知

MPLS L3VPN典型组网配置案例

2014-07-28 发表

1关注
1收藏 3460浏览

粉丝：4人关注：0人

MPLS L3VPN典型组网配置案例

关键词：IRF2、OSPF、BGP、MPLS、VPN、MCE

一、组网需求：

某电力客户部署MPLS VPN网络，其中涉及三个VPN业务（办公业务、生产业务、外网业务），业务开展后，需实现如下功能：

1、办公业务VPN中的终端能相互访问。

2、生产业务VPN中的终端能相互访问。

3、办公业务VPN中的终端和生产业务VPN中的终端不能相互访问。

4、办公业务VPN中的终端和生产业务VPN中的终端都能访问外网业务VPN中的终端。

实验设备：2台SR6604-X（Version 5.20, Release 3302）、2台MSR26-00（Version 5.20, Release 2511P02）、3台S5820V2-52Q（Version 7.1.035, Release 2210）。

二、实验组网：

详细组网拓扑图如下：

说明：在CE-1上建立两个Loopback地址L0、L1，分别模拟办公业务终端和生产业务终端，CE-2亦然。

在CE-3上建立一个Loopback地址L0，模拟外网业务。

配置完毕后，需达到的效果：

1、 CE-1的L0可以访问CE-2的L0和CE-3的L0，无法访问CE-1的L1和CE-2的L1。

2、 CE-1的L1可以访问CE-2的L1和CE-3的L0，无法访问CE-1的L0和CE-2的L0。

详细IP地址规划如下：

三、配置步骤：

SR6604-X A IRF配置

[H3C]irf priority 16         //配置IRF成员优先级为16

[H3C]irf member 1    //IRF成员编号为1

Info: Member ID change will take effect after the member reboots and operates in IRF mode.

[H3C]irf-port 2

[H3C-irf-port2]port group interface Ten-GigabitEthernet 3/0/0

[H3C]quit

save

The current configuration will be written to the device. Are you sure? [Y/N]:Y

Please input the file name(*.cfg)[cfa0:/startup.cfg]

(To leave the existing filename unchanged, press the enter key):

cfa0:/startup.cfg exists, overwrite? [Y/N]:Y

Validating file. Please wait....

The current configuration is saved to the active main board successfully.

Configuration is saved to device successfully.

sys

System View: return to User View with Ctrl+Z.

[H3C]chassis convert mode irf //设备切换为IRF工作模式，确认后设备重启

The device will switch to IRF mode and reboot. You are recommended to save the current running configuration and specify the configuration file for the next startup. Continue? [Y/N]:Y

Do you want to convert the content of the next main startup configuration file cfa0:/startup.cfg to make it available in IRF mode? [Y/N]:Y

Please wait...

Saving the converted configuration file to main board succeeded.

#Apr 20 22:35:51:802 2014 H3c DEVM/1/REBOOT:

Reboot device by command.

SR6604-X B IRF配置

[H3C]irf priority 1        //配置IRF成员优先级为1

[H3C]irf member 2      //配置IRF成员编号为2

Info: Member ID change will take effect after the member reboots and operates in IRF mode.

[H3C]irf-port 1

[H3C-irf-port1]port group interface Ten-GigabitEthernet 3/0/0

[H3C-irf-port1]quit

[H3C]quit

save

The current configuration will be written to the device. Are you sure? [Y/N]:Y

Please input the file name(*.cfg)[cfa0:/startup.cfg]

(To leave the existing filename unchanged, press the enter key):

cfa0:/startup.cfg exists, overwrite? [Y/N]:Y

Validating file. Please wait....

The current configuration is saved to the active main board successfully.

Configuration is saved to device successfully.

sys

System View: return to User View with Ctrl+Z.

