- 产品与解决方案
- 行业解决方案
- 服务
- 支持
- 合作伙伴
- 关于我们
01-OSPF典型配置举例
本章节下载: 01-OSPF典型配置举例 (496.81 KB)
目 录
本文档介绍了OSPF路由信息过滤的配置举例。
本文档不严格与具体软、硬件版本对应,如果使用过程中与产品实际情况有差异,请参考相关产品手册,或以设备实际情况为准。
本文档中的配置均是在实验室环境下进行的配置和验证,配置前设备的所有参数均采用出厂时的缺省配置。如果您已经对设备进行了配置,为了保证配置效果,请确认现有配置和以下举例中的配置不冲突。
本文档假设您已了解OSPF路由信息过滤的特性。
如图1所示,公司A使用OSPF路由协议实现公司设备全网互通,后来公司A扩张兼并了公司B,要求将公司B采用的RIP路由协议与公司A的OSPF协议互相引入,使得各个部门可以实现互通。Device A和Device B作为公司核心设备负责各个部门间的通信。由于业务需要,现要求通过下列措施控制并调整网络中的路由信息:
· 在Device E上对引入的路由信息进行过滤,使得研发二部所在网段无法被引入到OSPF内。
· 在Device C上使用路由信息的过滤功能,使得市场一部所在网段无法访问研发一部。
· 在Device D上使用路由信息的过滤功能,使得研发一部和售后服务部所在网段无法访问市场二部。
图1 OSPF路由信息过滤组网图
|
设备 |
接口 |
IP地址 |
设备 |
接口 |
IP地址 |
|
Device A |
Vlan-int100 |
10.1.1.1/24 |
Device B |
Vlan-int100 |
10.1.1.2/24 |
|
|
Vlan-int200 |
10.2.1.1/24 |
|
Vlan-int300 |
10.3.1.1/24 |
|
|
Vlan-int400 |
10.4.1.1/24 |
|
|
|
|
Device C |
Vlan-int200 |
10.2.1.2/24 |
Device D |
Vlan-int300 |
10.3.1.2/24 |
|
|
Loop0 |
192.168.3.1/24 (市场一部所在网段) |
|
Loop0 |
192.168.1.1/24 (售后服务部所在网段) |
|
|
|
|
|
Loop1 |
192.168.2.1/24 (研发一部所在网段) |
|
Device E |
Vlan-int400 |
10.4.1.2/24 |
Device F |
Vlan-int500 |
10.5.1.2/24 |
|
|
Vlan-int500 |
10.5.1.1/24 |
|
Loop0 |
192.168.4.1/24 (研发二部所在网段) |
|
|
|
|
|
Loop1 |
192.168.5.1/24 (市场二部所在网段) |
本举例是在R2825版本上进行配置和验证的。
· 路由信息过滤功能中对于引入外部路由信息时采用export关键字进行过滤,该参数只能在ASBR上生效。
· 路由信息过滤功能只是对路由表中相关路由信息过滤,并不是过滤掉OSPF中通告的LSA。
· 由于路由通信是双向的,使用路由信息过滤功能将某一目的网段过滤后,该路由器下联的其它网段无法访问这个目的网段的设备,这个目的网段的设备也不能访问源地址网段的设备。
· 使用路由信息过滤功能配合ACL使用时,必须将最后一条规则设置为允许所有源地址通过才能避免将所有网段路由全部过滤掉。
# 配置接口Vlan-int100的IP地址。
<DeviceA> system-view
[DeviceA] interface vlan-interface 100
[DeviceA-Vlan-interface100] ip address 10.1.1.1 24
[DeviceA-Vlan-interface100] undo shutdown
# 请参考以上方法配置其它相关接口的IP地址,具体配置步骤略。
# 在Device A上使能指定网段的OSPF路由功能。
<DeviceA> system-view
[DeviceA] ospf
[DeviceA-ospf-1] area 0
[DeviceA-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255
[DeviceA-ospf-1-area-0.0.0.0] quit
[DeviceA-ospf-1] area 2
[DeviceA-ospf-1-area-0.0.0.2] network 10.2.1.0 0.0.0.255
[DeviceA-ospf-1-area-0.0.0.2] quit
[DeviceA-ospf-1] area 1
[DeviceA-ospf-1-area-0.0.0.1] network 10.4.1.0 0.0.0.255
[DeviceA-ospf-1-area-0.0.0.1] quit
[DeviceA-ospf-1] quit
# 在Device B上使能指定网段的OSPF路由功能。
<DeviceB> system-view
[DeviceB] ospf
[DeviceB-ospf-1] area 0
[DeviceB-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255
