a. VPN1的CE分别在两个不同的AS、采用EBGP和骨干路由器互联,AS号码为65505和65506。
b. VPN2的两个CE采用不同的IGP路由协议互联、S3采用OSPF和R3连接、S2采用RIP和R2连接。
c. VPN3的两个CE采用静态路由和PE连接。
2. 方案技术要点:
a. 网络协议IS-IS、EBGP、IBGP、OSPF、RIP、静态路由。 b. 完全相同IP地址的VPN( VPN1与 VPN2 )。 c. VPN中采用不同协议:VPN1 (EBGP-EBGP),VPN2 (RIP-OSPF), VPN3 ( 静态路由-静态路由)。
3. 配置命令:
version 12.0 ! hostname R2 ! boot system disk0:rsp-pv-mz.120-22.S.bin ip cef no ip domain-lookup ! ip vrf vpn1 rd 100:1 route-target eXPort 100:1 route-target import 100:1 ! ip vrf vpn2 rd 100:2 route-target export 100:2 route-target import 100:2 ! ip vrf vpn3 rd 100:3 route-target export 100:3 route-target import 100:3 clns routing ! interface Loopback0 ip address 10.10.20.2 255.255.255.255 no ip directed-broadcast ip router isis isis circuit-type level-2-only ! interface Multilink1 ip address 10.10.12.2 255.255.255.0 no ip directed-broadcast ip router isis tag-switching ip ppp multilink multilink-group 1 isis circuit-type level-2-only ! router isis net 00.1111.0000.0000.1112.00 is-type level-2-only ! router rip version 2 ! address-family ipv4 vrf vpn2 version 2 redistribute bgp 100 metric transparent network 10.0.0.0 no auto-summary exit-address-family ! router bgp 100 bgp log-neighbor-changes bgp graceful-restart restart-time 120 bgp graceful-restart stalepath-time 360 bgp graceful-restart neighbor 10.10.10.1 remote-as 100 neighbor 10.10.10.1 update-source Loopback0 neighbor 10.10.30.3 remote-as 100 neighbor 10.10.30.3 update-source Loopback0 no auto-summary ! address-family ipv4 multicast no auto-summary no synchronization exit-address-family ! address-family vpnv4 neighbor 10.10.10.1 activate neighbor 10.10.10.1 next-hop-self neighbor 10.10.10.1 send-community extended neighbor 10.10.30.3 activate neighbor 10.10.30.3 next-hop-self neighbor 10.10.30.3 send-community extended no auto-summary exit-address-family ! address-family ipv4 neighbor 10.10.10.1 activate neighbor 10.10.30.3 activate no auto-summary no synchronization exit-address-family ! address-family ipv4 vrf vpn3 redistribute connected redistribute static no auto-summary no synchronization exit-address-family ! address-family ipv4 vrf vpn2 redistribute connected redistribute static redistribute rip no auto-summary no synchronization exit-address-family ! address-family ipv4 vrf vpn1 neighbor 10.10.26.6 remote-as 65506 neighbor 10.10.26.6 activate no auto-summary no synchronization exit-address-family ! ip classless ip route vrf vpn3 10.10.60.0 255.255.255.0 10.10.26.6
4. 确认命令:
R1# sh ip rou
10.0.0.0/8 is variably subnetted, 7 subnets, 2 masks C 10.10.10.1/32 is directly connected, Loopback0 C 10.10.12.0/24 is directly connected, Multilink1 C 10.10.13.0/24 is directly connected, POS4/0/0 C 10.10.12.2/32 is directly connected, Multilink1 i L2 10.10.20.2/32 [115/17] via 10.10.13.2, POS4/0/0 i L2 10.10.23.0/24 [115/7] via 10.10.13.2, POS4/0/0 i L2 10.10.30.3/32 [115/15] via 10.10.13.2, POS4/0/0
R1#sh ip router vrf vpn2
10.0.0.0/24 is subnetted, 4 subnets C 10.10.15.0 is directly connected, FastEthernet2/0/1 B 10.10.26.0 [200/0] via 10.10.20.2, 00:01:48 B 10.10.50.0 [20/0] via 10.10.15.5, 00:01:54 B 10.10.60.0 [200/0] via 10.10.20.2, 00:01:48
R1#sh ip router vrf vpn3
10.0.0.0/24 is subnetted, 3 subnets C 10.10.15.0 is directly connected, FastEthernet2/0/0 B 10.10.26.0 [200/0] via 10.10.20.2, 00:01:57 B 10.10.60.0 [200/0] via 10.10.20.2, 00:01:57
R5-3640#sh ip rou
10.0.0.0/24 is subnetted, 4 subnets C 10.10.15.0 is directly connected, FastEthernet0/0 B 10.10.26.0 [20/0] via 10.10.15.1, 00:02:24 C 10.10.50.0 is directly connected, Loopback0 B 10.10.60.0 [20/0] via 10.10.15.1, 00:02:24
