1.实验环境:
某公司需要通过mpls vpn实现总部和分部的互访,并且要实现不同部门之间的业务隔离,为了节省开支,总公司使用MCE设备接入不同的部门。要求分公司A只能访问总公司的部门A,分公司B只能访问总公司的部门B。
(1)CE1和CE3为分公司A和分公司B的CE设备;
(2)MCE作为VPN多实例设备接入总公司侧的部门A和部门B;
(3)分公司A和部门A属于vpn实例vpn1、分公司B和部门B属于vpn实例vpn2。
要求相同的vpn实例能够互访,不同的vpn实例不能互访。
2.实验目的:
掌握MCE的应用场景和基本配置
3.实验拓扑:
配置MPLS VPN基本组网-MCE实验拓扑所示。
4.实验步骤:
1)配置接口ip地址,ip规划见表
配置mpls vpn MCE组网实验ip地址规划表
设备名称 | 接口编号 | Ip地址 | 所属Vpn实例 |
PE1 | G0/0/0 | 10.0.11.1/24 | vpn1 |
PE1 | G0/0/1 | 12.1.1.1/24 | |
PE1 | G0/0/2 | 10.0.13.1/24 | vpn2 |
PE1 | Loopback 0 | 1.1.1.1/32 | |
PE2 | G0/0/0 | 23.1.1.2/24 | |
PE2 | G0/0/1.10 | 10.0.100.1/24 | vpn1 |
PE2 | G0/0/1.20 | 10.0.101.1/24 | vpn2 |
PE2 | Loopback 0 | 3.3.3.3/32 | |
P | G0/0/0 | 12.1.1.2/24 | |
P | G0/0/1 | 23.1.1.1/24 | |
P | Loopback 0 | 2.2.2.2/32 | |
CE1 | G0/0/0 | 10.0.11.2/24 | |
CE1 | Loopback 0 | 10.10.10.10/32 | |
CE2 | G0/0/0 | 10.0.2.2/24 | |
CE2 | Loopback 0 | 20.20.20.20/32 | |
CE3 | G0/0/0 | 10.0.13.2/24 | |
CE3 | Loopback 0 | 30.30.30.30/32 | |
CE4 | G0/0/0 | 10.0.4.2/24 | |
CE4 | Loopback 0 | 4.4.4.4/32 | |
MCE | G0/0/0.10 | 10.0.100.2/24 | vpn1 |
MCE | G0/0/0.20 | 10.0.101.2/24 | vpn2 |
MCE | G0/0/1 | 10.0.2.1/24 | vpn1 |
MCE | G0/0/2 | 10.0.4,1/24 | vpn2 |
2)配置ISP网络的IGP协议
PE1的配置:
[PE1]ospf
[PE1-ospf-1]area 0
[PE1-ospf-1-area-0.0.0.0]network 12.1.1.0 0.0.0.255
[PE1-ospf-1-area-0.0.0.0]network 1.1.1.1 0.0.0.0
PE2的配置:
[PE2]ospf
[PE2-ospf-1]area 0
[PE2-ospf-1-area-0.0.0.0]network 23.1.1.0 0.0.0.255
[PE2-ospf-1-area-0.0.0.0]network 3.3.3.3 0.0.0.0
P的配置:
[P]ospf
[P-ospf-1]area 0
[P-ospf-1-area-0.0.0.0]network 12.1.1.0 0.0.0.255
[P-ospf-1-area-0.0.0.0]network 2.2.2.2 0.0.0.0
[P-ospf-1-area-0.0.0.0]network 23.1.1.0 0.0.0.255
查看公网路由的学习情况
[P]display ip routing-table protocol ospf
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Public routing table : OSPF
Destinations : 2 Routes : 2
OSPF routing table status : <Active>
Destinations : 2 Routes : 2
Destination/Mask Proto Pre Cost Flags NextHop Interface
1.1.1.1/32 OSPF 10 1 D 12.1.1.1 GigabitEthernet0/0/0
3.3.3.3/32 OSPF 10 1 D 23.1.1.2 GigabitEthernet0/0/1
OSPF routing table status : <Inactive>
Destinations : 0 Routes : 0
3)配置ISP内部的mpls及mpls ldp,建立公网的lsp隧道
PE1的配置:
[PE1]mpls lsr-id 1.1.1.1
[PE1]mpls
[PE1-mpls]q
[PE1]mpls ldp
[PE1-mpls-ldp]q
[PE1]int g0/0/1
[PE1-GigabitEthernet0/0/1]mpls
[PE1-GigabitEthernet0/0/1]mpls ldp
P的配置:
[P]mpls ls
[P]mpls lsr-id 2.2.2.2
[P]mpls
[P-mpls]q
[P]mpls ldp
[P-mpls-ldp]q
[P]interface g0/0/0
[P-GigabitEthernet0/0/0]mpls ldp
[P-GigabitEthernet0/0/0]q
[P]interface g0/0/1
[P-GigabitEthernet0/0/1]mpls
[P-GigabitEthernet0/0/1]mpls ldp
PE2的配置
[PE2]mpls lsr-id 3.3.3.3
[PE2]mpls
[PE2-mpls]q
[PE2]mpls ldp
[PE2-mpls-ldp]q
