1、实验拓扑图

HUB&SPOKE(IGP+EBGP)_Time

2、实验目的

Spoke-CE1 与 Spoke-CE2 为同一家公司分属于两地的分支边 界网络设备,Hub-CE 为该公司总部的边界网络设备,分支设备 与其所连接的 PE 设备间运行 OSPF 协议,总部设备与其所连接 的 PE 设备间运行 EBGP;Spoke-PE1、Spoke-PE2、RTA、HubPE 为运营商网络,内部 IGP 使用 OSPF 连通,外网构建 BGP 网 络,令 Spoke-PE1、Spoke-PE2 与 Hub-PE 之间实现 MPLS VPN,在穿越 BGP 网络环境下实现公司内部的通信;同时要求 分支网络须通过总部网络学习其它分支的路由条目,各分支彼此 间不允许直接学习与通信

3、实验配置

pe1:

<pe1>display current-configuration  

[V200R003C00]

#

sysname pe1

#

snmp-agent local-engineid 800007DB03000000000000

snmp-agent  

#

clock timezone China-Standard-Time minus 08:00:00

#

portal local-server load flash:/portalpage.zip

#

drop illegal-mac alarm

#

wlan ac-global carrier id other ac id 0

#

set cpu-usage threshold 80 restore 75

#

ip vpn-instance VPNA

ipv4-family

 route-distinguisher 1:1

 vpn-target 1:4 export-extcommunity

 vpn-target 4:1 import-extcommunity

#

mpls lsr-id 1.1.1.1

mpls

#

mpls ldp

#

#

aaa  

authentication-scheme default

authorization-scheme default

accounting-scheme default

domain default  

domain default_admin  

local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$

local-user admin service-type http

#

firewall zone Local

priority 15

#

interface GigabitEthernet0/0/0

ip binding vpn-instance VPNA

ip address 40.1.1.1 255.255.255.0  

#

interface GigabitEthernet0/0/1

ip address 10.1.1.1 255.255.255.0  

mpls

mpls ldp

#

interface GigabitEthernet0/0/2

#

interface NULL0

#

interface LoopBack0

ip address 1.1.1.1 255.255.255.255  

#

bgp 65001

router-id 1.1.1.1

peer 4.4.4.4 as-number 65001  

peer 4.4.4.4 connect-interface LoopBack0

#

ipv4-family unicast

 undo synchronization

 peer 4.4.4.4 enable

#  

ipv4-family vpnv4

 policy vpn-target

 peer 4.4.4.4 enable

#

ipv4-family vpn-instance VPNA  

 import-route ospf 1000

#

ospf 100 router-id 1.1.1.1  

area 0.0.0.0  

 network 1.1.1.1 0.0.0.0  

 network 10.1.1.0 0.0.0.255  

#

ospf 1000 vpn-instance VPNA

import-route bgp type 1

area 0.0.0.0  

 network 40.1.1.0 0.0.0.255  

#

user-interface con 0

authentication-mode password

idle-timeout 0 0

user-interface vty 0 4

user-interface vty 16 20

#

wlan ac

#

return

<pe1>

pe2:

<pe2>display current-configuration  

[V200R003C00]

#

sysname pe2

#

snmp-agent local-engineid 800007DB03000000000000

snmp-agent  

#

clock timezone China-Standard-Time minus 08:00:00

#

portal local-server load portalpage.zip

#

drop illegal-mac alarm

#

set cpu-usage threshold 80 restore 75

#

ip vpn-instance VPNB

ipv4-family

 route-distinguisher 2:2

 vpn-target 2:4 export-extcommunity

 vpn-target 4:2 import-extcommunity

#

mpls lsr-id 2.2.2.2

mpls

#

mpls ldp

#

#

aaa  

authentication-scheme default

authorization-scheme default

accounting-scheme default

domain default  

domain default_admin  

local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$

local-user admin service-type http

#

firewall zone Local

priority 15

#

interface GigabitEthernet0/0/0

ip binding vpn-instance VPNB

ip address 50.1.1.1 255.255.255.0  

#

interface GigabitEthernet0/0/1

ip address 20.1.1.1 255.255.255.0  

mpls

mpls ldp

#

interface GigabitEthernet0/0/2

#

interface NULL0

#

interface LoopBack0

ip address 2.2.2.2 255.255.255.255  

#

bgp 65001

router-id 2.2.2.2

peer 4.4.4.4 as-number 65001  

peer 4.4.4.4 connect-interface LoopBack0

#

ipv4-family unicast

 undo synchronization

 peer 4.4.4.4 enable

#  

ipv4-family vpnv4

 policy vpn-target

 peer 4.4.4.4 enable

#

ipv4-family vpn-instance VPNB  

 import-route ospf 1000

#

ospf 100 router-id 2.2.2.2  

area 0.0.0.0  

 network 2.2.2.2 0.0.0.0  

 network 20.1.1.0 0.0.0.255  

#

ospf 1000 vpn-instance VPNB

import-route bgp type 1

area 0.0.0.0  

 network 50.1.1.0 0.0.0.255  

#

user-interface con 0

authentication-mode password

idle-timeout 0 0

user-interface vty 0 4

user-interface vty 16 20

#

wlan ac

#

return

<pe2>

p:

