组网需求
分部1与分部2只能与总部通信,分部之间不能通信。根据图上信息进行正确配置,使总部的用户能正确访问各分部的用户。
分部与总部之间采用MPLS VPN进行通信,用户与运营商之间使用BGP协议传递路由。分部1被划分到VPN1中,使用的RD为1:1,Export Target=12:3,Import Target=3:12;分部2被划分到VPN2中,使用的RD为2:2,Export Target=12:3,Import Target=3:12;总部被划分到VPN3中,使用的RD为3:3,Export Target=3:12,Import Target=12:3。
拓扑图:https://pan.quark.cn/s/a0a2e284b0be
配置思路
如上图所示,配置MPLS VPN需要从以下两个方面考虑:
用户侧设备的配置:
主要考虑CE与PE之间使用何种协议将私网路由传递到运营商网络
运营商骨干网络的配置,运营商骨干网络的配置需要从以下三个方面考虑:
运营商骨干网络IGP协议的配置,保证运营商网络路由可达;
VPN的配置,将私网路由通过运营商设备封装并传递;
MP-BGP与MPLS协议的配置,实现私网路由的传递与标签隧道的建立。
操作步骤
1.配置各接口IP地址
CE1
#进入系统视图
<Huawei>system-view
#修改设备名称
[Huawei]sysname CE1
#进入接口GE0/0/0视图
[CE1]interface GigabitEthernet0/0/0
#为接口GE0/0/0配置IP地址为10.1.1.1,子网掩码都为255.255.255.0
[CE1-GigabitEthernet0/0/0]ip address 10.1.1.1 24
[CE1-GigabitEthernet0/0/0]q
[CE1]interface LoopBack1
[CE1-LoopBack1]ip address 172.16.1.1 32
[CE1-LoopBack1]qCE2
<Huawei>system-view
[Huawei]sysname CE2
[CE2]interface GigabitEthernet0/0/0
[CE2-GigabitEthernet0/0/0]ip address 10.1.2.1 24
[CE2-GigabitEthernet0/0/0]q
[CE2]interface LoopBack1
[CE2-LoopBack1]ip address 172.16.2.1 32
[CE2-LoopBack1]qPE1
<Huawei>system-view
[Huawei]sysname PE1
[PE1]interface GigabitEthernet0/0/0
[PE1-GigabitEthernet0/0/0]ip address 10.1.12.1 24
[PE1-GigabitEthernet0/0/0]q
[PE1]interface GigabitEthernet0/0/1
[PE1-GigabitEthernet0/0/1]ip address 10.1.1.2 24
[PE1-GigabitEthernet0/0/1]q
[PE1]interface GigabitEthernet0/0/2
[PE1-GigabitEthernet0/0/2]ip address 10.1.2.2 24
[PE1-GigabitEthernet0/0/2]q
[PE1]interface LoopBack1
[PE1-LoopBack1]ip address 1.1.1.1 32
[PE1-LoopBack1]ip address 1.1.1.1 32P
<Huawei>system-view
[Huawei]sysname P
[P]interface GigabitEthernet0/0/0
[P-GigabitEthernet0/0/0]ip address 10.1.12.2 24
[P-GigabitEthernet0/0/0]q
[P]interface GigabitEthernet0/0/1
[P-GigabitEthernet0/0/1]ip address 10.1.21.2 24
[P-GigabitEthernet0/0/1]q
[P]interface LoopBack1
[P-LoopBack1]ip address 2.2.2.2 32
[P-LoopBack1]qPE2
<Huawei>system-view
[Huawei]sysname PE2
[PE2]interface GigabitEthernet0/0/0
[PE2-GigabitEthernet0/0/0]ip address 10.1.3.2 24
[PE2-GigabitEthernet0/0/0]q
[PE2]interface GigabitEthernet0/0/1
[PE2-GigabitEthernet0/0/1]ip address 10.1.21.1 24
[PE2-GigabitEthernet0/0/1]q
[PE2]interface LoopBack1
[PE2-LoopBack1]ip address 3.3.3.3 32
[PE2-LoopBack1]qCE3
<Huawei>system-view
[Huawei]sysname CE3
[CE3]interface GigabitEthernet0/0/0
[CE3-GigabitEthernet0/0/0]ip address 10.1.3.1 24
[CE3-GigabitEthernet0/0/0]q
[CE3]interface LoopBack1
[CE3-LoopBack1]ip address 172.16.3.1 32
[CE3-LoopBack1]q验证
配置完成后,使用display ip interface brief命令查看设备上所有接口的与IP是否与拓扑图规划一致。
