H3C S9500交换机MPLS BGP VPN之CE双归属功能的配置

S9500交换机MPLS BGP VPN之CE双归属功能的配置

一、组网需求：

如下组网中，CE1和CE2分别与PE1和PE2设备相连，实现双归属；三个PE设备也两两相连，组成备份链路。CE3和CE4不使用双归属，只与一个PE设备相连。CE1与CE3属于同一个VPN；CE2与CE4属于同一个VPN。不同的VPN之间不能互通。

二、组网图

三、配置步骤：

软件版本：S9500交换机全系列软件版本

硬件版本：S9500交换机支持MPLS VPN业务板（CA/CB类业务板）

配置PE1设备

1） 在PE1上为CE1和CE2分别创建VPN-instance1.1和VPN-instance1.2，并配置不同的VPN-target属性

[PE1] ip vpn-instance vpn-instance1.1

[PE1-vpn-vpn-instance1.1] route-distinguisher 1.1.1.1:1

[PE1-vpn-vpn-instance1.1] vpn-target 1.1.1.1:1

[PE1] ip vpn-instance vpn-instance1.2

[PE1-vpn-vpn-instance1.2] route-distinguisher 2.2.2.2:2

[PE1-vpn-vpn-instance1.2] vpn-target 2.2.2.2:2

2） PE1在实例VPN-instance1.1下与CE1建立EBGP邻居，将CE1内部VPN路由引入VPN-instance1.1

[PE1] bgp 100

[PE1-bgp] ipv4-family vpn-instance vpn-instance1.1

[PE1-bgp-af-vpn-instance] import-route direct

[PE1-bgp-af-vpn-instance] import-route static

[PE1-bgp-af-vpn-instance] group 17211 external

[PE1-bgp-af-vpn-instance] peer 172.11.11.2 group 17211 as-number 65001

3）PE1在实例VPN-instance1.2下与CE2建立EBGP邻居，将CE2内部VPN路由引入VPN-instance1.2

[PE1] bgp 100

[PE1-bgp] ipv4-family vpn-instance vpn-instance1.2

[PE1-bgp-af-vpn-instance] import-route direct

[PE1-bgp-af-vpn-instance] import-route static

[PE1-bgp-af-vpn-instance] group 17221 external

[PE1-bgp-af-vpn-instance] peer 172.21.21.2 group 17221 as-number 65002

4）将PE1与CE1相连的VLAN接口绑定到VPN-instance1.1；将PE1与CE2相连的VLAN接口绑定到VPN-instance1.2

[PE1] vlan 211

[PE1-vlan211] port gigabitethernet 2/1/1

[PE1] interface vlan-interface 211

[PE1-vlan-interface211] ip binding vpn-instance vpn-instance1.1

[PE1-vlan-interface211] ip address 172.11.11.1 255.255.255.0

[PE1] vlan 212

[PE1-vlan212] port gigabitethernet 2/1/2

[PE1] interface vlan-interface 212

[PE1-vlan-interface212] ip binding vpn-instance vpn-instance1.2

[PE1-vlan-interface212] ip address 172.21.21.1 255.255.255.0

5） 配置LoopBack接口

[PE1] interface loopback 0

[PE1-LoopBack0] ip address 1.1.1.1 255.255.255.255

6）配置MPLS基本能力，并在PE1与PE2、PE3相连的VLAN接口上使能LDP

[PE1] mpls lsr-id 1.1.1.1

[PE1] mpls

[PE1] mpls ldp

[PE1] vlan 213

[PE1-vlan213] port gigabitethernet 2/1/3

[PE1] interface vlan-interface213

[PE1-vlan-interface213] mpls

[PE1-vlan-interface213] mpls ldp enable

[PE1-vlan-interface213] mpls ldp transport-ip interface

[PE1-vlan-interface213] ip address 10.1.1.1 255.255.255.0

[PE1] vlan 214

[PE1-vlan214] port gigabitethernet 2/1/4

[PE1] interface vlan-interface 214

[PE1-vlan-interface214] mpls

[PE1-vlan-interface214] mpls ldp enable

[PE1-vlan-interface214] mpls ldp transport-ip interface

[PE1-vlan-interface214] ip address 30.1.1.2 255.255.255.0

7）在PE1与P2、PE3相连的接口及环回接口上启用OSPF，实现PE内部的互通

[PE1] router id 1.1.1.1

[PE1] ospf

[PE1-ospf-1] area 0

[PE1-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0

[PE1-ospf-1-area-0.0.0.0] network 30.1.1.2 0.0.0.255

[PE1-ospf-1-area-0.0.0.0] network 10.1.1.1 0.0.0.255

8）在PE与PE之间建立MP-IBGP邻居，进行PE内部的VPN路由信息交换。并在VPNv4子地址族视图下激活MP-IBGP对等体

[PE1] bgp 100

[PE1-bgp] group 2

[PE1-bgp] peer 2.2.2.2 group 2

[PE1-bgp] peer 2.2.2.2 connect-interface loopback 0

[PE1-bgp] group 3

[PE1-bgp] peer 3.3.3.3 group 3

