华为路由器MPLS VPN配置示例

2024年5月6日发(作者：)

-

.

配置BGP/MPLS IP VPN例如

图1 配置BGP/MPLS IP VPN组网图

•

•

•

•

组网需求

配置思路

操作步骤

配置文件

组网需求

如图1所示：

- .

.

-

.

•

•

CE1连接公司总部研发区、CE3连接分支机构研发区，CE1和CE3属于vpna；

CE2连接公司总部非研发区、CE4连接分支机构非研发区，CE2和CE4属于vpnb。

公司要求通过部署BGP/MPLS IP VPN，实现总部和分支机构的平安互通，同时要求研发区

和非研发区间数据隔离。

配置思路

采用如下的思路配置BGP/MPLS IP VPN：

1.

2.

3.

P、PE之间配置OSPF，实现骨干网的IP连通性。

PE、P上配置MPLS根本能力和MPLS LDP，建立MPLS LSP公网隧道，传输VPN

数据。

PE1和PE2上配置VPN实例，其中，vpna使用的VPN-target属性为111:1，vpnb

使用的VPN-target属性为222:2，以实现一样VPN间互通，不同VPN间隔离。同时，

与CE相连的接口和相应的VPN实例绑定，以接入VPN用户。

PE1和PE2之间配置MP-IBGP，交换VPN路由信息。

CE与PE之间配置EBGP，交换VPN路由信息。

4.

5.

操作步骤

1. 在MPLS骨干网上配置OSPF协议，实现骨干网PE和P的互通

# 配置PE1。

system-view

[Huawei] sysname PE1

[PE1] interface loopback 1

[PE1-LoopBack1] ip address 1.1.1.9 32

[PE1-LoopBack1] quit

[PE1] interface gigabitethernet 3/0/0

[PE1-GigabitEthernet3/0/0] ip address 172.1.1.1 24

[PE1-GigabitEthernet3/0/0] quit

[PE1] ospf 1

[PE1-ospf-1] area 0

[PE1-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255

[PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0

[PE1-ospf-1-area-0.0.0.0] quit

[PE1-ospf-1] quit

# 配置P。

system-view

[Huawei] sysname P

- .

.

-

.

[P] interface loopback 1

[P-LoopBack1] ip address 2.2.2.9 32

[P-LoopBack1] quit

[P] interface gigabitethernet 1/0/0

[P-GigabitEthernet1/0/0] ip address 172.1.1.2 24

[P-GigabitEthernet1/0/0] quit

[P] interface gigabitethernet 2/0/0

[P-GigabitEthernet2/0/0] ip address 172.2.1.1 24

[P-GigabitEthernet2/0/0] quit

[P] ospf

[P-ospf-1] area 0

[P-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255

[P-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255

[P-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0

[P-ospf-1-area-0.0.0.0] quit

[P-ospf-1] quit

# 配置PE2。

system-view

[Huawei] sysname PE2

[PE2] interface loopback 1

[PE2-LoopBack1] ip address 3.3.3.9 32

[PE2-LoopBack1] quit

[PE2] interface gigabitethernet 3/0/0

[PE2-GigabitEthernet3/0/0] ip address 172.2.1.2 24

[PE2-GigabitEthernet3/0/0] quit

[PE2] ospf

[PE2-ospf-1] area 0

[PE2-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255

[PE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0

[PE2-ospf-1-area-0.0.0.0] quit

[PE2-ospf-1] quit

配置完成后，PE1、P、PE2之间应能建立OSPF邻居关系，执行display ospf peer命令

可以看到邻居状态为Full。执行display ip routing-table命令可以看到PE之间学习到对

方的Loopback1路由。

以PE1的显示为例：

[PE1] display ip routing-table

Route Flags: R - relay,

D - download to fib

------------------------------------------------------------------------------

Routing Tables: Public

Destinations : 11 Routes : 11

- .

.

-

.

