实验：MPLS VPN的使用（HCIP)

目录

一、实验要求与拓扑搭建

二、实验过程

2.1 子网划分，配置IP以及环回地址

2.2 OSPF实现公网可达

2.3 建立MPLS VPN隧道

2.4 在私网路由搭建VPN隧道

2.4.1 R2与R4进行双向重发布

2.5 静态路由实现MPLS VPN互通

---

一、实验要求与拓扑搭建

二、实验过程

2.1 子网划分，配置IP以及环回地址

R2：LoopBack0? 2.2.2.2/24
? ? ? ? G0/0/1? 23.1.1.1/24
R3：LoopBack0? 3.3.3.3/24
? ? ? ? G0/0/0? 23.1.1.2/24? ? G0/0/1： 34.1.1.1/24
R4：LoopBack0? ?4.4.4.4/24
? ? ? ? G0/0/0：34.1.1.2/24? ? G0/0/2： 47.1.1.1/24
R7：G0/0/2：47.1.1.2/24

2.2 OSPF实现公网可达

[r3]ospf 1 router-id 3.3.3.3
[r3-ospf-1]area 0
[r3-ospf-1-area-0.0.0.0]network 23.1.1.2 0.0.0.0
[r3-ospf-1-area-0.0.0.0]network 34.1.1.1?0.0.0.0
[r3-ospf-1-area-0.0.0.0]network 3.3.3.3 0.0.0.0

[r4]ospf 1 router-id 4.4.4.4
[r4-ospf-1]area 0
[r4-ospf-1-area-0.0.0.0]network 34.1.1.2 0.0.0.0
[r4-ospf-1-area-0.0.0.0]network 47.1.1.1 0.0.0.0
[r4-ospf-1-area-0.0.0.0]network 4.4.4.4 0.0.0.0

沉默R4的G0/0/2接口，使其不接受hello包：[r4-ospf-1]silent-interface g0/0/2
R7上写静态路由实现公网通讯：[r7]ip route-static 0.0.0.0 0 47.1.1.1

2.3 建立MPLS VPN隧道

[r2]mpls lsr-id 2.2.2.2
[r2]mpls
Info: Mpls starting, please wait... OK!
[r2-mpls]mpls ldp
[r2-mpls-ldp]int g0/0/1
[r2-GigabitEthernet0/0/1]mpls?
[r2-GigabitEthernet0/0/1]mpls ldp

[r3]mpls lsr-id 3.3.3.3
[r3]mpls
Info: Mpls starting, please wait... OK!
[r3-mpls]mpls ldp
[r3-mpls-ldp]int g0/0/0
[r3-GigabitEthernet0/0/0]mpls?
[r3-GigabitEthernet0/0/0]mpls ldp
[r3-mpls-ldp]int g0/0/1
[r3-GigabitEthernet0/0/1]mpls?
[r3-GigabitEthernet0/0/1]mpls ldp

[r4]mpls lsr-id 4.4.4.4
[r4]mpls
Info: Mpls starting, please wait... OK!
[r4-mpls]mpls ldp
[r4-mpls-ldp]int g0/0/0
[r4-GigabitEthernet0/0/0]mpls?
[r4-GigabitEthernet0/0/0]mpls ldp

[r2]ip vpn-instance b1
[r2-vpn-instance-b1]route-?? ?
[r2-vpn-instance-b1]route-distinguisher 1:1
[r2-vpn-instance-b1-af-ipv4]vpn-target 1:1
?IVT Assignment result:?
Info: VPN-Target assignment is successful.
?EVT Assignment result:?
Info: VPN-Target assignment is successful.
[r2-vpn-instance-b1-af-ipv4]q
[r2-vpn-instance-b1]q
[r2]int g0/0/0
[r2-GigabitEthernet0/0/0]ip binding vpn-instance b1?
Info: All IPv4 related configurations on this interface are removed!
Info: All IPv6 related configurations on this interface are removed!
[r2-GigabitEthernet0/0/0]ip add 192.168.2.2 24
[r2]display ?ip routing-table vpn-instance b1 （必须在虚拟路由表中查看）

