AR28、AR46系列路由器DVPN双tunnel实现负载分担的典型配置
【需求】
位于分支的路由器有两条上行链路,和中心设备之间分别建立DVPN链路,两条链路之间要能够实现负载分担。
【组网图】
Center配置脚本
#
sysname center
#
cpu-usage cycle 1min
#
radius scheme system
#
domain system
#
local-user admin
password cipher .]@USE=B,53Q=^Q`MAF4<1!!
service-type telnet terminal
level 3
service-type ftp
#
dvpn policy 1 //创建dvpn-policy视图1
#
controller E1 1/0
using e1
#
controller E1 1/1
using e1
#
interface Aux0
async mode flow
#
interface Ethernet0/0
ip address 192.168.0.1 255.255.255.252
#
interface Ethernet0/1
ip address dhcp-alloc
#
interface Serial1/0:0
link-protocol ppp
ip address dhcp-alloc
#
interface Serial1/1:0
link-protocol ppp
ip address dhcp-alloc
#
interface Serial3/0
clock DTECLK1
link-protocol ppp
ip address dhcp-alloc
#
interface Serial3/1
clock DTECLK1
link-protocol ppp
ip address dhcp-alloc
#
interface Tunnel0 //创建Tunnel0接口
ip address 10.0.0.1 255.255.255.252
tunnel-protocol udp dvpn //Tunnel接口的封装格式
source Ethernet0/0
dvpn interface-type server //指定了Tunnel接口类型为server
dvpn dvpn-id 3 //配置Tunnel接口所属的DVPN域3
dvpn policy 1 //引用dvpn-policy视图1
#
interface Tunnel1
ip address 10.0.0.5 255.255.255.252
tunnel-protocol udp dvpn
source Ethernet0/0
dvpn interface-type server
dvpn dvpn-id 4
dvpn policy 1
#
interface NULL0
#
interface LoopBack1
ip address 20.0.0.1 255.255.255.0
#
ospf 1
area 0.0.0.0
network 10.0.0.0 0.0.0.3
network 10.0.0.4 0.0.0.3
network 20.0.0.0 0.0.0.255
#
FTP server enable
#
dvpn service enable //使能DVPN功能
dvpn server pre-shared-key 12345 //配置Server的身份pre-shared-key
#
ip route-static 0.0.0.0 0.0.0.0 192.168.0.2 preference 60
#
user-interface con 0
user-interface aux 0
user-interface vty 0 4
authentication-mode scheme
branch配置脚本
#
sysname branch
#
cpu-usage cycle 1min
#
radius scheme system
#
domain system
#
local-user admin
password cipher .]@USE=B,53Q=^Q`MAF4<1!!
service-type telnet terminal
level 3
service-type ftp
#
dvpn class test //配置Tunnel接口使用的dvpn-class
public-ip 192.168.0.1
authentication-server method pre-share
pre-shared-key 12345
#
dvpn class test1
public-ip 192.168.0.1
authentication-server method pre-share
pre-shared-key 12345
#
interface Aux0
async mode flow
#
interface Ethernet0/0
ip address 192.168.1.1 255.255.255.0
#
interface Ethernet0/1
ip address 192.168.2.1 255.255.255.0
#
interface Serial0/0
clock DTECLK1
link-protocol ppp
ip address dhcp-alloc
#
interface Tunnel0
ip address 10.0.0.2 255.255.255.252
tunnel-protocol udp dvpn
source Ethernet0/0
dvpn interface-type client
dvpn dvpn-id 3
dvpn server test
#
interface Tunnel1
ip address 10.0.0.6 255.255.255.252
tunnel-protocol udp dvpn
source Ethernet0/1
dvpn interface-type client
dvpn dvpn-id 4
dvpn server test1
#
interface NULL0
#
interface LoopBack1
ip address 20.0.1.1 255.255.255.0
#
ospf 1
area 0.0.0.0
network 10.0.0.0 0.0.0.3
network 10.0.0.4 0.0.0.3
network 20.0.1.0 0.0.0.255
#
FTP server enable
#
dvpn service enable
#
ip route-static 0.0.0.0 0.0.0.0 192.168.1.2 preference 60
#
user-interface con 0
user-interface aux 0
user-interface vty 0 4
authentication-mode scheme
#
【验证】
查看map和session信息:
<branch>dis dvpn map all
vpn-id private-ip public-ip port state type client-id
------------------------------------------------------------------------------
4 10.0.0.5 192.168.0.1 40959 SUCCESS C->S 87056676
3 10.0.0.1 192.168.0.1 40959 SUCCESS C->S 91662660
<branch>dis dvpn session all
vpn-id private-ip public-ip port state type
-----------------------------------------------------------------
3 10.0.0.1 192.168.0.1 40959 SUCCESS C->S
4 10.0.0.5 192.168.0.1 40959 SUCCESS C->S
<branch>tracert 20.0.0.1
traceroute to 20.0.0.1(20.0.0.1) 30 hops max,40 bytes packet
Press CTRL_C to break
1 10.0.0.5 7 ms 10.0.0.1 5 ms 10.0.0.5 5 ms
<branch>tracert 20.0.0.1
traceroute to 20.0.0.1(20.0.0.1) 30 hops max,40 bytes packet
Press CTRL_C to break
1 10.0.0.1 7 ms 10.0.0.5 5 ms 10.0.0.1 5 ms
<branch>tracert 20.0.0.1
traceroute to 20.0.0.1(20.0.0.1) 30 hops max,40 bytes packet
Press CTRL_C to break
1 10.0.0.5 5 ms 10.0.0.1 4 ms 10.0.0.5 5 ms
<branch>tracert 20.0.0.1
traceroute to 20.0.0.1(20.0.0.1) 30 hops max,40 bytes packet
Press CTRL_C to break
1 10.0.0.1 5 ms 10.0.0.5 5 ms 10.0.0.1 4 ms
该案例暂时没有网友评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作