Destination/Mask Proto Pre Cost Flags NextHop Interface

1.1.1.9/32 Direct 0 0 D 127.0.0.1 LoopBack1

2.2.2.9/32 OSPF 10 1 D 172.1.1.2

GigabitEthernet3/0/0

3.3.3.9/32 OSPF 10 2 D 172.1.1.2

GigabitEthernet3/0/0

127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0

127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0

127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0

172.1.1.0/24 Direct 0 0 D 172.1.1.1 GigabitEthernet3/0/0

172.1.1.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet3/0/0

172.1.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet3/0/0

172.2.1.0/24 OSPF 10 2 D 172.1.1.2

GigabitEthernet3/0/0

255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0

[PE1] display ospf peer

OSPF Process 1 with Router ID 1.1.1.9

Neighbors

Area 0.0.0.0 interface 172.1.1.1(GigabitEthernet3/0/0)'s neighbors

Router ID: 2.2.2.9 Address: 172.1.1.2

State: Full Mode:Nbr is Master Priority: 1

DR: 172.1.1.1 BDR: 172.1.1.2 MTU: 0

Dead timer due in 37 sec

Retrans timer interval: 5

Neighbor is up for 00:16:21

Authentication Sequence: [ 0 ]

2. 在MPLS骨干网上配置MPLS根本能力和MPLS LDP，建立LDP LSP

# 配置PE1。

[PE1] mpls lsr-id 1.1.1.9

[PE1] mpls

[PE1-mpls] quit

[PE1] mpls ldp

[PE1-mpls-ldp] quit

[PE1] interface gigabitethernet 3/0/0

[PE1-GigabitEthernet3/0/0] mpls

[PE1-GigabitEthernet3/0/0] mpls ldp

- .

.

-

.

[PE1-GigabitEthernet3/0/0] quit

# 配置P。

[P] mpls lsr-id 2.2.2.9

[P] mpls

[P-mpls] quit

[P] mpls ldp

[P-mpls-ldp] quit

[P] interface gigabitethernet 1/0/0

[P-GigabitEthernet1/0/0] mpls

[P-GigabitEthernet1/0/0] mpls ldp

[P-GigabitEthernet1/0/0] quit

[P] interface gigabitethernet 2/0/0

[P-GigabitEthernet2/0/0] mpls

[P-GigabitEthernet2/0/0] mpls ldp

[P-GigabitEthernet2/0/0] quit

# 配置PE2。

[PE2] mpls lsr-id 3.3.3.9

[PE2] mpls

[PE2-mpls] quit

[PE2] mpls ldp

[PE2-mpls-ldp] quit

[PE2] interface gigabitethernet 3/0/0

[PE2-GigabitEthernet3/0/0] mpls

[PE2-GigabitEthernet3/0/0] mpls ldp

[PE2-GigabitEthernet3/0/0] quit

上述配置完成后，PE1与P、P与PE2之间应能建立LDP会话，执行display mpls ldp

session命令可以看到显示结果中Status项为“Operational〞。执行display mpls ldp lsp

命令，可以看到LDP LSP的建立情况。

以PE1的显示为例：

[PE1] display mpls ldp session

LDP Session(s) in Public Network

Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM)

A '*' before a session means the session is being deleted.

------------------------------------------------------------------------------

PeerID Status LAM SsnRole SsnAge KASent/Rcv

------------------------------------------------------------------------------

2.2.2.9:0 Operational DU Active 0000:00:01 6/6

------------------------------------------------------------------------------

TOTAL: 1 session(s) Found.

[PE1] display mpls ldp lsp

- .

.

-

.

LDP LSP Information

-------------------------------------------------------------------------------

DestAddress/Mask In/OutLabel UpstreamPeer NextHop OutInterface

-------------------------------------------------------------------------------

1.1.1.9/32 3/NULL 2.2.2.9 127.0.0.1 InLoop0

*1.1.1.9/32 Liberal/1024 DS/2.2.2.9

2.2.2.9/32 NULL/3 - 172.1.1.2 GE3/0/0

2.2.2.9/32 1024/3 2.2.2.9 172.1.1.2 GE3/0/0

3.3.3.9/32 NULL/1025 - 172.1.1.2 GE3/0/0

3.3.3.9/32 1025/1025 2.2.2.9 172.1.1.2 GE3/0/0

-------------------------------------------------------------------------------

TOTAL: 5 Normal LSP(s) Found.

TOTAL: 1 Liberal LSP(s) Found.

TOTAL: 0 Frr LSP(s) Found.