[H3C]chassis convert mode irf //设备切换为IRF工作模式，确认后设备重启

The device will switch to IRF mode and reboot. You are recommended to save the current running configuration and specify the configuration file for the next startup. Continue? [Y/N]:Y

Do you want to convert the content of the next main startup configuration file cfa0:/startup.cfg to make it available in IRF mode? [Y/N]:Y

Please wait...

Saving the converted configuration file to main board succeeded.

#Apr 20 22:40:36:473 2014 H3c DEVM/1/REBOOT:

Reboot device by command.

经过以上配置，SR6604-X-A和SR6604-X-B组成的IRF2搭建成功。设备重启完成后，可以通过display device命令查看设备情况：

[H3c]dis device

System-mode(Current/After Reboot): Normal/Normal

Slot No. Board type    Status       Primary    SubSlots

---------------------------------------------------------------------

1/0       RSE-X2        Normal       Master     0

1/1       N/A           Absent       N/A        N/A

1/2       FIP-300       Normal       N/A        1

1/3       SAP-4EXP      Normal       N/A        0

2/0       RSE-X2        Normal       Slave      0

2/1       N/A           Absent       N/A        N/A

2/2       FIP-240       Normal       N/A        4

2/3       SAP-4EXP      Normal       N/A        0

SR6604-X IRF2搭建完毕后，请按照以下命令配置SR6604-X IRF2系统：

SR6604-X IRF系统配置

#

version 5.20, Release 3302

#

sysname SR66-IRF

#

irf mac-address persistent always

undo irf auto-update enable

undo irf link-delay

irf member 1 priority 16

#

telnet server enable

#

mpls lsr-id 2.2.2.2

#

ip vpn-instance waiwang      //外网业务VPN实例

route-distinguisher 300:1

vpn-target 100:1 200:1 export-extcommunity

vpn-target 100:1 200:1 import-extcommunity

#

vlan 1

#

mpls

#

mpls ldp

#

interface LoopBack0

ip address 2.2.2.2 255.255.255.255

#

interface GigabitEthernet1/2/0/1

port link-mode route

ip address 10.0.0.2 255.255.255.0

mpls

mpls ldp

#

interface GigabitEthernet2/2/0/0

port link-mode route

ip binding vpn-instance waiwang    //接口与外网业务VPN实例绑定

ip address 192.168.3.2 255.255.255.0

#

interface GigabitEthernet2/2/0/1

port link-mode route

ip address 11.0.0.2 255.255.255.0

mpls

mpls ldp

#

bgp 100

undo synchronization

peer 1.1.1.1 as-number 100

peer 3.3.3.3 as-number 100

peer 1.1.1.1 connect-interface LoopBack0

peer 3.3.3.3 connect-interface LoopBack0

#

ipv4-family vpn-instance waiwang

import-route direct       //引入直连路由

import-route ospf 15      //引入OSPF15的路由

#

ipv4-family vpnv4

peer 1.1.1.1 enable

peer 3.3.3.3 enable

#

ospf 1

area 0.0.0.0

network 2.2.2.2 0.0.0.0

network 10.0.0.0 0.0.0.255

network 11.0.0.0 0.0.0.255

#

ospf 15 vpn-instance waiwang

import-route bgp       //引入BGP路由

area 0.0.0.0

network 192.168.3.0 0.0.0.255

#

user-interface con 1/0

user-interface con 2/0

user-interface aux 1/0

user-interface aux 2/0

user-interface vty 0 4

authentication-mode none

user privilege level 3

#

irf-port 1/2

port group interface Ten-GigabitEthernet1/3/0/0 mode enhanced

#

irf-port 2/1

port group interface Ten-GigabitEthernet2/3/0/0 mode enhanced

#

配置CE-1（S5820V2）交换机

#

version 7.1.035, Release 2210

#

sysname CE-1

#

ip vpn-instance bangong      //办公业务VPN实例