[PE2]interface g0/0/0
[PE2-GigabitEthernet0/0/0]mpls
[PE2-GigabitEthernet0/0/0]mpls ldp
查看mpls lsp的建立情况
[PE1]display mpls lsp
-------------------------------------------------------------------------------
LSP Information: LDP LSP
-------------------------------------------------------------------------------
FEC In/Out Label In/Out IF Vrf Name
1.1.1.1/32 3/NULL -/-
2.2.2.2/32 NULL/3 -/GE0/0/1
2.2.2.2/32 1024/3 -/GE0/0/1
3.3.3.3/32 NULL/1025 -/GE0/0/1
3.3.3.3/32 1025/1025 -/GE0/0/1
4)配置vpn实例,并且将接口加入到vpn实例中
PE1的配置:
[PE1]ip vpn-instance vpn1
[PE1-vpn-instance-vpn1]route-distinguisher 100:1
[PE1-vpn-instance-vpn1-af-ipv4]vpn-target 1:1 both
[PE1]interface g0/0/0
[PE1-GigabitEthernet0/0/0]ip binding vpn-instance vpn1
[PE1-GigabitEthernet0/0/0]ip address 10.0.11.1 24
PE1的配置:
[PE1]ip vpn-instance vpn2
[PE1-vpn-instance-vpn2]route-distinguisher 200:1
[PE1-vpn-instance-vpn2-af-ipv4]vpn-target 2:2 both
[PE1]interface g0/0/2
[PE1-GigabitEthernet0/0/2]ip binding vpn-instance vpn2
[PE1-GigabitEthernet0/0/2]ip address 10.0.13.1 24
PE2的配置:
[PE2]ip vpn-instance vpn1
[PE2-vpn-instance-vpn1] route-distinguisher 100:2
[PE2-vpn-instance-vpn1-af-ipv4] vpn-target 1:1 both
[PE2]interface g0/0/1.10
[PE2-GigabitEthernet0/0/1.10]ip binding vpn-instance vpn1
[PE2-GigabitEthernet0/0/1.10]ip address 10.0.100.1 24
[PE2-GigabitEthernet0/0/1.10]dot1q termination vid 10
PE2的配置:
[PE2]ip vpn-instance vpn2
[PE2-vpn-instance-vpn2] route-distinguisher 200:2
[PE2-vpn-instance-vpn2-af-ipv4] vpn-target 2:2 both
[PE2]interface g0/0/1.20
[PE2-GigabitEthernet0/0/1.20]ip binding vpn-instance vpn2
[PE2-GigabitEthernet0/0/1.20]ip address 10.0.101.1 24
[PE2-GigabitEthernet0/0/1.20]dot1q termination vid 20
MCE的配置(vpn实例vpn1):
[MCE]ip vpn-instance vpn1
[MCE-vpn-instance-vpn1]route-distinguisher 100:3
[MCE-vpn-instance-vpn1-af-ipv4]vpn-target 1:1 both
[MCE]interface g0/0/0.10
[MCE-GigabitEthernet0/0/0.10]ip binding vpn-instance vpn1
[MCE-GigabitEthernet0/0/0.10]dot1q termination vid 10
[MCE-GigabitEthernet0/0/0.10]ip address 10.0.100.2 24
[MCE]interface g0/0/1
[MCE-GigabitEthernet0/0/1]ip binding vpn-instance vpn1
[MCE-GigabitEthernet0/0/1]ip address 10.0.2.1 24
MCE的配置(vpn实例vpn2):
[MCE]ip vpn-instance vpn2
[MCE-vpn-instance-vpn2]route-distinguisher 200:3
[MCE-vpn-instance-vpn2-af-ipv4]vpn-target 2:2 both
[MCE]interface g0/0/0.20
[MCE-GigabitEthernet0/0/0.20]ip binding vpn-instance vpn2
[MCE-GigabitEthernet0/0/0.20]dot1q termination vid 20
[MCE-GigabitEthernet0/0/0.20]ip address 10.0.101.2 24
[MCE]interface g0/0/2
[MCE-GigabitEthernet0/0/2]ip binding vpn-instance vpn2
[MCE-GigabitEthernet0/0/2]ip address 10.0.4.1 24