[PE1-bgp] peer 3.3.3.3 connect-interface loopback 0

[PE1-bgp] ipv4-family vpnv4

[PE1-bgp-af-vpn] peer 2 enable

[PE1-bgp-af-vpn] peer 2.2.2.2 group 2

[PE1-bgp-af-vpn] peer 3 enable

[PE1-bgp-af-vpn] peer 3.3.3.3 group 3

配置PE2设备

1）在PE2上为CE1和CE2分别创建VPN-instance2.1和VPN-instance2.2，并配置不同的VPN-target属性

[PE2] ip vpn-instance vpn-instance2.1

[PE2-vpn-vpn-instance2.1] route-distinguisher 1.1.1.1:1

[PE2-vpn-vpn-instance2.1] vpn-target 1.1.1.1:1

[PE2] ip vpn-instance vpn-instance2.2

[PE2-vpn-vpn-instance2.2] route-distinguisher 2.2.2.2:2

[PE2-vpn-vpn-instance2.2] vpn-target 2.2.2.2:2

2）PE2在实例VPN-instance2.1下与CE1建立EBGP邻居，将CE1内部VPN路由引入VPN-instance2.1

[PE2] bgp 100

[PE2-bgp] ipv4-family vpn-instance vpn-instance2.1

[PE2-bgp-af-vpn-instance] import-route direct

[PE2-bgp-af-vpn-instance] import-route static

[PE2-bgp-af-vpn-instance] group 17212 external

[PE2-bgp-af-vpn-instance] peer 172.12.12.2 group 17212 as-number 65001

3）PE2在实例VPN-instance2.2下与CE2建立EBGP邻居，将CE2内部VPN路由引入VPN-instance2.2

[PE2-bgp] ipv4-family vpn-instance vpn-instance2.2

[PE2-bgp-af-vpn-instance] import-route direct

[PE2-bgp-af-vpn-instance] import-route static

[PE2-bgp-af-vpn-instance] group 17222 external

[PE2-bgp-af-vpn-instance] peer 172.22.22.2 group 17222 as-number 65002

4）将PE2与CE1相连的VLAN接口绑定到VPN-instance2.1；将PE2与CE2相连的VLAN接口绑定到VPN-instance2.2

[PE2] vlan 212

[PE2-vlan212] port gigabitethernet 2/1/2

[PE2] interface vlan-interface 212

[PE2-vlan-interface212] ip binding vpn-instance vpn-instance2.1

[PE2-vlan-interface212] ip address 172.12.12.1 255.255.255.0

[PE2] vlan 211

[PE2-vlan211] port gigabitethernet 2/1/1

[PE2] interface vlan-interface 211

[PE2-vlan-interface211] ip binding vpn-instance vpn-instance2.2

[PE2-vlan-interface211] ip address 172.22.22.1 255.255.255.0

5）配置LoopBack接口

[PE2] interface loopback 0

[PE2-LoopBack0] ip address 2.2.2.2 255.255.255.255

6）配置MPLS基本能力，并在PE2与PE1、PE3相连的VLAN接口上使能LDP

[PE2] mpls lsr-id 2.2.2.2

[PE2] mpls

[PE2] mpls ldp

[PE2] vlan 213

[PE2-vlan213] port gigabitethernet 2/1/3

[PE2] interface vlan-interface213

[PE2-vlan-interface213] mpls

[PE2-vlan-interface213] mpls ldp enable

[PE2-vlan-interface213] mpls ldp transport-ip interface

[PE2-vlan-interface213] ip address 10.1.1.2 255.255.255.0

[PE2] vlan 214

[PE2-vlan214] port gigabitethernet 2/1/4

[PE2] interface vlan-interface 214

[PE2-vlan-interface214] mpls

[PE2-vlan-interface214] mpls ldp enable

[PE2-vlan-interface214] mpls ldp transport-ip interface

[PE2-vlan-interface214] ip address 20.1.1.1 255.255.255.0

7） 在PE2与PE1、PE3相连的接口及环回接口上启用OSPF，实现PE内部互通

[PE2] router id 2.2.2.2

[PE2] ospf

[PE2-ospf-1] area 0

[PE2-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0

[PE2-ospf-1-area-0.0.0.0] network 20.1.1.1 0.0.0.255

[PE2-ospf-1-area-0.0.0.0] network 10.1.1.1 0.0.0.255

8）在PE与PE之间建立MP-IBGP邻居，进行PE内部的VPN路由信息交换。并在VPNv4子地址族视图下激活MP-IBGP对等体

[PE2] bgp 100

[PE2-bgp] group 1

[PE2-bgp] peer 1.1.1.1 group 1

[PE2-bgp] peer 1.1.1.1 connect-interface loopback 0

[PE2-bgp] group 3

[PE2-bgp] peer 3.3.3.3 group 3

[PE2-bgp] peer 3.3.3.3 connect-interface loopback 0

[PE2-bgp] ipv4-family vpnv4

[PE2-bgp-af-vpn] peer 1 enable