以PE1的显示为例:
[PE1]display ip interface brief
*down: administratively down
^down: standby
(l): loopback
(s): spoofing
The number of interface that is UP in Physical is 5
The number of interface that is DOWN in Physical is 0
The number of interface that is UP in Protocol is 5
The number of interface that is DOWN in Protocol is 0
Interface IP Address/Mask Physical Protocol
GigabitEthernet0/0/0 10.1.12.1/24 up up
GigabitEthernet0/0/1 10.1.1.2/24 up up
GigabitEthernet0/0/2 10.1.2.2/24 up up
LoopBack1 1.1.1.1/32 up up(s)
NULL0 unassigned up up(s) 2.MPLS域内互通(IP骨干网互通)——OSPF
PE1
#进程号,缺省值为1。如果没有通过命令指定ID号,系统会从当前接口的IP地址中自动选取一个作为设备的ID号。缺省情况下,路由器系统会从当前接口的IP地址中自动选取一个最大值作为Router ID。
[PE1]ospf
#创建并进入OSPF区域视图,0的称为骨干区域。
[PE1-ospf-1]area 0
#配置区域所包含的网段,其中掩码是IP地址的反码
[PE1-ospf-1-area-0.0.0.0]network 1.1.1.1 0.0.0.0
[PE1-ospf-1-area-0.0.0.0]network 10.1.12.0 0.0.0.255
[PE1-ospf-1-area-0.0.0.0]q
[PE1-ospf-1]qP
[P]ospf
[P-ospf-1]area 0
[P-ospf-1-area-0.0.0.0]network 2.2.2.2 0.0.0.0
[P-ospf-1-area-0.0.0.0]network 10.1.12.0 0.0.0.255
[P-ospf-1-area-0.0.0.0]network 10.1.21.0 0.0.0.255
[P-ospf-1-area-0.0.0.0]q
[P-ospf-1]qPE2
[PE2]ospf
[PE2-ospf-1]area 0
[PE2-ospf-1-area-0.0.0.0]network 3.3.3.3 0.0.0.0
[PE2-ospf-1-area-0.0.0.0]network 10.1.21.0 0.0.0.255
[PE2-ospf-1-area-0.0.0.0]q
[PE2-ospf-1]q验证
配置完成后,PE1、P、PE2之间应能建立OSPF邻居关系,执行display ospf peer命令可以看到邻居状态为Full。执行display ip routing-table命令可以看到PE之间学习到对方的Loopback1路由。
以PE1的显示为例:
[PE1]display ospf peer
OSPF Process 1 with Router ID 10.1.12.1
Neighbors
Area 0.0.0.0 interface 10.1.12.1(GigabitEthernet0/0/0)'s neighbors
Router ID: 10.1.12.2 Address: 10.1.12.2
State: Full Mode:Nbr is Master Priority: 1
DR: 10.1.12.2 BDR: 10.1.12.1 MTU: 0
Dead timer due in 28 sec
Retrans timer interval: 5
Neighbor is up for 00:00:52
Authentication Sequence: [ 0 ]
[PE1]display ospf routing
OSPF Process 1 with Router ID 10.1.12.1
Routing Tables
Routing for Network
Destination Cost Type NextHop AdvRouter Area
1.1.1.1/32 0 Stub 1.1.1.1 10.1.12.1 0.0.0.0
10.1.12.0/24 1 Transit 10.1.12.1 10.1.12.1 0.0.0.0
2.2.2.2/32 1 Stub 10.1.12.2 10.1.12.2 0.0.0.0
3.3.3.3/32 2 Stub 10.1.12.2 10.1.3.2 0.0.0.0
10.1.21.0/24 2 Transit 10.1.12.2 10.1.12.2 0.0.0.0
Total Nets: 5
Intra Area: 5 Inter Area: 0 ASE: 0 NSSA: 03.配置PE上的VPN实例及接口与VPN实例绑定
PE1
#VPN实例用于将VPN私网路由与公网路由隔离。不同VPN实例的路由之间也是相互隔离的。在所有BGP/MPLS IP VPN组网方案中,都需要配置VPN实例。
#创建VPN实例,并进入VPN实例视图。需注意:VPN实例的名字区分大小写。
[PE1]ip vpn-instance VPN1
#使能VPN实例IPv4地址族,并进入VPN实例IPv4地址族视图。 VPN实例下支持双栈,即IPv4地址族和IPv6地址族。根据通告路由和转发数据的类型使能相应的地址族后,才能进行VPN的相关配置。
[PE1-vpn-instance-VPN1]ipv4-family