route-distinguisher 100:1

vpn-target 100:1 export-extcommunity

vpn-target 100:1 import-extcommunity

#

ip vpn-instance shengchan     //生产业务VPN实例

route-distinguisher 200:1

vpn-target 200:1 export-extcommunity

vpn-target 200:1 import-extcommunity

#

system-working-mode standard

fan prefer-direction slot 1 port-to-power   //设备期望的风道方向为port-to-power

password-recovery enable

#

vlan 1

#

vlan 10

#

vlan 20

#

interface LoopBack0

ip binding vpn-instance bangong //接口与办公业务VPN实例绑定

ip address 10.10.10.10 255.255.255.255

#

interface LoopBack1

ip binding vpn-instance shengchan   //接口与生产业务VPN实例绑定

ip address 20.20.20.20 255.255.255.255

#

interface Vlan-interface10

ip binding vpn-instance bangong   //接口与办公业务VPN实例绑定

ip address 192.168.1.1 255.255.255.0

#

interface Vlan-interface20

ip binding vpn-instance shengchan   //接口与生产业务VPN实例绑定

ip address 192.168.2.1 255.255.255.0

#

interface Ten-GigabitEthernet1/0/3

port link-type trunk

port trunk permit vlan 1 10 20

#

ospf 10 vpn-instance bangong

vpn-instance-capability simple   //关闭OSPF实例的路由环路检测功能

area 0.0.0.0

network 10.10.10.10 0.0.0.0

network 192.168.1.0 0.0.0.255

#

ospf 20 vpn-instance shengchan

vpn-instance-capability simple    //关闭OSPF实例的路由环路检测功能

area 0.0.0.0

network 20.20.20.20 0.0.0.0

network 192.168.2.0 0.0.0.255

#

配置CE-2（S5820V2）交换机

#

version 7.1.035, Release 2210

#

sysname CE-2

#

ip vpn-instance bangong      //办公业务VPN实例

route-distinguisher 100:1

vpn-target 100:1 export-extcommunity

vpn-target 100:1 import-extcommunity

#

ip vpn-instance shengchan    //生产业务VPN实例

route-distinguisher 200:1

vpn-target 200:1 export-extcommunity

vpn-target 200:1 import-extcommunity

#

system-working-mode standard

fan prefer-direction slot 1 port-to-power   //设备期望的风道方向为port-to-power

password-recovery enable

#

vlan 1

#

vlan 40

#

vlan 50

#

interface LoopBack0

ip binding vpn-instance bangong    //接口与办公业务VPN实例绑定

ip address 40.40.40.40 255.255.255.255

#

interface LoopBack1

ip binding vpn-instance shengchan //接口与生产业务VPN实例绑定

ip address 50.50.50.50 255.255.255.255

#

interface Vlan-interface40

ip binding vpn-instance bangong    //接口与办公业务VPN实例绑定

ip address 192.168.4.1 255.255.255.0

#

interface Vlan-interface50

ip binding vpn-instance shengchan   //接口与生产业务VPN实例绑定

ip address 192.168.5.1 255.255.255.0

#

interface Ten-GigabitEthernet1/0/3

port link-type trunk

port trunk permit vlan 1 40 50

#

ospf 10 vpn-instance bangong

vpn-instance-capability simple    //关闭OSPF实例的路由环路检测功能

area 0.0.0.0

network 40.40.40.40 0.0.0.0

network 192.168.4.0 0.0.0.255

#

ospf 20 vpn-instance shengchan

vpn-instance-capability simple    //关闭OSPF实例的路由环路检测功能

area 0.0.0.0

network 50.50.50.50 0.0.0.0

network 192.168.5.0 0.0.0.255

#

配置CE-3（S5820V2）交换机

#

version 7.1.035, Release 2210

#

sysname CE-3

#

ip vpn-instance waiwang        //外网业务VPN实例

route-distinguisher 300:1

vpn-target 100:1 200:1 export-extcommunity

vpn-target 100:1 200:1 import-extcommunity

#

system-working-mode standard

fan prefer-direction slot 1 port-to-power   //设备期望的风道方向为port-to-power

password-recovery enable

#

vlan 1

#

vlan 30