[PE2-bgp-af-vpn] peer 1.1.1.1 group 1

[PE2-bgp-af-vpn] peer 3 enable

[PE2-bgp-af-vpn] peer 3.3.3.3 group 3

配置PE3设备

1） 在PE3上为CE3和CE4分别创建VPN-instance3.1和3.2，并配置不同的VPN-target属性

[PE3] ip vpn-instance vpn-instance3.1

[PE3-vpn-vpn-instance3.1] route-distinguisher 1.1.1.1:1

[PE3-vpn-vpn-instance3.1] vpn-target 1.1.1.1:1

[PE3] ip vpn-instance vpn-instance3.2

[PE3-vpn-vpn-instance3.2] route-distinguisher 2.2.2.2:2

[PE3-vpn-vpn-instance3.2] vpn-target 2.2.2.2:2

2） PE3在实例VPN-instance3.1下与CE2建立EBGP邻居2，将CE3内部VPN路由引入VPN-instance3.1

[PE3] bgp 100

[PE3-bgp] ipv4-family vpn-instance vpn-instance3.1

[PE3-bgp-af-vpn-instance] import-route direct

[PE3-bgp-af-vpn-instance] import-route static

[PE3-bgp-af-vpn-instance] group 192 external

[PE3-bgp-af-vpn-instance] peer 192.168.13.2 group 192 as-number 65003

3）PE3在实例VPN-instance3.2下与CE4建立EBGP邻居，将CE4内部VPN路由引入VPN-instance3.2

[PE3-bgp] ipv4-family vpn-instance vpn-instance3.2

[PE3-bgp-af-vpn-instance] import-route direct

[PE3-bgp-af-vpn-instance] import-route static

[PE3-bgp-af-vpn-instance] group 232 external

[PE3-bgp-af-vpn-instance] peer 192.168.23.2 group 232 as-number 65004

4）将PE3与CE3相连的VLAN接口绑定到VPN-instance3.1；将PE3与CE4相连的VLAN接口绑定到VPN-instance3.2

[PE3] vlan 311

[PE3-vlan311] port gigabitethernet 2/1/1

[PE3] interface vlan-interface 311

[PE3-vlan-interface311] ip binding vpn-instance vpn-instance3.1

[PE3-vlan-interface311] ip address 192.168.13.1 255.255.255.0

[PE3] vlan 314

[PE3-vlan314] port gigabitethernet 2/1/4

[PE3] interface vlan-interface 314

[PE3-vlan-interface314] ip binding vpn-instance vpn-instance3.2

[PE3-vlan-interface314] ip address 192.168.23.1 255.255.255.0

5）配置LoopBack接口

[PE3] interface loopback 0

[PE3-LoopBack0] ip address 3.3.3.3 255.255.255.255

6）配置MPLS基本能力，并在PE3与PE1、PE2相连的VLAN接口上使能LDP

[PE3] mpls lsr-id 3.3.3.3

[PE3] mpls

[PE3] mpls ldp

[PE3] vlan 312

[PE3-vlan312] port gigabitethernet 2/1/2

[PE3] interface vlan-interface312

[PE3-vlan-interface312] mpls

[PE3-vlan-interface312] mpls ldp enable

[PE3-vlan-interface312] mpls ldp transport-ip interface

[PE3-vlan-interface312] ip address 30.1.1.1 255.255.255.0

[PE3] vlan 313

[PE3-vlan313] port gigabitethernet 2/1/3

[PE3] interface vlan-interface 313

[PE3-vlan-interface313] mpls

[PE3-vlan-interface313] mpls ldp enable

[PE3-vlan-interface313] mpls ldp transport-ip interface

[PE3-vlan-interface313] ip address 20.1.1.2 255.255.255.0

7）在PE3与PE1、PE2相连的接口及环回接口上启用OSPF，实现PE内部互通

[PE3] router id 3.3.3.3

[PE3] ospf

[PE3-ospf-1] area 0

[PE3-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0

[PE3-ospf-1-area-0.0.0.0] network 20.1.1.2 0.0.0.255

[PE3-ospf-1-area-0.0.0.0] network 30.1.1.1 0.0.0.255

8）在PE与PE之间建立MP-IBGP邻居，进行PE内部的VPN路由信息交换。并在VPNv4子地址族视图下激活MP-IBGP对等体

[PE3] bgp 100

[PE3-bgp] group 1

[PE3-bgp] peer 1.1.1.1 group 1

[PE3-bgp] peer 1.1.1.1 connect-interface loopback 0

[PE3-bgp] group 2

[PE3-bgp] peer 2.2.2.2 group 2

[PE3-bgp] peer 2.2.2.2 connect-interface loopback 0

[PE3-bgp] ipv4-family vpnv4

[PE3-bgp-af-vpn] peer 1 enable

[PE3-bgp-af-vpn] peer 1.1.1.1 group 1

[PE3-bgp-af-vpn] peer 2 enable

[PE3-bgp-af-vpn] peer 2.2.2.2 group 2