HCIP WPN 实验

实验内容：

实验拓扑：

 实验要求：

r6通过r7访问r3（上网）

实验过程：

1、各个路由器接口IP 配置

(r2的g0/0/0接口IP需进入空间a配置g0/0/2进入空间b)

[r2]ip vpn-instance a
[r2-vpn-instance-a]route-distinguisher 1:1
[r2-vpn-instance-a-af-ipv4]vpn
[r2-vpn-instance-a-af-ipv4]vpn-target 1:1
 IVT Assignment result: 
Info: VPN-Target assignment is successful.
 EVT Assignment result: 
Info: VPN-Target assignment is successful.
[r2-vpn-instance-a-af-ipv4]q 
[r2-vpn-instance-a]q
[r2]inter g0/0/0
[r2-GigabitEthernet0/0/0]ip binding vpn-instance a
Info: All IPv4 related configurations on this interface are removed!
Info: All IPv6 related configurations on this interface are removed!
[r2-GigabitEthernet0/0/0]ip add 192.168.2.2 24

[r2]ip vpn-instance b
[r2-vpn-instance-b]rou
[r2-vpn-instance-b]route-distinguisher 1:2
[r2-vpn-instance-b-af-ipv4]vpnn
[r2-vpn-instance-b-af-ipv4]vpn 
[r2-vpn-instance-b-af-ipv4]vpn-target 1:2
 IVT Assignment result: 
Info: VPN-Target assignment is successful.
 EVT Assignment result: 
Info: VPN-Target assignment is successful.
[r2-vpn-instance-b-af-ipv4]q
[r2-vpn-instance-b]q
[r2]inter g0/0/2
[r2-GigabitEthernet0/0/2]ip binding vpn-instance b
Info: All IPv4 related configurations on this interface are removed!
Info: All IPv6 related configurations on this interface are removed!
[r2-GigabitEthernet0/0/2]ip add 192.168.2.2 24

(r4的g0/0/1接口IP需进入空间a配置g0/0/2进入空间b)

[r4]ip vpn-instance a 
[r4-vpn-instance-a]route-distinguisher 1:1
[r4-vpn-instance-a-af-ipv4]vpn-target 1:1
 IVT Assignment result: 
Info: VPN-Target assignment is successful.
 EVT Assignment result: 
Info: VPN-Target assignment is successful.
[r4-vpn-instance-a-af-ipv4]q
[r4-vpn-instance-a]q
[r4]inter g0/0/1
[r4-GigabitEthernet0/0/1]ip binding vpn-instance a
Info: All IPv4 related configurations on this interface are removed!
Info: All IPv6 related configurations on this interface are removed!
[r4-GigabitEthernet0/0/1]ip add 192.168.3.2 24


[r4]ip vpn-instance b
[r4-vpn-instance-b]route-distinguisher 1:2
[r4-vpn-instance-b-af-ipv4]vpn-target 1:2
 IVT Assignment result: 
Info: VPN-Target assignment is successful.
 EVT Assignment result: 
Info: VPN-Target assignment is successful.
[r4-vpn-instance-b-af-ipv4]q
[r4-vpn-instance-b]q
[r4]inter g0/0/2
[r4-GigabitEthernet0/0/2]ip binding vpn-instance b
Info: All IPv4 related configurations on this interface are removed!
Info: All IPv6 related configurations on this interface are removed!
[r4-GigabitEthernet0/0/2]ip add 192.168.3.2 24

2、ISP启用oSPF协议进程1

[r2]ospf 1
[r2-ospf-1]area 0
[r2-ospf-1-area-0.0.0.0]network 2.2.2.2 0.0.0.0 
[r2-ospf-1-area-0.0.0.0]network 23.1.1.0 0.0.0.255

[r3]ospf 1
[r3-ospf-1]area 0
[r3-ospf-1-area-0.0.0.0]network 23.1.1.0 0.0.0.255
[r3-ospf-1-area-0.0.0.0]network 34.1.1.0 0
[r3-ospf-1-area-0.0.0.0]network 3.3.3.3 0.0.0.0

[r4]ospf 1
[r4-ospf-1]area 0
[r4-ospf-1-area-0.0.0.0]network 34.1.1.0 0.0.0.255
[r4-ospf-1-area-0.0.0.0]network 4.4.4.4 0.0

3、r2\r4启用BGP协议

[r2]bgp 1
[r2-bgp]peer 4.4.4.4 as-number 1
[r2-bgp]peer 4.4.4.4 connect-interface LoopBack 0
[r2-bgp]peer 4.4.4.4 next-hop-local

[r4]bgp 1          
[r4-bgp]peer 2.2.2.2 as-number 1
[r4-bgp]peer 2.2.2.2 connect-interface LoopBack 0
[r4-bgp]peer 2.2.2.2 next-hop-local 

 4、r2\r3\r4启用mpls协议

[r2]mpls lsr-id 2.2.2.2
[r2]mpls
Info: Mpls starting, please wait... OK!
[r2-mpls]mpls ldp
[r2-mpls-ldp]q
[r2]inter g0/0/1
[r2-GigabitEthernet0/0/1]mpls
[r2-GigabitEthernet0/0/1]mpls ldp

