[eNSP]DHCP+MPLS VPN配置

两个私网通过MPLS VPN跨运营商互通, 运营商网络使用OSPF

0. 拓扑图

拓扑图
拓扑图

1. IP 编址

[R1]
#
interface GigabitEthernet0/0/0
 ip address 100.0.12.1 255.255.255.0
#
interface GigabitEthernet0/0/1
 ip address 100.0.14.1 255.255.255.0
#
interface LoopBack0
 ip address 1.1.1.1 255.255.255.255

[R2]
#
interface GigabitEthernet0/0/0
 ip address 100.0.12.2 255.255.255.0
#
interface GigabitEthernet0/0/1
 ip address 100.0.23.2 255.255.255.0
#
interface LoopBack0
 ip address 2.2.2.2 255.255.255.255

[R3]
#
interface GigabitEthernet0/0/0
 ip address 10.0.35.3 255.255.255.0
#
interface GigabitEthernet0/0/1
 ip address 10.0.23.3 255.255.255.0
#
interface LoopBack0
 ip address 3.3.3.3 255.255.255.255

[R4]
#
interface GigabitEthernet0/0/1
 ip address 100.0.14.4 255.255.255.0
#
interface GigabitEthernet0/0/2
 ip address 10.0.10.254 255.255.255.0

[R5]
#
interface GigabitEthernet0/0/0
 ip address 100.0.35.5 255.255.255.0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
 ip address 10.0.20.254 255.255.255.0

2. 配置分部DHCP

[R4] //全局地址池
#
dhcp enable
#
ip pool A
 gateway-list 10.0.10.254
 network 10.0.10.0 mask 255.255.255.0
 excluded-ip-address 10.0.10.253
 lease day 1 hour 12 minute 0
 dns-list 10.0.10.253

interface GigabitEthernet0/0/2
 dhcp select global

[R5] //接口地址池
#
dhcp enable
#
interface GigabitEthernet0/0/2
 dhcp select interface
 dhcp server excluded-ip-address 10.0.20.253
 dhcp server lease day 1 hour 12 minute 0
 dhcp server dns-list 10.0.20.253

3. 运营商网络OSPF

[R1]
#
router id 1.1.1.1
#
ospf 1 router-id 1.1.1.1
 area 0.0.0.0
  network 100.0.12.0 0.0.0.255
  network 1.1.1.1 0.0.0.0

[R2]
#
router id 2.2.2.2
#
ospf 1 router-id 2.2.2.2
 area 0.0.0.0
  network 100.0.12.0 0.0.0.255
  network 100.0.23.0 0.0.0.255
  network 2.2.2.2 0.0.0.0

[R3]
#
router id 3.3.3.3
#
ospf 1 router-id 3.3.3.3
 area 0.0.0.0
  network 100.0.23.0 0.0.0.255
  network 3.3.3.3 0.0.0.0

4. 配置运营商网络边缘设备的 VPN实例

[R1]
#
ip vpn-instance VPN1
 ipv4-family
  route-distinguisher 222:222
  vpn-target 12:3 export-extcommunity
  vpn-target 12:3 import-extcommunity
#
interface GigabitEthernet0/0/1
 ip binding vpn-instance VPN1
 ip address 100.0.14.1 255.255.255.0

[R3]
#
ip vpn-instance VPN1
 ipv4-family
  route-distinguisher 111:222
  vpn-target 12:3 export-extcommunity
  vpn-target 12:3 import-extcommunity
#
interface GigabitEthernet0/0/0
 ip binding vpn-instance VPN1
 ip address 100.0.35.3 255.255.255.0

5. 配置客户网络边缘设备与运营商网络边缘设备使用 BGP 协议传递路由

[R4]
#
bgp 100
 peer 100.0.14.1 as-number 123
  network 10.0.10.0 255.255.255.0

[R1]
#
bgp 123
 #
 ipv4-family vpn-instance VPN1
  peer 100.0.14.4 as-number 100

[R5]
#
bgp 200
 peer 100.0.35.3 as-number 123
  network 10.0.20.0 255.255.255.0

[R3]
#
bgp 123
 #
 ipv4-family vpn-instance VPN1
  peer 100.0.35.5 as-number 200

6. 配置运营商网络边缘设备使用 MP-BGP 协议传递客户的私网路由

[R1]
bgp 123
 peer 3.3.3.3 as-number 123 
 peer 3.3.3.3 connect-interface LoopBack0
 # 
 ipv4-family vpnv4 unicast 
  peer 3.3.3.3 enable

[R3]
bgp 123
 peer 1.1.1.1 as-number 123 
 peer 1.1.1.1 connect-interface LoopBack0
 # 
 ipv4-family vpnv4 unicast 
  peer 1.1.1.1 enable

7. 配置(所有)运营商网络设备使用 MPLS LDP 协议转发客户的私网数据

[R1]
#
mpls lsr-id 1.1.1.1
mpls
#
mpls ldp
#
interface GigabitEthernet0/0/0
 mpls
 mpls ldp

[R2]
#
mpls lsr-id 2.2.2.2
mpls
#
mpls ldp
#
interface GigabitEthernet0/0/0
 mpls
 mpls ldp
interface GigabitEthernet0/0/1
 mpls
 mpls ldp

[R3]
#
mpls lsr-id 3.3.3.3
mpls
#
mpls ldp
#
interface GigabitEthernet0/0/1
 mpls
 mpls ldp

8. 检查

<R3>dis ip routing-table vpn-instance v1

添加新评论

已有 5 条评论

waleslau waleslau 回复 @冬马的白色相簿

非也非也 我当初学没这玩意的时候也是这么以为的。

waleslau waleslau 回复 @冬马的白色相簿

怎么说呢,本文这个VPN是连接两个局域网的,而通常我们所说的VPN是类似代理服务器的东西

两个独立的局域网连接在一起,合成一个大的局域网

waleslau waleslau 回复 @冬马的白色相簿

哈哈,这么说吧。假如说北京有一个公司,这个公司在上海有个分公司。公司的高层想在外界无法查看到他们公司的网络情况的前提下,把总公司和分公司给连接起来。这种情况下有两种解决方案,一种是专门拉一条网线过去搞专线(成本太高。)另一种方法就是架设VPN。一般来说,大部分企业在这种情况下用的都是VPN,那种财大气粗的可能会拉专线。 VPN又有很多种实现方式。我这个只是其中一种的基本实现。