注意:由于PE2和MCE要区分两个不同部门的路由,实现业务隔离,因此需要配置两个vpn实例,并且使用子接口的方式,将子接口划分到不同的vpn实例中,实现业务流量和路由层面的隔离。
5)配置PE与CE的路由协议,本案例全部使用ospf
配置公司总部部门A和部门B的ospf协议
PE2的配置:
[PE2]ospf 100 vpn-instance vpn1
[PE2-ospf-100]area 0
[PE2-ospf-100-area-0.0.0.0]network 10.0.100.0 0.0.0.255
[PE2]ospf 200 vpn-instance vpn2
[PE2-ospf-200]area 0
[PE2-ospf-200-area-0.0.0.0]network 10.0.101.0 0.0.0.255
MCE的配置
[MCE]ospf 100 vpn-instance vpn1
[MCE-ospf-100]area 0
[MCE-ospf-100-area-0.0.0.0]network 10.0.100.0 0.0.0.255
[MCE-ospf-100-area-0.0.0.0]network 10.0.2.0 0.0.0.255
[MCE]ospf 200 vpn-instance vpn2
[MCE-ospf-200]area 0
[MCE-ospf-200-area-0.0.0.0]network 10.0.101.0 0.0.0.255
[MCE-ospf-200-area-0.0.0.0]network 10.0.4.0 0.0.0.255
CE2的配置
[CE2]ospf 100
[CE2-ospf-100]area 0
[CE2-ospf-100-area-0.0.0.0]network 10.0.2.0 0.0.0.255
[CE2-ospf-100-area-0.0.0.0]network 20.20.20.20 0.0.0.0
CE4的配置
[CE4]ospf 200
[CE4-ospf-200]area 0
[CE4-ospf-200-area-0.0.0.0]network 10.0.4.0 0.0.0.255
[CE4-ospf-200-area-0.0.0.0]network 40.40.40.40 0.0.0.0
查看MCE的ospf邻居关系
<MCE>display ospf peer brief
OSPF Process 100 with Router ID 10.0.100.2
Peer Statistic Information
----------------------------------------------------------------------------
Area Id Interface Neighbor id State
0.0.0.0 GigabitEthernet0/0/0.10 10.0.100.1 Full
0.0.0.0 GigabitEthernet0/0/1 10.0.2.2 Full
----------------------------------------------------------------------------
OSPF Process 200 with Router ID 10.0.101.2
Peer Statistic Information
----------------------------------------------------------------------------
Area Id Interface Neighbor id State
0.0.0.0 GigabitEthernet0/0/0.20 10.0.101.1 Full
0.0.0.0 GigabitEthernet0/0/2 10.0.4.2 Full
----------------------------------------------------------------------------
可以看到MCE与PE2以及CE2、CE4建立了ospf的邻居关系
查看MCE的路由表
Vpn实例vpn1的路由表
<MCE>display ip routing-table vpn-instance vpn1
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: vpn1
Destinations : 8 Routes : 8
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.2.0/24 Direct 0 0 D 10.0.2.1 GigabitEthernet0/0/1
10.0.2.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/1
10.0.2.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/1
10.0.100.0/24 Direct 0 0 D 10.0.100.2 GigabitEthernet0/0/0.10
10.0.100.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0.10
10.0.100.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0.10
20.20.20.20/32 OSPF 10 1 D 10.0.2.2 GigabitEthernet0/0/1
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
结果表明能够学习到20.20.20.20/32的路由。
Vpn实例vpn2的路由表
<MCE>display ip routing-table vpn-instance vpn2
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: vpn2
Destinations : 8 Routes : 8