#

interface LoopBack0

ip binding vpn-instance waiwang //接口与外网业务VPN实例绑定

ip address 30.30.30.30 255.255.255.255

#

interface Vlan-interface30

ip binding vpn-instance waiwang    //接口与外网业务VPN实例绑定

ip address 192.168.3.1 255.255.255.0

#

interface Ten-GigabitEthernet1/0/3

port access vlan 30

#

ospf 15 vpn-instance waiwang

vpn-instance-capability simple     //关闭OSPF实例的路由环路检测功能

area 0.0.0.0

network 30.30.30.30 0.0.0.0

network 192.168.3.0 0.0.0.255

#

配置PE-1（MSR26-00）路由器

#

version 5.20, Release 2511P02

#

sysname PE-1

#

telnet server enable

#

mpls lsr-id 1.1.1.1

#

ip vpn-instance bangong     //办公业务VPN实例

route-distinguisher 100:1

vpn-target 100:1 export-extcommunity

vpn-target 100:1 import-extcommunity

#

ip vpn-instance shengchan     //生产业务VPN实例

route-distinguisher 200:1

vpn-target 200:1 export-extcommunity

vpn-target 200:1 import-extcommunity

#

vlan 1

#

mpls

#

mpls ldp

#

interface LoopBack0

ip address 1.1.1.1 255.255.255.255

#

interface GigabitEthernet0/0

port link-mode route

ip address 10.0.0.1 255.255.255.0

mpls

mpls ldp

#

interface GigabitEthernet0/1

port link-mode route

#

interface GigabitEthernet0/1.1

vlan-type dot1q vid 10

ip binding vpn-instance bangong    //接口与办公业务VPN实例绑定

ip address 192.168.1.2 255.255.255.0

#

interface GigabitEthernet0/1.2

vlan-type dot1q vid 20

ip binding vpn-instance shengchan   //接口与生产业务VPN实例绑定

ip address 192.168.2.2 255.255.255.0

#

bgp 100

undo synchronization

peer 2.2.2.2 as-number 100

peer 3.3.3.3 as-number 100

peer 2.2.2.2 connect-interface LoopBack0

peer 3.3.3.3 connect-interface LoopBack0

#

ipv4-family vpn-instance bangong

import-route direct     //引入直连路由

import-route ospf 10    //引入OSPF10的路由

#

ipv4-family vpn-instance shengchan

import-route direct       //引入直连路由

import-route ospf 20     //引入OSPF20的路由

#

ipv4-family vpnv4

peer 2.2.2.2 enable

peer 3.3.3.3 enable

#

ospf 1

area 0.0.0.0

network 1.1.1.1 0.0.0.0

network 10.0.0.0 0.0.0.255

#

ospf 10 vpn-instance bangong

import-route bgp      //引入BGP路由

area 0.0.0.0

network 192.168.1.0 0.0.0.255

#

ospf 20 vpn-instance shengchan

import-route bgp     //引入BGP路由

area 0.0.0.0

network 192.168.2.0 0.0.0.255

#

user-interface vty 0 4

authentication-mode none

user privilege level 3

#

配置PE-2（MSR26-00）路由器

#

version 5.20, Release 2511P02

#

sysname PE-2

#

telnet server enable

#

mpls lsr-id 3.3.3.3

#

ip vpn-instance bangong       //办公业务VPN实例

route-distinguisher 100:1

vpn-target 100:1 export-extcommunity

vpn-target 100:1 import-extcommunity

#

ip vpn-instance shengchan      //生产业务VPN实例

route-distinguisher 200:1

vpn-target 200:1 export-extcommunity

vpn-target 200:1 import-extcommunity

#

vlan 1

#

mpls

#

mpls ldp

#

interface LoopBack0

ip address 3.3.3.3 255.255.255.255

#

interface GigabitEthernet0/0

port link-mode route

ip address 11.0.0.1 255.255.255.0

mpls

mpls ldp

#

interface GigabitEthernet0/1

port link-mode route

#

interface GigabitEthernet0/1.1

vlan-type dot1q vid 40

ip binding vpn-instance bangong   //接口与办公业务VPN实例绑定

ip address 192.168.4.2 255.255.255.0

#

interface GigabitEthernet0/1.2

