「HUAWEI-ENSP」- 实验学习:VPN Instance | VRF

实验需求

拓扑描述:

  • 右侧 PC1、PC2、PC3 具有相同网段;
  • 左侧 AR4 AR5 AR7 具有相同网段,并具有地址不同的 Loopback 接口;
  • 两侧 PC、AR 设备与中间的 AR8 相连,AR8 为 PC1 PC2 PC3 的网关;

实验过程

配置 PC 与 GW 通信

配置 PC 信息:略……

配置 SW1 设备: 

[SW1]interface GigabitEthernet 0/0/1
[SW1-GigabitEthernet0/0/1]port link-type access
[SW1-GigabitEthernet0/0/1]port default vlan 30

[SW1]interface GigabitEthernet 0/0/4
[SW1-GigabitEthernet0/0/4]port link-type access
[SW1-GigabitEthernet0/0/4]port default vlan 30

[SW1]interface GigabitEthernet 0/0/2
[SW1-GigabitEthernet0/0/2]port link-type access
[SW1-GigabitEthernet0/0/2]port default vlan 20

[SW1]interface GigabitEthernet 0/0/3
[SW1-GigabitEthernet0/0/3]port link-type trunk
[SW1-GigabitEthernet0/0/3]port trunk allow-pass vlan 10 20 30

配置 AR8 设备: 

[AR8]ip vpn-instance VLAN10
[AR8-vpn-instance-VLAN10]ipv4-family

[AR8]ip vpn-instance VLAN20
[AR8-vpn-instance-VLAN20]ipv4-family

[AR8]ip vpn-instance VLAN30
[AR8-vpn-instance-VLAN30]ipv4-family

[AR8]interface GigabitEthernet 0/0/0.10
[AR8-GigabitEthernet0/0/0.10]ip binding vpn-instance VLAN10
[AR8-GigabitEthernet0/0/0.10]ip address 192.168.1.254 24
[AR8-GigabitEthernet0/0/0.10]dot1q termination vid 10
[AR8-GigabitEthernet0/0/0.10]arp broadcast enable

[AR8]interface GigabitEthernet 0/0/0.20
[AR8-GigabitEthernet0/0/0.20]ip binding vpn-instance VLAN20
[AR8-GigabitEthernet0/0/0.20]ip address 192.168.1.254 24
[AR8-GigabitEthernet0/0/0.20]dot1q termination vid 20
[AR8-GigabitEthernet0/0/0.20]arp broadcast enable

[AR8]interface GigabitEthernet 0/0/0.30
[AR8-GigabitEthernet0/0/0.30]ip binding vpn-instance VLAN30
[AR8-GigabitEthernet0/0/0.30]ip address 192.168.1.254 24
[AR8-GigabitEthernet0/0/0.30]dot1q termination vid 30
[AR8-GigabitEthernet0/0/0.30]arp broadcast enable

访问测试:

  • 在 PC1 PC2 PC3 中,ping AR8 192.168.1.254,检查能否 ping 通;

通过 Static Routing 协议,实现 PC2 与 AR5 Loopback 通信;

配置 AR4 设备: 

[AR4]ip route-static 192.168.1.0 24 10.0.0.254

配置 AR8 设备: 

[AR8]interface GigabitEthernet 4/0/3
[AR8-GigabitEthernet4/0/3]ip binding vpn-instance VLAN30
[AR8-GigabitEthernet4/0/3]ip address 10.0.0.254 24
[AR8]ip route-static vpn-instance VLAN30 4.4.4.4 32 10.0.0.4

访问测试:

  • [PC3] ping AR4 4.4.4.4 来测试是否能够连通;

通过 OSFP 协议,实现 PC3 与 AR4 Loopback 通信;

配置 AR5 设备: 

[AR5]ospf 1 router-id 5.5.5.5
[AR5-ospf-1]area 0
[AR5-ospf-1-area-0.0.0.0]network 5.5.5.5 0.0.0.0
[AR5-ospf-1-area-0.0.0.0]network 10.0.0.0 0.0.0.255

配置 AR8 设备: 

[AR8]interface GigabitEthernet 4/0/2
[AR8-GigabitEthernet4/0/2]ip binding vpn-instance VLAN20

[AR8]ospf 1 vpn-instance VLAN20 router-id 8.8.8.8
[AR8-ospf-1]area 0
[AR8-ospf-1-area-0.0.0.0]network 10.0.0.0 0.0.0.255
[AR8-ospf-1-area-0.0.0.0]network 192.168.1.0 0.0.0.255

通过 BGP 协议,实现 PC1 与 AR7 Loopback 通信

配置 AR7 设备: 

[AR7]bgp 65007
[AR7-bgp]router-id 7.7.7.7
[AR7-bgp]peer 10.0.0.254 as-number 65008
[AR7-bgp]ipv4-family unicast
[AR7-bgp-af-ipv4]network 7.7.7.7 32

配置 AR8 设备: 

[AR8]interface GigabitEthernet 4/0/1
[AR8-GigabitEthernet4/0/1]ip binding vpn-instance VLAN10
[AR8-GigabitEthernet4/0/1]ip address 10.0.0.254 24

[AR8]ip vpn-instance VLAN10
[AR8-vpn-instance-VLAN10]ipv4-family
[AR8-vpn-instance-VLAN10-af-ipv4]route-distinguisher 65008:10

[AR8]bgp 65008
[AR8-bgp]router-id 8.8.8.8
[AR8-bgp]peer 10.0.0.7 as-number 65007
[AR8-bgp]ipv4-family vpn-instance VLAN10
[AR8-bgp-VLAN10]network 192.168.1.0 24
[AR8-bgp-VLAN10]peer 10.0.0.7 as-number 65007

测试方法:

  • [PC1] ping AR7 7.7.7.7 来测试是否能够连通;

排查方法:

  • [AR8]display ip routing-table vpn-instance VLAN10
  • [AR7]display bgp peer
  • [AR8]display bgp vpnv4 vpn-instance VLAN10 peer

补充说明

在缺省情况下,华为数通产品上所有三层接口都属于根实例。在防火墙中,会看到明显的根实例;在路由器中,根实例的体现并不明显;

Filed under: K4NZDROID - @ 12:11 AM