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.4.0/24 Direct 0 0 D 10.0.4.1 GigabitEthernet0/0/2
10.0.4.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/2
10.0.4.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/2
10.0.101.0/24 Direct 0 0 D 10.0.101.2 GigabitEthernet0/0/0.20
10.0.101.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0.20
10.0.101.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0.20
40.40.40.40/32 OSPF 10 1 D 10.0.4.2 GigabitEthernet0/0/2
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
结果表明能够学习到40.40.40.40/32的路由。
配置公司分部和PE之间的路由协议
PE1的配置:
[PE1]ospf 100 vpn-instance vpn1
[PE1-ospf-100]area 0
[PE1-ospf-100-area-0.0.0.0]network 10.0.11.0 0.0.0.255
[PE1]ospf 200 vpn-instance vpn2
[PE1-ospf-200]area 0
[PE1-ospf-200-area-0.0.0.0]network 10.0.13.0 0.0.0.255
CE1的配置:
[CE1]ospf 100
[CE1-ospf-100]area 0
[CE1-ospf-100-area-0.0.0.0]network 10.10.10.10 0.0.0.0
[CE1-ospf-100-area-0.0.0.0]network 10.0.11.0 0.0.0.255
CE3的配置:
[CE3]ospf 200
[CE3-ospf-200]area 0
[CE3-ospf-200-area-0.0.0.0]network 10.0.13.0 0.0.0.255
[CE3-ospf-200-area-0.0.0.0]network 30.30.30.30 0.0.0.0
6)配置PE之间的mp-bgp
配置MP-BGP的邻居关系
PE1的配置:
[PE1]bgp 100
[PE1-bgp]peer 3.3.3.3 as-number 100
[PE1-bgp]peer 3.3.3.3 connect-interface LoopBack 0
[PE1-bgp]ipv4-family vpnv4
[PE1-bgp-af-vpnv4]peer 3.3.3.3 enable
PE2的配置:
[PE2]bgp 100
[PE2-bgp]peer 1.1.1.1 as-number 100
[PE2-bgp]peer 1.1.1.1 connect-interface LoopBack 0
[PE2-bgp]ipv4-family vpnv4
[PE2-bgp-af-vpnv4]peer 1.1.1.1 enable
查看PE1的vpnv4邻居是否建立:
[PE1]display bgp vpnv4 all peer
BGP local router ID : 12.1.1.1
Local AS number : 100
Total number of peers : 1 Peers in established state : 1
Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv
3.3.3.3 4 100 2 3 0 00:00:49 Established 0
在PE将从CE学习到的ospf路由引入到BGP中,通过MP-BGP传递给对端PE,并且将BGP的路由引入到ospf中,发布给CE设备。
PE1的配置:
[PE1]bgp 100
[PE1-bgp]ipv4-family vpn-instance vpn1
[PE1-bgp-vpn1]import-route ospf 100
[PE1-bgp-vpn1]q
[PE1-bgp]ipv4-family vpn-instance vpn2
[PE1-bgp-vpn2]import-route ospf 200
[PE1]ospf 100
[PE1-ospf-100]import-route bgp
[PE1]ospf 200
[PE1-ospf-200]import-route bgp
PE2的配置:
[PE2]bgp 100
[PE2-bgp]ipv4-family vpn-instance vpn1
[PE2-bgp-vpn1]import-route ospf 100
[PE2-bgp-vpn1]q
[PE2-bgp]ipv4-family vpn-instance vpn2
[PE2-bgp-vpn2]import-route ospf 200
[PE2]ospf 100
[PE2-ospf-100]import-route bgp
[PE2]ospf 200
[PE2-ospf-200]import-route bgp
查看PE2的BGP vpnv4路由:
查看vpn实例vpn1的路由表
[PE2]display bgp vpnv4 vpn-instance vpn1 routing-table
BGP Local router ID is 23.1.1.2
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
VPN-Instance vpn1, Router ID 23.1.1.2:
Total Number of Routes: 5
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 10.0.2.0/24 0.0.0.0 3 0 ?