vlan-type dot1q vid 50

ip binding vpn-instance shengchan   //接口与生产业务VPN实例绑定

ip address 192.168.5.2 255.255.255.0

#

bgp 100

undo synchronization

peer 1.1.1.1 as-number 100

peer 2.2.2.2 as-number 100

peer 1.1.1.1 connect-interface LoopBack0

peer 2.2.2.2 connect-interface LoopBack0

#

ipv4-family vpn-instance bangong

import-route direct    //引入直连路由

import-route ospf 10     //引入OSPF10路由

#

ipv4-family vpn-instance shengchan

import-route direct     //引入直连路由

import-route ospf 20     //引入OSPF20路由

#

ipv4-family vpnv4

peer 1.1.1.1 enable

peer 2.2.2.2 enable

#

ospf 1

area 0.0.0.0

network 3.3.3.3 0.0.0.0

network 11.0.0.0 0.0.0.255

#

ospf 10 vpn-instance bangong

import-route bgp   //引入BGP路由

area 0.0.0.0

network 192.168.4.0 0.0.0.255

#

ospf 20 vpn-instance shengchan

import-route bgp     //引入BGP路由

area 0.0.0.0

network 192.168.5.0 0.0.0.255

#

user-interface vty 0 4

authentication-mode none

user privilege level 3

#

四、实验效果：

1、PE上能生成公网OSPF路由表。使用PE-1举例，路由表如下所示，可见存在去往各个MPLS LSR-ID的OSPF路由：

dis ip routing-table

Routing Tables: Public

        Destinations : 8        Routes : 8

Destination/Mask    Proto Pre Cost         NextHop         Interface

1.1.1.1/32          Direct 0    0            127.0.0.1       InLoop0

2.2.2.2/32          OSPF   10   1            10.0.0.2        GE0/0

3.3.3.3/32          OSPF   10   2            10.0.0.2        GE0/0

10.0.0.0/24         Direct 0    0            10.0.0.1        GE0/0

10.0.0.1/32         Direct 0    0            127.0.0.1       InLoop0

11.0.0.0/24         OSPF   10   2            10.0.0.2        GE0/0

127.0.0.0/8         Direct 0    0            127.0.0.1       InLoop0

127.0.0.1/32        Direct 0    0            127.0.0.1       InLoop0

2、PE上能收到对端PE发过来的BGP私网路由。使用PE-1举例，路由表如下：

dis ip routing-table vpn-instance bangong

Routing Tables: bangong

        Destinations : 9        Routes : 9

Destination/Mask    Proto Pre Cost         NextHop         Interface

10.10.10.10/32      OSPF   10   1            192.168.1.1     GE0/1.1

30.30.30.30/32      BGP    255 2            2.2.2.2         NULL0

40.40.40.40/32      BGP    255 2            3.3.3.3         NULL0

127.0.0.0/8         Direct 0    0            127.0.0.1       InLoop0

127.0.0.1/32        Direct 0    0            127.0.0.1       InLoop0

192.168.1.0/24      Direct 0    0            192.168.1.2     GE0/1.1

192.168.1.2/32      Direct 0    0            127.0.0.1       InLoop0

192.168.3.0/24      BGP    255 0            2.2.2.2         NULL0

192.168.4.0/24      BGP    255 0            3.3.3.3         NULL0

dis ip routing-table vpn-instance shengchan

Routing Tables: shengchan

        Destinations : 9        Routes : 9

Destination/Mask    Proto Pre Cost         NextHop         Interface

20.20.20.20/32      OSPF   10   1            192.168.2.1     GE0/1.2

30.30.30.30/32      BGP    255 2            2.2.2.2         NULL0

50.50.50.50/32      BGP    255 2            3.3.3.3         NULL0

127.0.0.0/8         Direct 0    0            127.0.0.1       InLoop0

127.0.0.1/32        Direct 0    0            127.0.0.1       InLoop0

192.168.2.0/24      Direct 0    0            192.168.2.2     GE0/1.2