[r3]mpls lsr-id 3.3.3.3
[r3]mpls
Info: Mpls starting, please wait... OK!
[r3-mpls]mpls ldp
[r3-mpls-ldp]q
[r3]inter g0/0/0
[r3-GigabitEthernet0/0/0]mpls 
[r3-GigabitEthernet0/0/0]mpls ldp
[r3-GigabitEthernet0/0/0]q
[r3]inter g0/0/1
[r3-GigabitEthernet0/0/1]mpls
[r3-GigabitEthernet0/0/1]mpls ldp

[r4]mpls lsr
[r4]mpls lsr-id 4.4.4.4
[r4]mpls
Info: Mpls starting, please wait... OK!
[r4-mpls]mpls ldp 
[r4-mpls-ldp]q
[r4]inter g0/0/0
[r4-GigabitEthernet0/0/0]mpls
[r4-GigabitEthernet0/0/0]mpls ldp

 5、r1\r5启用oSPF协议同时进入空间a对r2\r4启用oSPF进程2

[r1]ospf 1
[r1-ospf-1]area 0
[r1-ospf-1-area-0.0.0.0]network 192.168.2.0 0.0.0.255
[r1-ospf-1-area-0.0.0.0]network 192.168.1.0 0.0.0.255

[r2]ospf 2 vpn-instance a
[r2-ospf-2]area 0
[r2-ospf-2-area-0.0.0.0]network 192.168.2.0 0.0.0.255

[r4]ospf 2 vpn-instance a
[r4-ospf-2]area 0
[r4-ospf-2-area-0.0.0.0]network 192.168.3.0 0.0.0.255

[r5]ospf 1
[r5-ospf-1]area 0
[r5-ospf-1-area-0.0.0.0]network 192.168.3.0 0.0.0.255 
[r5-ospf-1-area-0.0.0.0]network  192.168.4.0 0.0.0.255

6、r6\r7启用RIP协议同时进入空间b对r2\r4启用RIP

[r6]rip 1
[r6-rip-1]version 2
[r6-rip-1]network 192.168.2.0
[r6-rip-1]network 192.168.1.0

[r2]rip 1 vpn-instance b
[r2-rip-1]version 2
[r2-rip-1]network 192.168.2.0

[r4]rip 1 vpn-instance b
[r4-rip-1]version 2
[r4-rip-1]network 192.168.3.0 

[r7]rip 1
[r7-rip-1]version 2
[r7-rip-1]network 192.168.3.0  
[r7-rip-1]network 192.168.4.0

7、重发布 

[r2]bgp 1 
[r2-bgp]ipv4 vpn-instance a
[r2-bgp-a]import-route ospf 2
[r2-bgp-a]q
[r2-bgp]ipv4 vpn-instance b
[r2-bgp-b]import-route rip 1
[r2-bgp-b]q
[r2-bgp]q
[r2]rip 1
[r2-rip-1]import-route bgp
[r2-rip-1]q
[r2]ospf 2
[r2-ospf-2]import-route bgp

[r4]bgp 1 
[r4-bgp]ipv4 vpn-instance a
[r4-bgp-a]import-route ospf 2
[r4-bgp-a]q
[r4-bgp]ipv4 vpn-instance b
[r4-bgp-b]import-route rip 1
[r4-bgp-b]q
[r4-bgp]q
[r4]ospf 2
[r4-ospf-2]import-route bgp
[r4-ospf-2]q
[r4]rip 1
[r4-rip-1]import-route bgp 
[r4-rip-1]q

8、PE与PE间建立MP-BPG邻居关系

[r2]bgp 1
[r2-bgp]ipv4
[r2-bgp]ipv4-family  vpnv4 
[r2-bgp-af-vpnv4]peer 4.4.4.4 enable 

[r4]bgp 1
[r4-bgp]ipv4
[r4-bgp]ipv4-family vpnv4
[r4-bgp-af-vpnv4]peer 2.2.2.2 enable 

9、nat地址转换 

[r7]acl 2000
[r7-acl-basic-2000]ru
[r7-acl-basic-2000]rule 1 per
[r7-acl-basic-2000]rule 1 permit so
[r7-acl-basic-2000]rule 1 permit source an
[r7-acl-basic-2000]rule 1 permit source any 
[r7-acl-basic-2000]q
[r7]inter g0/0/1
[r7-GigabitEthernet0/0/1]nat out
[r7-GigabitEthernet0/0/1]nat outbound 2000

10、在r7上配置缺省下一跳指向r4，在r4bgp宣告缺省给r2，在r3上配置缺省下一跳指向r4,在r2下发缺省给r6

[r7]ip route-static 0.0.0.0 0 192.168.3.2

[r4]bgp 1
[r4-bgp]ipv4 vpn-instance b
[r4-bgp-b]network 0.0.0.0

[r3]ip route-static 0.0.0.0 0 34.1.1.2

[r2]rip 1
[r2-rip-1]default-route originate 

11、测试