A '*' before an LSP means the LSP is not established

A '*' before a Label means the USCB or DSCB is stale

A '*' before a UpstreamPeer means the session is stale

A '*' before a DS means the session is stale

A '*' before a NextHop means the LSP is FRR LSP

3. 在PE设备上配置VPN实例，将CE接入PE

# 配置PE1。

[PE1] ip vpn-instance vpna

[PE1-vpn-instance-vpna] ipv4-family

[PE1-vpn-instance-vpna-af-ipv4] route-distinguisher 100:1

[PE1-vpn-instance-vpna-af-ipv4] vpn-target 111:1 both

[PE1-vpn-instance-vpna-af-ipv4] quit

[PE1-vpn-instance-vpna] quit

[PE1] ip vpn-instance vpnb

[PE1-vpn-instance-vpnb] ipv4-family

[PE1-vpn-instance-vpnb-af-ipv4] route-distinguisher 100:2

[PE1-vpn-instance-vpnb-af-ipv4] vpn-target 222:2 both

[PE1-vpn-instance-vpna-af-ipv4] quit

[PE1-vpn-instance-vpnb] quit

[PE1] interface gigabitethernet 1/0/0

[PE1-GigabitEthernet1/0/0] ip binding vpn-instance vpna

[PE1-GigabitEthernet1/0/0] ip address 10.1.1.2 24

[PE1-GigabitEthernet1/0/0] quit

[PE1] interface gigabitethernet 2/0/0

[PE1-GigabitEthernet2/0/0] ip binding vpn-instance vpnb

- .

.

-

.

[PE1-GigabitEthernet2/0/0] ip address 10.2.1.2 24

[PE1-GigabitEthernet2/0/0] quit

# 配置PE2。

[PE2] ip vpn-instance vpna

[PE2-vpn-instance-vpna] ipv4-family

[PE2-vpn-instance-vpna-af-ipv4] route-distinguisher 200:1

[PE2-vpn-instance-vpna-af-ipv4] vpn-target 111:1 both

[PE2-vpn-instance-vpna-af-ipv4] quit

[PE2-vpn-instance-vpna] quit

[PE2] ip vpn-instance vpnb

[PE2-vpn-instance-vpnb] ipv4-family

[PE2-vpn-instance-vpnb-af-ipv4] route-distinguisher 200:2

[PE2-vpn-instance-vpnb-af-ipv4] vpn-target 222:2 both

[PE2-vpn-instance-vpnb-af-ipv4] quit

[PE2-vpn-instance-vpnb] quit

[PE2] interface gigabitethernet 1/0/0

[PE2-GigabitEthernet1/0/0] ip binding vpn-instance vpna

[PE2-GigabitEthernet1/0/0] ip address 10.3.1.2 24

[PE2-GigabitEthernet1/0/0] quit

[PE2] interface gigabitethernet 2/0/0

[PE2-GigabitEthernet2/0/0] ip binding vpn-instance vpnb

[PE2-GigabitEthernet2/0/0] ip address 10.4.1.2 24

[PE2-GigabitEthernet2/0/0] quit

# 按图1配置各CE的接口IP地址。

# 配置CE1。CE2、CE3和CE4与CE1类似，不再赘述。

system-view

[Huawei] sysname CE1

[CE1] interface gigabitethernet 1/0/0

[CE1-GigabitEthernet1/0/0] ip address 10.1.1.1 24

[CE1-GigabitEthernet1/0/0] quit

配置完成后，在PE设备上执行display ip vpn-instance verbose命令可以看到VPN实例

的配置情况。各PE能ping通自己接入的CE。

说明：

当PE上有多个接口绑定了同一个VPN，那么使用ping -vpn-instance命令ping对端

PE接入的CE时，要指定源IP地址，即要指定ping

-vpn-instance

vpn-instance-name

-a

source-ip-address dest-ip-address

命令中的参数

-a

source-ip-address

，否那么可能ping不通。

以PE1为例：

[PE1] display ip vpn-instance verbose

Total VPN-Instances configured : 2

- .

.

-

.