R5-3640#ping 10.10.60.6
Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.10.60.6, timeout is 2 seconds: !!!!! SUCcess rate is 100 percent (5/5), round-trip min/avg/max = 12/12/12 ms
R5-3640#trace 10.10.60.6
Type escape sequence to abort. Tracing the route to 10.10.60.6
S1-4006> (enable) trace 10.10.60.6 traceroute to 10.10.60.6 (10.10.60.6), 30 hops max, 40 byte packets 1 10.10.15.1 (10.10.15.1) 8 ms 24 ms 7 ms 2 10.10.13.2 (10.10.13.2) 10 ms 9 ms 10 ms 3 10.10.26.2 (10.10.26.2) 10 ms 7 ms 7 ms 4 10.10.26.6 (10.10.26.6) 8 ms * 9 ms S1-4006> (enable) exit
R2#sh ip rou 10.0.0.0/8 is variably subnetted, 7 subnets, 2 masks i L2 10.10.10.1/32 [115/17] via 10.10.23.3, GigabitEthernet10/0/0 C 10.10.12.0/24 is directly connected, Multilink1 i L2 10.10.13.0/24 [115/7] via 10.10.23.3, GigabitEthernet10/0/0 C 10.10.12.1/32 is directly connected, Multilink1 C 10.10.20.2/32 is directly connected, Loopback0 C 10.10.23.0/24 is directly connected, GigabitEthernet10/0/0 i L2 10.10.30.3/32 [115/12] via 10.10.23.3, GigabitEthernet10/0/0
R2#sh ip router vrf vpn1 10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks B 10.10.15.0/24 [200/0] via 10.10.10.1, 00:05:48 C 10.10.26.0/24 is directly connected, Multilink2 C 10.10.26.6/32 is directly connected, Multilink2 B 10.10.50.0/24 [200/0] via 10.10.10.1, 00:05:48 B 10.10.60.0/24 [20/0] via 10.10.26.6, 00:07:21
R2#sh ip route vrf vpn2 10.0.0.0/24 is subnetted, 3 subnets C 10.10.22.0 is directly connected, FastEthernet9/0/0 B 10.10.33.0 [200/0] via 10.10.30.3, 00:05:51 B 10.10.100.0 [200/2] via 10.10.30.3, 00:05:21
R2#sh ip route vrf vpn3 10.0.0.0/24 is subnetted, 3 subnets B 10.10.15.0 [200/0] via 10.10.10.1, 00:05:55 C 10.10.26.0 is directly connected, FastEthernet8/0/0 S 10.10.60.0 [1/0] via 10.10.26.6
R6-3640#sh ip rou 10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks B 10.10.15.0/24 [20/0] via 10.10.26.2, 00:06:04 C 10.10.26.2/32 is directly connected, Multilink1 C 10.10.26.0/24 is directly connected, Multilink1 B 10.10.50.0/24 [20/0] via 10.10.26.2, 00:06:04 C 10.10.60.0/24 is directly connected, Loopback0
R6-3640#ping 10.10.50.5 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.10.50.5, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 4/4/4 ms
R6-3640#trace 10.10.50.5 Type escape sequence to abort. Tracing the route to 10.10.50.5
R3#sh ip rou 10.0.0.0/8 is variably subnetted, 6 subnets, 2 masks i L2 10.10.10.1/32 [115/15] via 10.10.13.1, POS5/0/0 i L2 10.10.12.0/24 [115/12] via 10.10.23.2, GigabitEthernet1/0/0 C 10.10.13.0/24 is directly connected, POS5/0/0 i L2 10.10.20.2/32 [115/12] via 10.10.23.2, GigabitEthernet1/0/0 C 10.10.23.0/24 is directly connected, GigabitEthernet1/0/0 C 10.10.30.3/32 is directly connected, Loopback0
R3#sh ip route vrf vpn 2 10.0.0.0/24 is subnetted, 3 subnets B 10.10.22.0 [200/0] via 10.10.20.2, 00:09:23 C 10.10.33.0 is directly connected, FastEthernet4/0/0 O 10.10.100.0 [110/2] via 10.10.33.33, 00:08:43, FastEthernet4/0/0
S3-4006-L3#sh ip rou 10.0.0.0/24 is subnetted, 3 subnets O E2 10.10.22.0 [110/1] via 10.10.33.3, 00:09:38, Port-channel1.1 C 10.10.33.0 is directly connected, Port-channel1.1 C 10.10.100.0 is directly connected, Port-channel1.2
S3-4006-L3#ping 10.10.22.254 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 10.10.22.254, timeout is 2 seconds: !!!!! 5. 结果:
a. 网络协议IS-IS、EBGP、IBGP、OSPF、RIP、静态路由等协议连通正常。
b. 完全相同IP地址的VPN( VPN1与 VPN2 )。 c. VPN中采用不同协议:VPN1 (EBGP-EBGP),VPN2 (RIP-OSPF), VPN3 ( 静态路由-静态路由) 连通正常。
