华为设备配置BGP/MPLS IP 虚拟专用网

1.配置IP地址
[PE1-LoopBack0]ip add 1.1.1.1 32
[PE1-GigabitEthernet0/0/0]ip add 20.1.1.1 24
[PE1-GigabitEthernet0/0/1]ip add 10.1.1.1 24
[PE1-GigabitEthernet0/0/2]ip add 10.2.1.1 24
[P-LoopBack0]ip add 2.2.2.2 32
[P-GigabitEthernet0/0/0]ip add 20.1.1.2 24
[P-GigabitEthernet0/0/1]ip add 30.1.1.2 24
[PE2-LoopBack0]ip add 3.3.3.3 32
[PE2-GigabitEthernet0/0/0]ip add 30.1.1.3 24
[PE2-GigabitEthernet0/0/1]ip add 10.3.1.3 24
[PE2-GigabitEthernet0/0/2]ip add 10.4.1.3 24
[CE1-GigabitEthernet0/0/0]ip add 10.1.1.10 24
[CE2-GigabitEthernet0/0/0]ip add 10.2.1.20 24
[CE3-GigabitEthernet0/0/0]ip add 10.3.1.30 24
[CE4-GigabitEthernet0/0/0]ip add 10.4.1.40 24
2.在PE1、P、PE2配置OSPF协议
[PE1]ospf 1
[PE1-ospf-1]area 0
[PE1-ospf-1-area-0.0.0.0]network 20.1.1.0 0.0.0.255
[PE1-ospf-1-area-0.0.0.0]network 1.1.1.1 0.0.0.0
[P]ospf 1
[P-ospf-1]area 0
[P-ospf-1-area-0.0.0.0]network 20.1.1.0 0.0.0.255
[P-ospf-1-area-0.0.0.0]network 30.1.1.0 0.0.0.255
[P-ospf-1-area-0.0.0.0]network 2.2.2.2 0.0.0.0
[PE2]ospf 1
[PE2-ospf-1]area 0
[PE2-ospf-1-area-0.0.0.0]network 3.3.3.3 0.0.0.0
[PE2-ospf-1-area-0.0.0.0]network 30.1.1.0 0.0.0.255
3. 在PE1、P、PE2配置MPLS基本能力和MPLS LDP，建立LDP LSP
[PE1]mpls lsr-id 1.1.1.1
[PE1]mpls
[PE1]mpls ldp
[PE1-GigabitEthernet0/0/0]mpls
[PE1-GigabitEthernet0/0/0]mpls ldp
[P]mpls lsr-id 2.2.2.2
[P]mpls
[P]mpls ldp
[P-GigabitEthernet0/0/0]mpls
[P-GigabitEthernet0/0/0]mpls ldp
[P-GigabitEthernet0/0/1]mpls
[P-GigabitEthernet0/0/1]mpls ldp
[PE2]mpls lsr-id 3.3.3.3
[PE2]mpls
[PE2]mpls ldp
[PE2-GigabitEthernet0/0/0]mpls
[PE2-GigabitEthernet0/0/0]mpls ldp

4. 在PE设备上配置VPN实例，将CE接入PE
   [PE1]ip -instance a
   [PE1--instance-a]route-distinguisher 100:1
   [PE1--instance-a-af-ipv4]-target 111:1 both
   [PE1]ip -instance b
   [PE1--instance-b]route-distinguisher 100:2
   [PE1--instance-b-af-ipv4]-target 222:2 both
   [PE1-GigabitEthernet0/0/1]ip binding -instance a
   [PE1-GigabitEthernet0/0/1]ip add 10.1.1.1 24
   [PE1-GigabitEthernet0/0/2]ip binding -instance b
   [PE1-GigabitEthernet0/0/2]ip add 10.2.1.1 24
   [PE2]ip -instance a
   [PE2--instance-a]route-distinguisher 200:1
   [PE2--instance-a-af-ipv4]-target 111:1 both
   [PE2]ip -instance b
   [PE2--instance-b]route-distinguisher 200:2
   [PE2--instance-b-af-ipv4]-target 222:2 both
   [PE2-GigabitEthernet0/0/1]ip binding -instance a
   [PE2-GigabitEthernet0/0/1]ip add 10.3.1.3 24
   [PE2-GigabitEthernet0/0/2]ip binding -instance b
   [PE2-GigabitEthernet0/0/2]ip add 10.4.1.3 24
   
   

5. 在PE与CE之间建立EBGP对等体关系，引入VPN路由
   [CE1]bgp 65410
   [CE1-bgp]peer 10.1.1.1 as-number 100
   [CE1-bgp]import-route direct
   [CE2]bgp 65420
   [CE2-bgp]peer 10.2.1.1 as-number 100
   [CE2-bgp]import-route direct
   [CE3]bgp 65430
   [CE3-bgp]peer 10.3.1.3 as-number 100
   [CE3-bgp]import-route direct
   [CE4]bgp 65440
   [CE4-bgp]peer 10.4.1.3 as-number 100
   [CE4-bgp]import-route direct
   [PE1]bgp 100
   [PE1-bgp]ipv4-family -instance a
   [PE1-bgp-a]peer 10.1.1.10 as-number 65410
   [PE1-bgp-a]import-route direct
   [PE1-bgp]ipv4-family -instance b
   [PE1-bgp-b]peer 10.2.1.20 as-number 65420
   [PE1-bgp-b]import-route direct
   [PE2]bgp 100
   [PE2-bgp]ipv4-family -instance a
   [PE2-bgp-a]peer 10.3.1.30 as-number 65430
   [PE2-bgp-a]import-route direct
   [PE2-bgp]ipv4-family -instance b
   [PE2-bgp-b]peer 10.4.1.40 as-number 65440
   [PE2-bgp-b]import-route direct
   
   

6. 在PE之间建立MP-IBGP对等体关系
   [PE1]bgp 100
   [PE1-bgp]peer 3.3.3.3 as-number 100
   [PE1-bgp]peer 3.3.3.3 connect-interface LoopBack 0
   [PE1-bgp]ipv4-family v4
   [PE1-bgp-af-v4]peer 3.3.3.3 enable
   [PE2]bgp 100
   [PE2-bgp]peer 1.1.1.1 as-number 100
   [PE2-bgp]peer 1.1.1.1 connect-interface LoopBack 0
   [PE2-bgp]ipv4-family v4
   [PE2-bgp-af-v4]peer 1.1.1.1 enable
   

7. 检查配置
   
   

同一VPN的CE能够相互Ping通，不同VPN的CE不能相互Ping通