[DeviceB-ospf-1-area-0.0.0.0] quit
[DeviceB-ospf-1] area 3
[DeviceB-ospf-1-area-0.0.0.3] network 10.3.1.0 0.0.0.255
[DeviceB-ospf-1-area-0.0.0.3] quit
[DeviceB-ospf-1] quit
# 在Device C上使能指定网段的OSPF路由功能。
<DeviceC> system-view
[DeviceC] ospf
[DeviceC-ospf-1] area 2
[DeviceC-ospf-1-area-0.0.0.2] network 10.2.1.0 0.0.0.255
[DeviceC-ospf-1-area-0.0.0.2] network 192.168.3.0 0.0.0.255
[DeviceC-ospf-1-area-0.0.0.2] quit
[DeviceC-ospf-1] quit
# 在Device D上使能指定网段的OSPF路由功能。
<DeviceD> system-view
[DeviceD] ospf
[DeviceD-ospf-1] area 3
[DeviceD-ospf-1-area-0.0.0.3] network 10.3.1.0 0.0.0.255
[DeviceD-ospf-1-area-0.0.0.3] network 192.168.1.0 0.0.0.255
[DeviceD-ospf-1-area-0.0.0.3] network 192.168.2.0 0.0.0.255
[DeviceD-ospf-1-area-0.0.0.3] quit
[DeviceD-ospf-1] quit
# 在Device E上使能指定网段的OSPF路由功能。
<DeviceE> system-view
[DeviceE] ospf
[DeviceE-ospf-1] area 1
[DeviceE-ospf-1-area-0.0.0.1] network 10.4.1.0 0.0.0.255
[DeviceE-ospf-1-area-0.0.0.1] quit
[DeviceE-ospf-1] quit
# 在Device E上使能指定网段的RIP功能。
<DeviceE> system-view
[DeviceE] rip
[DeviceE-rip-1] version 2
[DeviceE-rip-1] undo summary
[DeviceE-rip-1] network 10.5.1.0 0.0.0.255
[DeviceE-rip-1] quit
# 在Device F上使能指定网段的RIP功能。
<DeviceF> system-view
[DeviceF] rip
[DeviceF-rip-1] version 2
[DeviceF-rip-1] undo summary
[DeviceF-rip-1] network 10.5.1.0 0.0.0.255
[DeviceF-rip-1] network 192.168.4.0 0.0.0.255
[DeviceF-rip-1] network 192.168.5.0 0.0.0.255
[DeviceF-rip-1] quit
# 在Device E上将直连路由和OSPF路由引入到RIP网络中。
<DeviceE> system-view
[DeviceE] rip
[DeviceE-rip-1] import-route direct
[DeviceE-rip-1] import-route ospf
[DeviceE-rip-1] quit
# 在Device E上将直连路由和RIP路由引入到OSPF网络中。
[DeviceE] ospf
[DeviceE-ospf-1] import-route direct
[DeviceE-ospf-1] import-route rip
[DeviceE-ospf-1] quit
# 查看Device E的路由表信息。
[Device E] display ip routing-table
Destinations : 24 Routes : 24
Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
10.1.1.0/24 O_INTER 10 2 10.4.1.1 Vlan400
10.2.1.0/24 O_INTER 10 2 10.4.1.1 Vlan400
10.3.1.0/24 O_INTER 10 3 10.4.1.1 Vlan400
10.4.1.0/24 Direct 0 0 10.4.1.2 Vlan400
10.4.1.0/32 Direct 0 0 10.4.1.2 Vlan400
10.4.1.2/32 Direct 0 0 127.0.0.1 InLoop0
10.4.1.255/32 Direct 0 0 10.4.1.2 Vlan400
10.5.1.0/24 Direct 0 0 10.5.1.1 Vlan500
10.5.1.0/32 Direct 0 0 10.5.1.1 Vlan500