#VPN实例IPv4地址族只有配置了RD后才生效。同一PE上的不同VPN实例IPv4地址族下的RD不能相同。
[PE1-vpn-instance-VPN1-af-ipv4]route-distinguisher 1:1
#为VPN实例IPv4地址族配置VPN-target扩展团体属性。 VPN Target是BGP的扩展团体属性,用来控制VPN路由信息的接收和发布。一条vpn-target命令最多可以配置8个VPN Target。
[PE1-vpn-instance-VPN1-af-ipv4]vpn-target 12:3 export-extcommunity
[PE1-vpn-instance-VPN1-af-ipv4]vpn-target 3:12 import-extcommunity
[PE1-vpn-instance-VPN1-af-ipv4]q
[PE1-vpn-instance-VPN1]q
[PE1]ip vpn-instance VPN2
[PE1-vpn-instance-VPN2]ipv4-family
[PE1-vpn-instance-VPN2-af-ipv4]route-distinguisher 2:2
[PE1-vpn-instance-VPN2-af-ipv4]vpn-target 12:3 export-extcommunity
[PE1-vpn-instance-VPN2-af-ipv4]vpn-target 3:12 import-extcommunity
[PE1-vpn-instance-VPN2-af-ipv4]q
[PE1-vpn-instance-VPN2]q
[PE1]interface GigabitEthernet0/0/1
#配置接口与VPN实例绑定后,或取消接口与VPN实例的绑定,都会清除该接口的IP地址,应需要重新配置。
[PE1-GigabitEthernet0/0/1]ip binding vpn-instance VPN1
[PE1-GigabitEthernet0/0/1]ip address 10.1.1.2 24
[PE1-GigabitEthernet0/0/1]q
[PE1]interface GigabitEthernet0/0/2
[PE1-GigabitEthernet0/0/2]ip binding vpn-instance VPN2
[PE1-GigabitEthernet0/0/2]ip address 10.1.2.2 255.255.255.0
[PE1-GigabitEthernet0/0/2]qPE2
[PE2]ip vpn-instance VPN3
[PE2-vpn-instance-VPN3]ipv4-family
[PE2-vpn-instance-VPN3-af-ipv4]route-distinguisher 3:3
[PE2-vpn-instance-VPN3-af-ipv4]vpn-target 3:12 export-extcommunity
[PE2-vpn-instance-VPN3-af-ipv4]vpn-target 12:3 import-extcommunity
[PE2-vpn-instance-VPN3-af-ipv4]q
[PE2-vpn-instance-VPN3]q
[PE2]interface GigabitEthernet0/0/0
[PE2-GigabitEthernet0/0/0]ip binding vpn-instance VPN3
[PE2-GigabitEthernet0/0/0] ip address 10.1.3.2 24
[PE2-GigabitEthernet0/0/0]q验证
配置完成后,在PE设备上执行display ip vpn-instance verbose命令可以看到VPN实例的配置情况。在PE设备上执行display ip routing-table vpn-instance vpn-instance-name命令可以看到IPv4 VPN实例的路由表的概要信息。各PE能ping通自己接入的CE。
当PE上有多个接口绑定了同一个VPN,则使用ping -vpn-instance命令ping对端PE接入的CE时,要指定源IP地址,即要指定ping -vpn-instancevpn-instance-name -a source-ip-address dest-ip-address命令中的参数-asource-ip-address,否则可能ping不通。
以PE1为例:
[PE1]display ip vpn-instance verbose
Total VPN-Instances configured : 2
Total IPv4 VPN-Instances configured : 2
Total IPv6 VPN-Instances configured : 0
VPN-Instance Name and ID : VPN1, 1
Interfaces : GigabitEthernet0/0/1
Address family ipv4
Create date : 2025/04/25 08:28:11 UTC-08:00
Up time : 0 days, 00 hours, 12 minutes and 13 seconds
Route Distinguisher : 1:1
Export VPN Targets : 12:3
Import VPN Targets : 3:12
Label Policy : label per route
Log Interval : 5
VPN-Instance Name and ID : VPN2, 2
Interfaces : GigabitEthernet0/0/2
Address family ipv4
Create date : 2025/04/25 08:28:17 UTC-08:00