192.168.2.2/32      Direct 0    0            127.0.0.1       InLoop0

192.168.3.0/24      BGP    255 0           2.2.2.2         NULL0

192.168.5.0/24      BGP    255 0            3.3.3.3         NULL0

3、CE上能生成去往目的网段的OSPF路由。使用CE-1举例，路由表如下：

dis ip routing-table vpn-instance bangong

Destinations : 17       Routes : 17

Destination/Mask    Proto Pre Cost         NextHop         Interface

0.0.0.0/32          Direct 0    0            127.0.0.1       InLoop0

10.10.10.10/32      Direct 0    0            127.0.0.1       InLoop0

30.30.30.30/32      OSPF   10   3            192.168.1.2     Vlan10

40.40.40.40/32      OSPF   10   3            192.168.1.2     Vlan10

127.0.0.0/8         Direct 0    0            127.0.0.1       InLoop0

127.0.0.0/32        Direct 0    0            127.0.0.1       InLoop0

127.0.0.1/32        Direct 0    0            127.0.0.1       InLoop0

127.255.255.255/32 Direct 0    0            127.0.0.1       InLoop0

192.168.1.0/24      Direct 0    0            192.168.1.1     Vlan10

192.168.1.0/32      Direct 0    0            192.168.1.1     Vlan10

192.168.1.1/32      Direct 0    0            127.0.0.1       InLoop0

192.168.1.255/32    Direct 0    0            192.168.1.1     Vlan10

192.168.3.0/24      OSPF   150 1            192.168.1.2     Vlan10

192.168.4.0/24      OSPF   150 1            192.168.1.2     Vlan10

224.0.0.0/4         Direct 0    0            0.0.0.0         NULL0

224.0.0.0/24        Direct 0    0            0.0.0.0         NULL0

255.255.255.255/32 Direct 0    0            127.0.0.1       InLoop0

dis ip routing-table vpn-instance shengchan

Destinations : 17       Routes : 17

Destination/Mask    Proto Pre Cost         NextHop         Interface

0.0.0.0/32          Direct 0    0            127.0.0.1       InLoop0

20.20.20.20/32      Direct 0    0            127.0.0.1       InLoop0

30.30.30.30/32      OSPF   10   3            192.168.2.2     Vlan20

50.50.50.50/32      OSPF   10   3            192.168.2.2     Vlan20

127.0.0.0/8         Direct 0    0            127.0.0.1       InLoop0

127.0.0.0/32        Direct 0    0            127.0.0.1       InLoop0

127.0.0.1/32        Direct 0    0            127.0.0.1       InLoop0

127.255.255.255/32 Direct 0    0            127.0.0.1       InLoop0

192.168.2.0/24      Direct 0    0            192.168.2.1     Vlan20

192.168.2.0/32      Direct 0    0            192.168.2.1     Vlan20

192.168.2.1/32      Direct 0    0            127.0.0.1       InLoop0

192.168.2.255/32    Direct 0    0            192.168.2.1     Vlan20

192.168.3.0/24      OSPF   150 1            192.168.2.2     Vlan20

192.168.5.0/24      OSPF   150 1            192.168.2.2     Vlan20

224.0.0.0/4         Direct 0    0            0.0.0.0         NULL0

224.0.0.0/24        Direct 0    0            0.0.0.0         NULL0

255.255.255.255/32 Direct 0    0            127.0.0.1       InLoop0

VPN业务之间相互访问操作：

1、 CE-1的L0可以访问CE-2的L0和CE-3的L0，无法访问CE-1的L1和CE-2的L1。

ping -vpn-instance bangong -a 10.10.10.10 40.40.40.40

PING 40.40.40.40 (40.40.40.40) from 10.10.10.10: 56 data bytes, press CTRL_C to break