Total IPv4 VPN-Instances configured : 2

Total IPv6 VPN-Instances configured : 0

VPN-Instance Name and ID : vpna, 1

Interfaces : GigabitEthernet1/0/0

Address family ipv4

Create date : 2012/07/25 00:58:17

Up time : 0 days, 22 hours, 24 minutes and 53 seconds

Route Distinguisher : 100:1

Export VPN Targets : 111:1

Import VPN Targets : 111:1

Label Policy : label per route

Log Interval : 5

VPN-Instance Name and ID : vpnb, 2

Interfaces : GigabitEthernet2/0/0

Address family ipv4

Create date : 2012/07/25 00:58:17

Up time : 0 days, 22 hours, 24 minutes and 53 seconds

Route Distinguisher : 100:2

Export VPN Targets : 222:2

Import VPN Targets : 222:2

Label Policy : label per route

Log Interval : 5

[PE1] ping -vpn-instance vpna 10.1.1.1

PING 10.1.1.1: 56 data bytes, press CTRL_C to break

Reply from 10.1.1.1: bytes=56 Sequence=1 ttl=255 time=5 ms

Reply from 10.1.1.1: bytes=56 Sequence=2 ttl=255 time=3 ms

Reply from 10.1.1.1: bytes=56 Sequence=3 ttl=255 time=3 ms

Reply from 10.1.1.1: bytes=56 Sequence=4 ttl=255 time=3 ms

Reply from 10.1.1.1: bytes=56 Sequence=5 ttl=255 time=16 ms

--- 10.1.1.1 ping statistics ---

5 packet(s) transmitted

5 packet(s) received

0.00% packet loss

round-trip min/avg/max = 3/6/16 ms

4. 在PE之间建立MP-IBGP对等体关系

# 配置PE1。

[PE1] bgp 100

- .

.

-

.

[PE1-bgp] peer 3.3.3.9 as-number 100

[PE1-bgp] peer 3.3.3.9 connect-interface loopback 1

[PE1-bgp] ipv4-family vpnv4

[PE1-bgp-af-vpnv4] peer 3.3.3.9 enable

[PE1-bgp-af-vpnv4] quit

[PE1-bgp] quit

# 配置PE2。

[PE2] bgp 100

[PE2-bgp] peer 1.1.1.9 as-number 100

[PE2-bgp] peer 1.1.1.9 connect-interface loopback 1

[PE2-bgp] ipv4-family vpnv4

[PE2-bgp-af-vpnv4] peer 1.1.1.9 enable

[PE2-bgp-af-vpnv4] quit

[PE2-bgp] quit

配置完成后，在PE设备上执行display bgp peer或display bgp vpnv4 all peer命令，可以

看到PE之间的BGP对等体关系已建立，并到达Established状态。

[PE1] display bgp peer

BGP local router ID : 1.1.1.9

Local AS number : 100

Total number of peers : 1 Peers in established state : 1

Peer V AS MsgRcvd MsgSent OutQ Up/Down State

PrefRcv

3.3.3.9 4 100 12 6 0 00:02:21 Established

0

[PE1] display bgp vpnv4 all peer

BGP local router ID : 1.1.1.9

Local AS number : 100

Total number of peers : 1 Peers in established state : 1

Peer V AS MsgRcvd MsgSent OutQ Up/Down State

PrefRcv

3.3.3.9 4 100 12 18 0 00:09:38 Established 0

5. 在PE与CE之间建立EBGP对等体关系，引入VPN路由

# 配置CE1。CE2、CE3和CE4与CE1类似，不再赘述。

[CE1] bgp 65410

- .

.

-

.

[CE1-bgp] peer 10.1.1.2 as-number 100

[CE1-bgp] import-route direct

[CE1-bgp] quit

# 配置PE1。PE2的配置与PE1类似，不再赘述。

[PE1] bgp 100

[PE1-bgp] ipv4-family vpn-instance vpna

[PE1-bgp-vpna] peer 10.1.1.1 as-number 65410

[PE1-bgp-vpna] import-route direct

[PE1-bgp-vpna] quit

[PE1-bgp] ipv4-family vpn-instance vpnb

[PE1-bgp-vpnb] peer 10.2.1.1 as-number 65420

[PE1-bgp-vpnb] import-route direct

[PE1-bgp-vpnb] quit

[PE1-bgp] quit

配置完成后，在PE设备上执行display bgp vpnv4 vpn-instance peer命令，可以看到PE

与CE之间的BGP对等体关系已建立，并到达Established状态。

以PE1与CE1的对等体关系为例：

[PE1] display bgp vpnv4 vpn-instance vpna peer

BGP local router ID : 1.1.1.9

Local AS number : 100

VPN-Instance vpna, Router ID 1.1.1.9:

Total number of peers : 1 Peers in established state : 1

Peer V AS MsgRcvd MsgSent OutQ Up/Down State

PrefRcv

10.1.1.1 4 65410 6 3 0 00:00:02 Established 4

6. 验证配置结果

# 在PE设备上执行display ip routing-table vpn-instance命令，可以看到去往对端CE

的路由。

# 以PE1的显示为例：

[PE1] display ip routing-table vpn-instance vpna

Route Flags: R - relay,

D - download to fib

------------------------------------------------------------------------------

Routing Tables: vpna

Destinations : 5 Routes : 5

- .