Up time : 0 days, 00 hours, 12 minutes and 07 seconds
Route Distinguisher : 2:2
Export VPN Targets : 12:3
Import VPN Targets : 3:12
Label Policy : label per route
Log Interval : 5
[PE1]display ip routing-table vpn-instance VPN1
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: VPN1
Destinations : 4 Routes : 4
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.1.1.0/24 Direct 0 0 D 10.1.1.2 GigabitEthernet0/0/1
10.1.1.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/1
10.1.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/1
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
[PE1] ping -vpn-instance VPN1 10.1.1.1
PING 10.1.1.1: 56 data bytes, press CTRL_C to break
Reply from 10.1.1.1: bytes=56 Sequence=1 ttl=255 time=130 ms
Reply from 10.1.1.1: bytes=56 Sequence=2 ttl=255 time=20 ms
Reply from 10.1.1.1: bytes=56 Sequence=3 ttl=255 time=20 ms
Reply from 10.1.1.1: bytes=56 Sequence=4 ttl=255 time=20 ms
Reply from 10.1.1.1: bytes=56 Sequence=5 ttl=255 time=20 ms
--- 10.1.1.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 20/42/130 ms4.配置PE与PE间使用MP-IBGP
PE1
#启动BGP,进入BGP视图
[PE1]bgp 123
#配置IPv4对等体3.3.3.3的对端AS号为123
[PE1-bgp]peer 3.3.3.3 as-number 123
#指定BGP报文的源接口和源地址
[PE1-bgp]peer 3.3.3.3 connect-interface loopback 1
#使能与指定对等体交换BGP-VPNv4路由信息
[PE1-bgp]ipv4-family vpnv4
[PE1-bgp-af-vpnv4]peer 3.3.3.3 enable
[PE1-bgp-af-vpnv4]q
[PE1-bgp]qPE2
[PE2]bgp 123
[PE2-bgp]peer 1.1.1.1 as-number 123
[PE2-bgp]peer 1.1.1.1 connect-interface loopback 1
[PE2-bgp]ipv4-family vpnv4
[PE2-bgp-af-vpnv4]peer 1.1.1.1 enable
[PE2-bgp-af-vpnv4]q
[PE2-bgp]q验证
配置完成后,在PE设备上执行display bgp peer或display bgp vpnv4 all peer命令,可以看到PE之间的BGP对等体关系已建立,并达到Established状态。
[PE1]display bgp peer
BGP local router ID : 10.1.12.1
Local AS number : 123
Total number of peers : 1 Peers in established state : 1
Peer V AS MsgRcvd MsgSent OutQ Up/Down State Pref Rcv
3.3.3.3 4 123 5 6 0 00:03:46 Established 0
[PE1]display bgp vpnv4 all peer
BGP local router ID : 10.1.12.1
Local AS number : 123
Total number of peers : 1 Peers in established state : 1
Peer V AS MsgRcvd MsgSent OutQ Up/Down State Pref Rcv
3.3.3.3 4 123 7 8 0 00:05:50 Established 05.在PE与CE之间建立EBGP对等体关系,并在CE引入VPN路由
CE1
[CE1]bgp 1
[CE1-bgp]peer 10.1.1.2 as-number 123
#引入本端CE的直连路由,使用import-route direct或network ipv4-address mask
#CE将所连接的VPN网段地址发布给接入的PE,通过PE发布给对端CE。根据实际组网情况,该步骤中需要引入的路由类型有所不同。
[CE1-bgp]network 172.16.1.1 255.255.255.255
[CE1-bgp]qCE2
[CE2]bgp 2
[CE2-bgp]peer 10.1.2.2 as-number 123
[CE2-bgp]network 172.16.2.1 255.255.255.255
[CE2-bgp]qPE1