56 bytes from 40.40.40.40: icmp_seq=0 ttl=253 time=2.312 ms

56 bytes from 40.40.40.40: icmp_seq=1 ttl=253 time=1.486 ms

56 bytes from 40.40.40.40: icmp_seq=2 ttl=253 time=2.593 ms

56 bytes from 40.40.40.40: icmp_seq=3 ttl=253 time=1.560 ms

56 bytes from 40.40.40.40: icmp_seq=4 ttl=253 time=1.787 ms

--- 40.40.40.40 ping statistics ---

5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss

round-trip min/avg/max/std-dev = 1.486/1.948/2.593/0.433 ms

ping -vpn-instance bangong -a 10.10.10.10 30.30.30.30

PING 30.30.30.30 (30.30.30.30) from 10.10.10.10: 56 data bytes, press CTRL_C to break

56 bytes from 30.30.30.30: icmp_seq=0 ttl=253 time=1.878 ms

56 bytes from 30.30.30.30: icmp_seq=1 ttl=253 time=1.403 ms

56 bytes from 30.30.30.30: icmp_seq=2 ttl=253 time=1.570 ms

56 bytes from 30.30.30.30: icmp_seq=3 ttl=253 time=1.220 ms

56 bytes from 30.30.30.30: icmp_seq=4 ttl=253 time=1.598 ms

--- 30.30.30.30 ping statistics ---

5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss

round-trip min/avg/max/std-dev = 1.220/1.534/1.878/0.219 ms

ping -vpn-instance bangong -a 10.10.10.10 20.20.20.20

PING 20.20.20.20 (20.20.20.20) from 10.10.10.10: 56 data bytes, press CTRL_C to break

Request time out

Request time out

Request time out

Request time out

Request time out

--- 20.20.20.20 ping statistics ---

5 packet(s) transmitted, 0 packet(s) received, 100.0% packet loss

ping -vpn-instance bangong -a 10.10.10.10 50.50.50.50

PING 50.50.50.50 (50.50.50.50) from 10.10.10.10: 56 data bytes, press CTRL_C to break

Request time out

Request time out

Request time out

Request time out

Request time out

--- 50.50.50.50 ping statistics ---

5 packet(s) transmitted, 0 packet(s) received, 100.0% packet loss



2、CE-1的L1可以访问CE-2的L1和CE-3的L0，无法访问CE-1的L0和CE-2的L0。

ping -vpn-instance shengchan -a 20.20.20.20 50.50.50.50

PING 50.50.50.50 (50.50.50.50) from 20.20.20.20: 56 data bytes, press CTRL_C to break

56 bytes from 50.50.50.50: icmp_seq=0 ttl=253 time=2.237 ms

56 bytes from 50.50.50.50: icmp_seq=1 ttl=253 time=1.429 ms

56 bytes from 50.50.50.50: icmp_seq=2 ttl=253 time=1.817 ms

56 bytes from 50.50.50.50: icmp_seq=3 ttl=253 time=1.463 ms

56 bytes from 50.50.50.50: icmp_seq=4 ttl=253 time=1.414 ms

--- 50.50.50.50 ping statistics ---

5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss

round-trip min/avg/max/std-dev = 1.414/1.672/2.237/0.319 ms

ping -vpn-instance shengchan -a 20.20.20.20 30.30.30.30

PING 30.30.30.30 (30.30.30.30) from 20.20.20.20: 56 data bytes, press CTRL_C to break