<p>display current-configuration  

[V200R003C00]

#

sysname p

#

snmp-agent local-engineid 800007DB03000000000000

snmp-agent  

#

clock timezone China-Standard-Time minus 08:00:00

#

portal local-server load flash:/portalpage.zip

#

drop illegal-mac alarm

#

wlan ac-global carrier id other ac id 0

#

set cpu-usage threshold 80 restore 75

#

mpls lsr-id 3.3.3.3

mpls

#

mpls ldp

#

#

aaa  

authentication-scheme default

authorization-scheme default

accounting-scheme default

domain default  

domain default_admin  

local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$

local-user admin service-type http

#

firewall zone Local

priority 15

#

interface GigabitEthernet0/0/0

ip address 30.1.1.1 255.255.255.0  

mpls

mpls ldp

#

interface GigabitEthernet0/0/1

ip address 10.1.1.2 255.255.255.0  

mpls

mpls ldp

#

interface GigabitEthernet0/0/2

ip address 20.1.1.2 255.255.255.0  

mpls

mpls ldp

#

interface NULL0

#

interface LoopBack0

ip address 3.3.3.3 255.255.255.255  

#

ospf 100 router-id 3.3.3.3  

area 0.0.0.0  

 network 3.3.3.3 0.0.0.0  

 network 10.1.1.0 0.0.0.255  

 network 20.1.1.0 0.0.0.255  

 network 30.1.1.0 0.0.0.255  

#

user-interface con 0

authentication-mode password

user-interface vty 0 4

user-interface vty 16 20

#

wlan ac

#

return

<p>

pe:

<pe>display current-configuration  

[V200R003C00]

#

sysname pe

#

snmp-agent local-engineid 800007DB03000000000000

snmp-agent  

#

clock timezone China-Standard-Time minus 08:00:00

#

portal local-server load portalpage.zip

#

drop illegal-mac alarm

#

set cpu-usage threshold 80 restore 75

#

ip vpn-instance VPNIN

ipv4-family

 route-distinguisher 6:6

 vpn-target 1:4 2:4 import-extcommunity

#

ip vpn-instance VPNOUT

ipv4-family

 route-distinguisher 7:7

 vpn-target 4:1 4:2 export-extcommunity

#

mpls lsr-id 4.4.4.4

mpls

#

mpls ldp

#

#

aaa  

authentication-scheme default

authorization-scheme default

accounting-scheme default

domain default  

domain default_admin  

local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$

local-user admin service-type http

#

firewall zone Local

priority 15

#

interface GigabitEthernet0/0/0

ip binding vpn-instance VPNIN

ip address 60.1.1.1 255.255.255.0  

#

interface GigabitEthernet0/0/1

ip binding vpn-instance VPNOUT

ip address 70.1.1.1 255.255.255.0  

#

interface GigabitEthernet0/0/2

ip address 30.1.1.2 255.255.255.0  

mpls

mpls ldp

#

interface NULL0

#

interface LoopBack0

ip address 4.4.4.4 255.255.255.255  

#

bgp 65001

router-id 4.4.4.4

peer 1.1.1.1 as-number 65001  

peer 1.1.1.1 connect-interface LoopBack0

peer 2.2.2.2 as-number 65001  

peer 2.2.2.2 connect-interface LoopBack0

#

ipv4-family unicast

 undo synchronization

 peer 1.1.1.1 enable

 peer 2.2.2.2 enable

#  

ipv4-family vpnv4

 policy vpn-target

 peer 1.1.1.1 enable

 peer 2.2.2.2 enable

#

ipv4-family vpn-instance VPNIN  

 peer 60.1.1.2 as-number 7  

 peer 60.1.1.2 connect-interface GigabitEthernet0/0/0

#

ipv4-family vpn-instance VPNOUT  

 peer 70.1.1.2 as-number 7  

 peer 70.1.1.2 ebgp-max-hop 10  

 peer 70.1.1.2 connect-interface GigabitEthernet0/0/1

 peer 70.1.1.2 allow-as-loop 2

#

ospf 100 router-id 4.4.4.4  

area 0.0.0.0  

 network 4.4.4.4 0.0.0.0  

 network 30.1.1.0 0.0.0.255  

#

user-interface con 0

authentication-mode password

idle-timeout 0 0

user-interface vty 0 4

user-interface vty 16 20

#

wlan ac

#

return

<pe>

4、实验结果

HUB&SPOKE(IGP+EBGP)_ci_02