[PE1]bgp 123
#将指定的VPN实例与IPv4地址族进行关联,并进入BGP-VPN实例IPv4地址族视图。
[PE1-bgp]ipv4-family vpn-instance VPN1
#将CE配置为VPN私网对等体
[PE1-bgp-VPN1]peer 10.1.1.1 as-number 1
[PE1-bgp-VPN1]q
[PE1-bgp]ipv4-family vpn-instance VPN2
[PE1-bgp-VPN2]peer 10.1.2.1 as-number 2
[PE1-bgp-VPN2]q
[PE1-bgp]qCE3
[CE3]bgp 3
[CE3-bgp]peer 10.1.3.2 as-number 123
[CE3-bgp]network 172.16.3.1 255.255.255.255
[CE3-bgp]qPE2
[PE2]bgp 123
[PE2-bgp]ipv4-family vpn-instance VPN3
[PE2-bgp-VPN3]peer 10.1.3.1 as-number 3
[PE2-bgp-VPN3]q
[PE2-bgp]q验证
配置完成后,在PE设备上执行display bgp vpnv4 vpn-instance vpn-instance-name peer命令,可以看到PE与CE之间的BGP对等体关系已建立,并达到Established状态。
以PE1与CE1的对等体关系为例:
[PE1]display bgp vpnv4 vpn-instance VPN1 peer
BGP local router ID : 10.1.12.1
Local AS number : 123
VPN-Instance VPN1, Router ID 10.1.12.1:
Total number of peers : 1 Peers in established state : 1
Peer V AS MsgRcvd MsgSent OutQ Up/Down State Pre fRcv
10.1.1.1 4 1 13 12 0 00:10:28 Established 16.配置MPLS和MPLS LDP功能
PE
#LSR ID用来在网络中唯一标识一个LSR。在网络中部署MPLS业务时,必须首先配置LSR ID。LSR没有缺省的LSR ID,必须手工配置。
#配置LSR的ID为1.1.1.1
[PE1]mpls lsr-id 1.1.1.1
#使能本节点的全局MPLS能力,并进入MPLS视图。
[PE1]mpls
[PE1-mpls]q
#使能本节点的LDP能力,并进入MPLS-LDP视图。
[PE1]mpls ldp
[PE1-mpls-ldp]q
#在GE0/0/0接口上使能MPLS能力与MPLS LDP功能。
[PE1]interface GigabitEthernet0/0/0
[PE1-GigabitEthernet0/0/0]mpls
[PE1-GigabitEthernet0/0/0]mpls ldp
[PE1-GigabitEthernet0/0/0]qP
[P]mpls lsr-id 2.2.2.2
[P]mpls
[P-mpls]q
[P]mpls ldp
[P-mpls-ldp]q
[P]interface GigabitEthernet0/0/0
[P-GigabitEthernet0/0/0]mpls
[P-GigabitEthernet0/0/0]mpls ldp
[P-GigabitEthernet0/0/0]q
[P]interface GigabitEthernet0/0/1
[P-GigabitEthernet0/0/1]mpls
[P-GigabitEthernet0/0/1]mpls ldp
[P-GigabitEthernet0/0/1]qPE2
[PE2]mpls lsr-id 3.3.3.3
[PE2]mpls
[PE2-mpls]q
[PE2]mpls ldp
[PE2-mpls-ldp]q
[PE2]interface GigabitEthernet0/0/1
[PE2-GigabitEthernet0/0/1]mpls
[PE2-GigabitEthernet0/0/1]mpls ldp
[PE2-GigabitEthernet0/0/1]q验证
上述配置完成后,PE1与P、P与PE2之间应能建立LDP会话,执行display mpls ldp session命令可以看到显示结果中Status项为“Operational”。执行display mpls ldp lsp命令,可以看到LDP LSP的建立情况。
以PE1的显示为例:
[PE1]display mpls ldp session
LDP Session(s) in Public Network
Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM)
A '*' before a session means the session is being deleted.
------------------------------------------------------------------------------
PeerID Status LAM SsnRole SsnAge KASent/Rcv
------------------------------------------------------------------------------
2.2.2.2:0 Operational DU Passive 0000:00:05 24/24
------------------------------------------------------------------------------
TOTAL: 1 session(s) Found.