.

-

.

Destination/Mask Proto Pre Cost Flags NextHop Interface

10.1.1.0/24 Direct 0 0 D 10.1.1.2

GigabitEthernet1/0/0

10.1.1.2/32 Direct 0 0 D 127.0.0.1

GigabitEthernet1/0/0

10.1.1.255/32 Direct 0 0 D 127.0.0.1

GigabitEthernet1/0/0

10.3.1.0/24 IBGP 255 0 RD 3.3.3.9

GigabitEthernet3/0/0

255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0

[PE1] display ip routing-table vpn-instance vpnb

Route Flags: R - relay,

D - download to fib

------------------------------------------------------------------------------

Routing Tables: vpnb

Destinations : 5 Routes : 5

Destination/Mask Proto Pre Cost Flags NextHop Interface

10.2.1.0/24 Direct 0 0 D 10.2.1.2

GigabitEthernet2/0/0

10.2.1.2/32 Direct 0 0 D 127.0.0.1

GigabitEthernet2/0/0

10.2.1.255/32 Direct 0 0 D 127.0.0.1

GigabitEthernet2/0/0

10.4.1.0/24 IBGP 255 0 RD 3.3.3.9

GigabitEthernet3/0/0

255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0

# 同一VPN的CE能够相互Ping通，不同VPN的CE不能相互Ping通。

# 例如：CE1能够Ping通CE3〔10.3.1.1〕，但不能Ping通CE4〔10.4.1.1〕。

[CE1] ping 10.3.1.1

PING 10.3.1.1: 56 data bytes, press CTRL_C to break

Reply from 10.3.1.1: bytes=56 Sequence=1 ttl=253 time=72 ms

Reply from 10.3.1.1: bytes=56 Sequence=2 ttl=253 time=34 ms

Reply from 10.3.1.1: bytes=56 Sequence=3 ttl=253 time=50 ms

Reply from 10.3.1.1: bytes=56 Sequence=4 ttl=253 time=50 ms

Reply from 10.3.1.1: bytes=56 Sequence=5 ttl=253 time=34 ms

--- 10.3.1.1 ping statistics ---

5 packet(s) transmitted

5 packet(s) received

0.00% packet loss

- .

.

-

.

round-trip min/avg/max = 34/48/72 ms

[CE1] ping 10.4.1.1

PING 10.4.1.1: 56 data bytes, press CTRL_C to break

Request time out

Request time out

Request time out

Request time out

Request time out

--- 10.4.1.1 ping statistics ---

5 packet(s) transmitted

0 packet(s) received

100.00% packet loss

配置文件

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

PE1的配置文件

#

sysname PE1

#

ip vpn-instance vpna

ipv4-family

route-distinguisher 100:1

vpn-target 111:1 export-extmunity

vpn-target 111:1 import-extmunity

#

ip vpn-instance vpnb

ipv4-family

route-distinguisher 100:2

vpn-target 222:2 export-extmunity

vpn-target 222:2 import-extmunity

#

mpls lsr-id 1.1.1.9

mpls

#

mpls ldp

#

interface GigabitEthernet1/0/0

ip binding vpn-instance vpna

ip address 10.1.1.2 255.255.255.0

#

- .

.

-

.

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

return

•

•

interface GigabitEthernet2/0/0

ip binding vpn-instance vpnb

ip address 10.2.1.2 255.255.255.0

#

interface GigabitEthernet3/0/0

ip address 172.1.1.1 255.255.255.0

mpls

mpls ldp

#

interface LoopBack1

ip address 1.1.1.9 255.255.255.255

#

bgp 100

peer 3.3.3.9 as-number 100

peer 3.3.3.9 connect-interface LoopBack1

#

ipv4-family unicast

undo synchronization

peer 3.3.3.9 enable

#

ipv4-family vpnv4

policy vpn-target

peer 3.3.3.9 enable

#

ipv4-family vpn-instance vpna

import-route direct

peer 10.1.1.1 as-number 65410

#

ipv4-family vpn-instance vpnb

import-route direct

peer 10.2.1.1 as-number 65420

#

ospf 1

area 0.0.0.0

network 1.1.1.9 0.0.0.0

network 172.1.1.0 0.0.0.255

#

P的配置文件

#

- .