注：虽然IP在同一网段同一主机位，但在不同的虚拟空间就不可能有联系，所以需要建立MPLS BGP实现连通；

[r4]bgp 1
[r4-bgp]router-id 4.4.4.4
[r4-bgp]peer 2.2.2.2 as-number 1
[r4-bgp]peer 2.2.2.2 connect-interface LoopBack 0
[r4-bgp]ipv4-family vpnv4
[r4-bgp-af-vpnv4]peer 2.2.2.2 enable

[r4]ip vpn-instance a2
[r4-vpn-instance-a2]route-distinguisher 2:2
[r4-vpn-instance-a2-af-ipv4]vpn-target 2:2
?IVT Assignment result:?
Info: VPN-Target assignment is successful.
?EVT Assignment result:?
Info: VPN-Target assignment is successful.
[r4-vpn-instance-a2-af-ipv4]int g0/0/1? ?
[r4-GigabitEthernet0/0/1]ip binding vpn-instance b2
Info: All IPv4 related configurations on this interface are removed!
Info: All IPv6 related configurations on this interface are removed!
[r4-GigabitEthernet0/0/1]ip add 192.168.3.1 24
[r4-GigabitEthernet0/0/1]int g4/0/0
[r4-GigabitEthernet4/0/0]ip binding vpn-instance a2
Info: All IPv4 related configurations on this interface are removed!
Info: All IPv6 related configurations on this interface are removed!
[r4-GigabitEthernet4/0/0]ip add 192.168.3.1 24

2.4 在私网路由搭建VPN隧道

[r1-GigabitEthernet0/0/1]ip add 192.168.2.1 24
[r1-LoopBack0]ip add 192.168.1.1 24
[r6-GigabitEthernet0/0/2]ip add 192.168.2.1 24
[r6-LoopBack0]ip add 192.168.1.1 24
[r5-GigabitEthernet0/0/0]ip add 192.168.3.2 24
[r5-LoopBack0]ip add 192.168.4.1 24
[r7-GigabitEthernet0/0/0]ip add 192.168.3.2 24
[r7-LoopBack0]ip add 192.168.4.2 24

[r4]ospf 2 vpn-instance a2
[r4-ospf-2]area 0
[r4-ospf-2-area-0.0.0.0]network 192.168.3.1 0.0.0.0

2.4.1 R2与R4进行双向重发布

[r2]rip 1 vpn-instance a1
[r2-rip-1]version 2
[r2-rip-1]undo summary
[r2-rip-1]network 192.168.2.0
[r2-rip-1]q
[r2]rip 1 vpn-instance a1
[r2-rip-1]import-route bgp
[r2-rip-1]q
[r2]bgp 1
[r2-bgp]ipv4-family vpn-instance a1
[r2-bgp-a1]import-route rip 1

此时，R6与R7已通；

2.5 静态路由实现MPLS VPN互通

[r1]ip route-static 192.168.3.0 24 192.168.2.2
[r1]ip route-static 192.168.4.0 24 192.168.2.2

[r2]ip route-static vpn-instance b1 192.168.1.0 24 192.168.2.1
[r2]bgp 1
[r2-bgp]ipv4-family vpn-instance b1
[r2-bgp-b1]import-route direct
[r2-bgp-b1]import-route static

[r4]ip route-static vpn-instance b2 192.168.4.0 24 192.168.3.2

[r5]ip route-static 192.168.1.0 24 192.168.3.1
[r5]ip route-static 192.168.2.0 24 192.168.3.1

最后在R4上进行重发布即可实现实验要求：
[r4]bgp 1
[r4-bgp]ipv4-family vpn-instance b2
[r4-bgp-b2]import-route direct?? ?? ?
[r4-bgp-b2]import-route static?

实验完成，在实验过程中有许多环节个人还是存在很多疑虑，欢迎大家共同讨论!
?