*>i 10.0.11.0/24 1.1.1.1 0 100 0 ?
*> 10.0.100.0/24 0.0.0.0 0 0 ?
*>i 10.10.10.10/32 1.1.1.1 2 100 0 ?
*> 20.20.20.20/32 0.0.0.0 3 0 ?
结果表明,包含CE1(10.10.10.10)和CE2(20.20.20.20)的路由信息。
查看vpn实例vpn2的路由表
[PE2]display bgp vpnv4 vpn-instance vpn2 routing-table
BGP Local router ID is 23.1.1.2
Status codes: * - valid, > - best, d - damped,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
VPN-Instance vpn2, Router ID 23.1.1.2:
Total Number of Routes: 5
Network NextHop MED LocPrf PrefVal Path/Ogn
*> 10.0.4.0/24 0.0.0.0 3 0 ?
*>i 10.0.13.0/24 1.1.1.1 0 100 0 ?
*> 10.0.101.0/24 0.0.0.0 0 0 ?
*>i 30.30.30.30/32 1.1.1.1 2 100 0 ?
*> 40.40.40.40/32 0.0.0.0 3 0 ?
结果表明,包含CE3(30.30.30.30)和CE4(40.40.40.40)的路由信息。
以vpn实例vpn1的站点为例,查看CE1和CE2的路由表:
<CE1>display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 11 Routes : 11
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.2.0/24 OSPF 10 4 D 10.0.11.1 GigabitEthernet0/0/0
10.0.11.0/24 Direct 0 0 D 10.0.11.2 GigabitEthernet0/0/0
10.0.11.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0
10.0.11.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0
10.0.100.0/24 O_ASE 150 1 D 10.0.11.1 GigabitEthernet0/0/0
10.10.10.10/32 Direct 0 0 D 127.0.0.1 LoopBack0
20.20.20.20/32 OSPF 10 4 D 10.0.11.1 GigabitEthernet0/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
<CE2>display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 11 Routes : 11
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.2.0/24 Direct 0 0 D 10.0.2.2 GigabitEthernet0/0/0
10.0.2.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0
10.0.2.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0
10.0.11.0/24 O_ASE 150 1 D 10.0.2.1 GigabitEthernet0/0/0
10.0.100.0/24 OSPF 10 2 D 10.0.2.1 GigabitEthernet0/0/0
10.10.10.10/32 OSPF 10 4 D 10.0.2.1 GigabitEthernet0/0/0
20.20.20.20/32 Direct 0 0 D 127.0.0.1 LoopBack0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
结果表明CE1能够学习到CE2的20.20.20.20/32的路由,但是CE2无法学习到CE1的10.10.10.10/32的路由。
查看MCE的vpn实例路由表,
[MCE]display ip routing-table vpn-instance vpn1
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: vpn1
Destinations : 8 Routes : 8
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.2.0/24 Direct 0 0 D 10.0.2.1 GigabitEthernet0/0/1
10.0.2.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/1
10.0.2.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/1
10.0.100.0/24 Direct 0 0 D 10.0.100.2 GigabitEthernet0/0/0.10
10.0.100.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0.10
10.0.100.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0.10
20.20.20.20/32 OSPF 10 1 D 10.0.2.2 GigabitEthernet0/0/1
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
结果表明,MCE并没有10.10.10.10/32的路由信息。但是与PE2的ospf邻居可以正常建立。
查看MCE的ospf 100的lsdb。
[MCE]display ospf 100 lsdb
OSPF Process 100 with Router ID 10.0.100.2
Link State Database
Area: 0.0.0.0
Type LinkState ID AdvRouter Age Len Sequence Metric
Router 10.0.2.2 10.0.2.2 494 48 80000004 1
Router 10.0.100.2 10.0.100.2 489 48 80000008 1
Router 10.0.100.1 10.0.100.1 599 36 80000005 1
Network 10.0.2.1 10.0.100.2 489 32 80000002 0
Network 10.0.100.1 10.0.100.1 599 32 80000002 0
Sum-Net 10.10.10.10 10.0.100.1 134 28 80000001 2
AS External Database
Type LinkState ID AdvRouter Age Len Sequence Metric
External 10.0.11.0 10.0.100.1 134 36 80000001 1
