最近几年网络技术发展迅速,很多技术已经更新换代了。

因为MPLS的价格问题,已经很少使用了,现在很多企业都在使用SD-WLAN。

国内的SD-WLAN厂商服务质量参差不齐,各位网络运维小伙伴可要擦亮眼睛哦。


企业网络项目-MPLS+VPN配置_网络技术


MPLS+VPN简介:

通过标签协议栈在和同一个VPN相连的PE路由之间建立一条隧道,标签协议栈就是使用两层标签,PE路由器之间的标签位于底层,而PE路由器和P路由器以及两个P路由器之间的标签位于协议栈的上层,下层协议对于上层协议是透明的。


总结:给流量加上标签,实现快速转发。


MPLSVPN组成


MPLSVPN网络主要由CE、PE和P,3部分组成:

1、CE(Customer Edge Router)用户网络边缘路由器设备,直接与服务提供商网络相连,它“感知”不到VPN的存在;

2、PE(Provider Edge Router)服务提供商边缘路由器设备,与用户的CE直接相连,负责VPN业务接入,处理VPN-IPv4路由,是MPLS三层VPN的主要实现者;

3、P(Provider Router)服务提供商核心路由器设备,负责快速转发数据,不与CE直接相连。

在整个MPLS VPN中,P、PE设备需要支持MPLS的基本功能,CE设备不必支持MPLS。


项目网络拓扑


本次项目使用的网络拓扑图:


企业网络项目-MPLS+VPN配置_网络技术_02


实验要求:


1、公司A总部可以与分支1、分支2进行网络通讯。

2、公司B总部可以与分支1进行网络通讯。

3、公司A和公司B,无论是总部还是分支,都互不干扰,互不通信。


实验思路:


1、骨干网IGP OSPF配置(理论上运营商的路由器运行BGP,这里简化OSPF)

2、CE端 路由协议配置

3、VPN实例配置

4、PE端MP-BGP配置

5、MPLS配置


实验分析


企业网络项目-MPLS+VPN配置_MPLS-VPN_03


中间为MPLS网络,

BGP的AS号为400,

IGP为OSPF


企业网络项目-MPLS+VPN配置_网络技术_04


公司B总部,区域为AS号500

内部网段为192.168.8.X。

VPN实例为500


公司A总部,区域为AS号600

内部网段为192.168.6.X。

VPN实例为600



企业网络项目-MPLS+VPN配置_网络技术_05


来看三个分支,

公司B分支1,分支2

VPN实例分别为100,200


公司A分支1

VPN实例为300


企业网络项目-MPLS+VPN配置_网络技术_06



MPLS的标签分别为

公司A1060

公司B1024

使用BGP路由传递并控制更改信息。


设备配置文件


如果这里教大家怎么配置MPLS-VPN那就不合宜了哈

各个设备配置如下


P1


#
sysname R2_P1
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
drop illegal-mac alarm
#
router id 2.2.2.2
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
mpls lsr-id 2.2.2.2
mpls
#
mpls ldp
#
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 12.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
ip address 23.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 2.2.2.2 255.255.255.0
#
ospf 1
area 0.0.0.0
network 2.2.2.0 0.0.0.255
network 12.1.1.0 0.0.0.255
network 23.1.1.0 0.0.0.255
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return


P2


#
sysname R3_P2
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
drop illegal-mac alarm
#
router id 3.3.3.3
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
mpls lsr-id 3.3.3.3
mpls
#
mpls ldp
#
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 23.1.1.3 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
ip address 34.1.1.3 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 3.3.3.3 255.255.255.0
#
ospf 1
area 0.0.0.0
network 3.3.3.0 0.0.0.255
network 23.1.1.0 0.0.0.255
network 34.1.1.0 0.0.0.255
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return


PE1


#
sysname R1_PE1
#
board add 0/4 1GEC
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
drop illegal-mac alarm
#
router id 1.1.1.1
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
ip vpn-instance vpn100
ipv4-family
route-distinguisher 100:100
vpn-target 10:10 export-extcommunity
vpn-target 50:50 import-extcommunity
#
ip vpn-instance vpn200
ipv4-family
route-distinguisher 200:200
vpn-target 20:20 export-extcommunity
vpn-target 50:50 import-extcommunity
#
ip vpn-instance vpn300
ipv4-family
route-distinguisher 300:300
vpn-target 30:30 export-extcommunity
vpn-target 60:60 import-extcommunity
#
mpls lsr-id 1.1.1.1
mpls
#
mpls ldp
#
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 12.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
ip binding vpn-instance vpn100
ip address 15.1.1.1 255.255.255.0
#
interface GigabitEthernet0/0/2
ip binding vpn-instance vpn300
ip address 17.1.1.1 255.255.255.0
#
interface GigabitEthernet4/0/0
ip binding vpn-instance vpn200
ip address 19.1.1.1 255.255.255.0
#
interface NULL0
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.0
#
bgp 400
peer 4.4.4.4 as-number 400
peer 4.4.4.4 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
peer 4.4.4.4 enable
#
ipv4-family vpnv4
policy vpn-target
peer 4.4.4.4 enable
#
ipv4-family vpn-instance vpn100
peer 15.1.1.5 as-number 100
#
ipv4-family vpn-instance vpn200
peer 19.1.1.9 as-number 200
#
ipv4-family vpn-instance vpn300
peer 17.1.1.7 as-number 300
#
ospf 1
area 0.0.0.0
network 1.1.1.0 0.0.0.255
network 12.1.1.0 0.0.0.255
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return


