.168.4.0  24 192.168.3.1
R5:
[r5]ip route-static 192.168.1.0 24 192.168.3.2 
[r5]ip route-static 192.168.2.0 24 192.168.3.2

（二）进入BGP发布路由

[r2]bgp 1
[r2-bgp]ipv4-family vpn-instance a
[r2-bgp-a]import-route static 
[r2-bgp-a]import-route direct 

[r4]bgp 1
[r4-bgp]ipv4-family vpn-instance a
[r4-bgp-a]import-route static 
[r4-bgp-a]import-route direct

七，R6通过RIP将私网路由传递给PE设备，R7通过osPF将私网路由传递给PE设备，

R2——R6：rip                      
[r2]rip 1 vpn-instance b
[r2-rip-1]v 2
[r2-rip-1]network 172.16.0.0
[r6]rip
[r6-rip-1]v 2
[r6-rip-1]network 172.16.0.0
R4—R7: ospf
[r4]ospf 2 vpn-instance b router-id 4.4.4.4
[r4-ospf-2]a 0
[r4-ospf-2-area-0.0.0.0]network 172.16.0.0 0.0.255.255
[r7]ospf 1 router-id 7.7.7.7
[r7-ospf-1]a 0
[r7-ospf-1-area-0.0.0.0]net    
[r7-ospf-1-area-0.0.0.0]network 172.16.0.0 0.0.255.255

双点重发布
[r2]rip
[r2-rip-1]import-route bgp 1
[r2]bgp 1
[r2-bgp]ipv4-family vpn-instance b
[r2-bgp-b]import-route rip 1

[r4]bgp 1
[r4-bgp]ipv4-family vpn-instance b
[r4-bgp-b]import-route ospf 2
[r4]ospf 2
[r4-ospf-2]import-route bgp

八，配置一条缺省，使R7可以访问R2/R3/R4环回。

[r7]ip route-static 0.0.0.0 0 47.0.0.1