结果表明,可以学习到10.10.10.10这条3类lsa,但是并没有产生10.10.10.10/32的ospf路由。原因是由于为了防止环路,OSPF多实例进程使用LSA Options域中一个原先未使用的比特作为标志位,称为DN位。当设备收到DN置位的lsa时,将执行接收不计算的动作,因此需要在ospf进程中关闭该功能。
在MCE中关闭环路检测功能
MCE的配置:
[MCE]ospf 100
[MCE-ospf-100]vpn-instance-capability simple//用来禁止路由环路检测,直接进行路由计算。
[MCE]ospf 200
[MCE-ospf-200]vpn-instance-capability simple
再次查看MCE的vpn实例vpn1的路由表
[MCE]display ip routing-table vpn-instance vpn1
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: vpn1
Destinations : 10 Routes : 10
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.2.0/24 Direct 0 0 D 10.0.2.1 GigabitEthernet0/0/1
10.0.2.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/1
10.0.2.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/1
10.0.11.0/24 O_ASE 150 1 D 10.0.100.1 GigabitEthernet0/0/0.10
10.0.100.0/24 Direct 0 0 D 10.0.100.2 GigabitEthernet0/0/0.10
10.0.100.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0.10
10.0.100.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0.10
10.10.10.10/32 OSPF 10 3 D 10.0.100.1 GigabitEthernet0/0/0.10
20.20.20.20/32 OSPF 10 1 D 10.0.2.2 GigabitEthernet0/0/1
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
结果表明,可以正常学习到10.10.10.10/32的路由信息。
查看CE2的路由表
<CE2>display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 11 Routes : 11
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.0.2.0/24 Direct 0 0 D 10.0.2.2 GigabitEthernet0/0/0
10.0.2.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0
10.0.2.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0
10.0.11.0/24 O_ASE 150 1 D 10.0.2.1 GigabitEthernet0/0/0
10.0.100.0/24 OSPF 10 2 D 10.0.2.1 GigabitEthernet0/0/0
10.10.10.10/32 OSPF 10 4 D 10.0.2.1 GigabitEthernet0/0/0
20.20.20.20/32 Direct 0 0 D 127.0.0.1 LoopBack0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
结果表明,也可以正常学习到10.10.10.10/32的路由信息。
7)测试实验结果
<CE1>ping 20.20.20.20
PING 20.20.20.20: 56 data bytes, press CTRL_C to break
Reply from 20.20.20.20: bytes=56 Sequence=1 ttl=251 time=50 ms
Reply from 20.20.20.20: bytes=56 Sequence=2 ttl=251 time=40 ms
Reply from 20.20.20.20: bytes=56 Sequence=3 ttl=251 time=50 ms
Reply from 20.20.20.20: bytes=56 Sequence=4 ttl=251 time=50 ms
Reply from 20.20.20.20: bytes=56 Sequence=5 ttl=251 time=40 ms
--- 20.20.20.20 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 40/46/50 ms
<CE1>ping 40.40.40.40
PING 40.40.40.40: 56 data bytes, press CTRL_C to break
Request time out
Request time out
Request time out
Request time out
Request time out
--- 40.40.40.40 ping statistics ---
5 packet(s) transmitted
0 packet(s) received
100.00% packet loss
CE1可以正常访问CE2,但是无法访问CE4。
<CE3>ping 40.40.40.40
PING 40.40.40.40: 56 data bytes, press CTRL_C to break
Reply from 40.40.40.40: bytes=56 Sequence=1 ttl=251 time=60 ms
Reply from 40.40.40.40: bytes=56 Sequence=2 ttl=251 time=50 ms
Reply from 40.40.40.40: bytes=56 Sequence=3 ttl=251 time=50 ms
Reply from 40.40.40.40: bytes=56 Sequence=4 ttl=251 time=40 ms
Reply from 40.40.40.40: bytes=56 Sequence=5 ttl=251 time=40 ms
--- 40.40.40.40 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 40/48/60 ms
<CE3>ping 20.20.20.20
PING 20.20.20.20: 56 data bytes, press CTRL_C to break
Request time out
Request time out
Request time out
Request time out
Request time out
--- 20.20.20.20 ping statistics ---
5 packet(s) transmitted
0 packet(s) received
100.00% packet loss