[PE1]display mpls ldp lsp
LDP LSP Information
-------------------------------------------------------------------------------
DestAddress/Mask In/OutLabel UpstreamPeer NextHop OutInterface
-------------------------------------------------------------------------------
1.1.1.1/32 3/NULL 2.2.2.2 127.0.0.1 InLoop0
*1.1.1.1/32 Liberal/1024 DS/2.2.2.2
2.2.2.2/32 NULL/3 - 10.1.12.2 GE0/0/0
2.2.2.2/32 1026/3 2.2.2.2 10.1.12.2 GE0/0/0
3.3.3.3/32 NULL/1025 - 10.1.12.2 GE0/0/0
3.3.3.3/32 1027/1025 2.2.2.2 10.1.12.2 GE0/0/0
-------------------------------------------------------------------------------
TOTAL: 5 Normal LSP(s) Found.
TOTAL: 1 Liberal LSP(s) Found.
TOTAL: 0 Frr LSP(s) Found.
A '*' before an LSP means the LSP is not established
A '*' before a Label means the USCB or DSCB is stale
A '*' before a UpstreamPeer means the session is stale
A '*' before a DS means the session is stale
A '*' before a NextHop means the LSP is FRR LSP7.验证配置结果
查看相关路由信息
在PE设备上执行display ip routing-table vpn-instance命令,可以看到去往对端CE的路由。
以PE1的显示为例:
[PE1]display ip routing-table vpn-instance ?
STRING<1-31> VPN instance name
[PE1]display ip routing-table vpn-instance VPN1
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: VPN1
Destinations : 6 Routes : 6
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.1.1.0/24 Direct 0 0 D 10.1.1.2 GigabitEthernet0/0/1
10.1.1.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/1
10.1.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/1
172.16.1.1/32 EBGP 255 0 D 10.1.1.1 GigabitEthernet0/0/1
172.16.3.1/32 IBGP 255 0 RD 3.3.3.3 GigabitEthernet0/0/0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
[PE1]display ip routing-table vpn-instance VPN2
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: VPN2
Destinations : 6 Routes : 6
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.1.2.0/24 Direct 0 0 D 10.1.2.2 GigabitEthernet0/0/2
10.1.2.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/2
10.1.2.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/2
172.16.2.1/32 EBGP 255 0 D 10.1.2.1 GigabitEthernet0/0/2
172.16.3.1/32 IBGP 255 0 RD 3.3.3.3 GigabitEthernet0/0/0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
在CE设备上执行display ip routing-table命令,可以看到从PE学习到的路由。
以CE1的显示为例:
[CE1]display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 9 Routes : 9
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.1.1.0/24 Direct 0 0 D 10.1.1.1 GigabitEthernet0/0/0
10.1.1.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0
10.1.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
172.16.1.1/32 Direct 0 0 D 127.0.0.1 LoopBack1
172.16.3.1/32 EBGP 255 0 D 10.1.1.2 GigabitEthernet0/0/0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0测试连通性
同一VPN的CE能够相互Ping通,不同VPN的CE不能相互Ping通。CE1能够Ping通CE3(172.16.3.1),但不能Ping通CE4(172.16.2.1)。
以CE1的显示为例:
[CE1]ping -a 172.16.1.1 172.16.3.1
PING 172.16.3.1: 56 data bytes, press CTRL_C to break
Reply from 172.16.3.1: bytes=56 Sequence=1 ttl=252 time=60 ms
Reply from 172.16.3.1: bytes=56 Sequence=2 ttl=252 time=50 ms
Reply from 172.16.3.1: bytes=56 Sequence=3 ttl=252 time=40 ms
Reply from 172.16.3.1: bytes=56 Sequence=4 ttl=252 time=40 ms
Reply from 172.16.3.1: bytes=56 Sequence=5 ttl=252 time=40 ms
--- 172.16.3.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 40/46/60 ms
[CE1]ping -a 172.16.1.1 172.16.2.1
PING 172.16.2.1: 56 data bytes, press CTRL_C to break
Request time out
Request time out
Request time out
Request time out
Request time out
--- 172.16.2.1 ping statistics ---
5 packet(s) transmitted
0 packet(s) received
100.00% packet loss还可以根据在PE的GE0/0/0接口和P的GE0/0/1接口抓包查看MPLS的双层标签及标签替换。
以CE1 ping CE2为例:
评论区