.

-

.

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

return

•

•

•

•

•

•

•

•

•

•

•

•

•

sysname P

#

mpls lsr-id 2.2.2.9

mpls

#

mpls ldp

#

interface GigabitEthernet1/0/0

ip address 172.1.1.2 255.255.255.0

mpls

mpls ldp

#

interface GigabitEthernet2/0/0

ip address 172.2.1.1 255.255.255.0

mpls

mpls ldp

#

interface LoopBack1

ip address 2.2.2.9 255.255.255.255

#

ospf 1

area 0.0.0.0

network 2.2.2.9 0.0.0.0

network 172.1.1.0 0.0.0.255

network 172.2.1.0 0.0.0.255

#

PE2的配置文件

#

sysname PE2

#

ip vpn-instance vpna

ipv4-family

route-distinguisher 200:1

vpn-target 111:1 export-extmunity

vpn-target 111:1 import-extmunity

#

ip vpn-instance vpnb

ipv4-family

route-distinguisher 200:2

- .

.

-

.

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

vpn-target 222:2 export-extmunity

vpn-target 222:2 import-extmunity

#

mpls lsr-id 3.3.3.9

mpls

#

mpls ldp

#

interface GigabitEthernet1/0/0

ip binding vpn-instance vpna

ip address 10.3.1.2 255.255.255.0

#

interface GigabitEthernet2/0/0

ip binding vpn-instance vpnb

ip address 10.4.1.2 255.255.255.0

#

interface GigabitEthernet3/0/0

ip address 172.2.1.2 255.255.255.0

mpls

mpls ldp

#

interface LoopBack1

ip address 3.3.3.9 255.255.255.255

#

bgp 100

peer 1.1.1.9 as-number 100

peer 1.1.1.9 connect-interface LoopBack1

#

ipv4-family unicast

undo synchronization

peer 1.1.1.9 enable

#

ipv4-family vpnv4

policy vpn-target

peer 1.1.1.9 enable

#

ipv4-family vpn-instance vpna

import-route direct

peer 10.3.1.1 as-number 65430

#

- .

.

-

.

•

•

•

•

•

•

•

•

•

return

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

return

•

•

•

•

•

•

•

•

•

•

•

•

•

•

ipv4-family vpn-instance vpnb

import-route direct

peer 10.4.1.1 as-number 65440

#

ospf 1

area 0.0.0.0

network 3.3.3.9 0.0.0.0

network 172.2.1.0 0.0.0.255

#

CE1的配置文件

#

sysname CE1

#

interface GigabitEthernet1/0/0

ip address 10.1.1.1 255.255.255.0

#

bgp 65410

peer 10.1.1.2 as-number 100

#

ipv4-family unicast

undo synchronization

import-route direct

peer 10.1.1.2 enable

#

CE2的配置文件

#

sysname CE2

#

interface GigabitEthernet1/0/0

ip address 10.2.1.1 255.255.255.0

#

bgp 65420

peer 10.2.1.2 as-number 100

#

ipv4-family unicast

undo synchronization

import-route direct

peer 10.2.1.2 enable

- .

.

-

.

•

return

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

return

•

•

•

•

•

•

•

•

•

•

•

•

•

•

•

return

#

CE3的配置文件

#

sysname CE3

#

interface GigabitEthernet1/0/0

ip address 10.3.1.1 255.255.255.0

#

bgp 65430

peer 10.3.1.2 as-number 100

#

ipv4-family unicast

undo synchronization

import-route direct

peer 10.3.1.2 enable

#

CE4的配置文件

#

sysname CE4

#

interface GigabitEthernet1/0/0

ip address 10.4.1.1 255.255.255.0

#

bgp 65440

peer 10.4.1.2 as-number 100

#

ipv4-family unicast

undo synchronization

import-route direct

peer 10.4.1.2 enable

#

- .

.