PE2


#
sysname R4
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
drop illegal-mac alarm
#
undo info-center enable
#
router id 4.4.4.4
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
ip vpn-instance vpn500
ipv4-family
route-distinguisher 500:500
vpn-target 50:50 export-extcommunity
vpn-target 10:10 20:20 import-extcommunity
#
ip vpn-instance vpn600
ipv4-family
route-distinguisher 600:600
vpn-target 60:60 export-extcommunity
vpn-target 30:30 import-extcommunity
#
mpls lsr-id 4.4.4.4
mpls
#
mpls ldp
#
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 34.1.1.4 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
ip binding vpn-instance vpn600
ip address 46.1.1.4 255.255.255.0
#
interface GigabitEthernet0/0/2
ip binding vpn-instance vpn500
ip address 48.1.1.4 255.255.255.0
#
interface NULL0
#
interface LoopBack0
ip address 4.4.4.4 255.255.255.0
#
bgp 400
peer 1.1.1.1 as-number 400
peer 1.1.1.1 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
peer 1.1.1.1 enable
#
ipv4-family vpnv4
policy vpn-target
peer 1.1.1.1 enable
#
ipv4-family vpn-instance vpn500
peer 48.1.1.8 as-number 500
#
ipv4-family vpn-instance vpn600
peer 46.1.1.6 as-number 600
#
ospf 1
area 0.0.0.0
network 4.4.4.0 0.0.0.255
network 34.1.1.0 0.0.0.255
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return


CE5


#
sysname R5_CE5
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
drop illegal-mac alarm
#
router id 5.5.5.5
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 192.168.5.1 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 15.1.1.5 255.255.255.0
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 5.5.5.5 255.255.255.0
#
bgp 100
peer 15.1.1.1 as-number 400
#
ipv4-family unicast
undo synchronization
network 5.5.5.0 255.255.255.0
network 192.168.5.0
peer 15.1.1.1 enable
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return


CE6


#
sysname R6_CE6
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
drop illegal-mac alarm
#
router id 6.6.6.6
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 46.1.1.6 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 192.168.6.1 255.255.255.0
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 6.6.6.6 255.255.255.0
#
bgp 600
peer 46.1.1.4 as-number 400
#
ipv4-family unicast
undo synchronization
network 6.6.6.0 255.255.255.0
network 192.168.6.0
peer 46.1.1.4 enable
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return


CE7


#
sysname R7_CE7
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
drop illegal-mac alarm
#
router id 7.7.7.7
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 17.1.1.7 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 192.168.7.1 255.255.255.0
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 7.7.7.7 255.255.255.0
#
bgp 300
peer 17.1.1.1 as-number 400
#
ipv4-family unicast
undo synchronization
network 7.7.7.0 255.255.255.0
network 192.168.7.0
peer 17.1.1.1 enable
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return


CE8


#
sysname R8_CE8
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
drop illegal-mac alarm
#
router id 8.8.8.8
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 48.1.1.8 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 192.168.8.1 255.255.255.0
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 8.8.8.8 255.255.255.0
#
bgp 500
peer 48.1.1.4 as-number 400
#
ipv4-family unicast
undo synchronization
network 8.8.8.0 255.255.255.0
network 192.168.8.0
peer 48.1.1.4 enable
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return


CE9


#
sysname R9_CE9
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
drop illegal-mac alarm
#
router id 9.9.9.9
#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 19.1.1.9 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 192.168.9.1 255.255.255.0
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 9.9.9.9 255.255.255.0
#
bgp 200
peer 19.1.1.1 as-number 400
#
ipv4-family unicast
undo synchronization
network 9.9.9.0 255.255.255.0
network 192.168.9.0
peer 19.1.1.1 enable
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return


实验项目结束。



如有问题,可留言交流。