56 bytes from 30.30.30.30: icmp_seq=0 ttl=253 time=2.090 ms

56 bytes from 30.30.30.30: icmp_seq=1 ttl=253 time=1.211 ms

56 bytes from 30.30.30.30: icmp_seq=2 ttl=253 time=1.517 ms

56 bytes from 30.30.30.30: icmp_seq=3 ttl=253 time=1.284 ms

56 bytes from 30.30.30.30: icmp_seq=4 ttl=253 time=1.468 ms

--- 30.30.30.30 ping statistics ---

5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss

round-trip min/avg/max/std-dev = 1.211/1.514/2.090/0.309 ms

ping -vpn-instance shengchan -a 20.20.20.20 10.10.10.10

PING 10.10.10.10 (10.10.10.10) from 20.20.20.20: 56 data bytes, press CTRL_C to break

Request time out

Request time out

Request time out

Request time out

Request time out

--- 10.10.10.10 ping statistics ---

5 packet(s) transmitted, 0 packet(s) received, 100.0% packet loss

ping -vpn-instance shengchan -a 20.20.20.20 40.40.40.40

PING 40.40.40.40 (40.40.40.40) from 20.20.20.20: 56 data bytes, press CTRL_C to break

Request time out

Request time out

Request time out

Request time out

Request time out

--- 40.40.40.40 ping statistics ---

5 packet(s) transmitted, 0 packet(s) received, 100.0% packet loss

五、配置关键点：

1、 S5820V2-52Q交换机上有两个风扇模块插槽，为了保证设备的正常散热，交换机上必须同时安装两个风扇模块（两个风扇模块的型号及风向标识必须一致），在交换机上没有安装风扇模块的情况下，禁止交换机上电运行。

2、 S5820V2-52Q交换机上，需保证风扇模块的风向与设备的期望风向一致（可以使用fan prefer-direction slot slot-number { power-to-port | port-to-power }调整），否则设备会产生告警并发出较大噪声。

dis fan

Slot 1

      FAN    1

      State    : Normal

      Wind Direction    :Port-to-Power       //两者需保持一致

      Prefer Wind Direction    :Port-to-Power

      FAN    2

      State    : Normal

      Wind Direction    :Port-to-Power       //两者需保持一致

      Prefer Wind Direction    :Port-to-Power

3、由于本案例涉及到三个业务VPN互访的问题，请保证各个业务VPN中VPN-TARGET的配置正确。

4、本案例在CE上使用了Loopback地址模拟客户终端。事实上，也可以使用真正的终端来完成实验，比如在CE-1的XGE1/0/1上串接一台PC（100.100.100.100/24），并在CE-1设备上进行如下配置：

#

vlan 100

#

interface Vlan-interface100

ip binding vpn-instance bangong

ip address 100.100.100.1 255.255.255.0

#

interface Ten-GigabitEthernet1/0/1

port access vlan 100

#

ospf 10 vpn-instance bangong

vpn-instance-capability simple

area 0.0.0.0

network 10.10.10.10 0.0.0.0

network 100.100.100.0 0.0.0.255   //在原有的配置上加上这条配置

network 192.168.1.0 0.0.0.255

#

此时，该PC即成为办公业务VPN的终端。可以在PC上访问10.10.10.10/32、30.30.30.30/32、40.40.40.40/32，但无法访问20.20.20.20/32、50.50.50.50/32。

5、开始配置两台SR6604-X的IRF2时，需保证两台设备工作在独立模式。可以通过chassis convert mode irf/undo chassis convert mode命令使SR6604-X在IRF模式/独立运行模式切换（切换后设备会重启）。

6、本配置中使用了MPLS MCE技术，由S5820V2交换机作为MCE。配置MCE的OSPF功能时，需配置vpn-instance-capability simple命令关闭OSPF实例的路由环路检测功能，否则，MCE不会接受PE发送过来的OSPF路由，导致路由丢失。