10.5.1.1/32 Direct 0 0 127.0.0.1 InLoop0
10.5.1.255/32 Direct 0 0 10.5.1.1 Vlan500
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
192.168.1.1/32 O_INTER 10 3 10.4.1.1 Vlan400
192.168.2.1/32 O_INTER 10 3 10.4.1.1 Vlan400
192.168.3.1/32 O_INTER 10 2 10.4.1.1 Vlan400
192.168.4.0/24 RIP 100 1 10.5.1.2 Vlan500
192.168.5.0/24 RIP 100 1 10.5.1.2 Vlan500
224.0.0.0/4 Direct 0 0 0.0.0.0 NULL0
224.0.0.0/24 Direct 0 0 0.0.0.0 NULL0
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
以上显示信息表明Device E拥有路由域内所有网段路由,然后依次查看其他所有设备的路由表信息,路由域内所有的网段均可互通。
# 在Device C上创建基本ACL并匹配需要拒绝访问的目的网段192.168.2.0/24。
<DeviceC> system-view
[DeviceC] acl basic 2000
[DeviceC-acl-ipv4-basic-2000] rule 0 deny source 192.168.2.0 0.0.0.255
[DeviceC-acl-ipv4-basic-2000] rule permit source any
[DeviceC-acl-ipv4-basic-2000] quit
# 在Device C上通过指定访问控制列表ACL 2000来对要加入到路由表的路由信息进行过滤。
[DeviceC] ospf
[DeviceC-ospf-1] filter-policy 2000 import
[DeviceC-ospf-1] quit
# 在Device D上创建基本ACL并匹配需要拒绝访问的目的网段192.168.5.0/24。
<DeviceD> system-view
[DeviceD] acl basic 2000
[DeviceD-acl-ipv4-basic-2000] rule 0 deny source 192.168.5.0 0.0.0.255
[DeviceD-acl-ipv4-basic-2000] rule permit source any
[DeviceD-acl-ipv4-basic-2000] quit
# 在Device D上通过指定访问控制列表ACL 2000来对要加入到路由表的路由信息进行过滤。
[DeviceD] ospf
[DeviceD-ospf-1] filter-policy 2000 import
[DeviceD-ospf-1] quit
# 在Device E上创建基本ACL并匹配需要拒绝访问的目的网段192.168.4.0/24。
<DeviceE> system-view
[DeviceE] acl basic 2000
[DeviceE-acl-ipv4-basic-2000] rule 0 deny source 192.168.4.0 0.0.0.255
[DeviceE-acl-ipv4-basic-2000] rule permit source any
[DeviceE-acl-ipv4-basic-2000] quit
# 在Device E上通过指定访问控制列表ACL 2000来对引入OSPF的RIP路由信息进行过滤。
[DeviceE] ospf
[DeviceE-ospf-1] filter-policy 2000 export rip 1
[DeviceE-ospf-1] quit
# 查看Device C的路由表信息。
[DeviceC] display ip routing-table
Destinations : 22 Routes : 22
Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
10.1.1.0/24 O_INTER 10 2 10.2.1.1 Vlan200
10.2.1.0/24 Direct 0 0 10.2.1.2 Vlan200
10.2.1.0/32 Direct 0 0 10.2.1.2 Vlan200
10.2.1.2/32 Direct 0 0 127.0.0.1 InLoop0
10.2.1.255/32 Direct 0 0 10.2.1.2 Vlan200
10.3.1.0/24 O_INTER 10 3 10.2.1.1 Vlan200
10.4.1.0/24 O_INTER 10 2 10.2.1.1 Vlan200
10.5.1.0/24 O_ASE2 150 1 10.2.1.1 Vlan200
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
192.168.1.1/32 O_INTER 10 3 10.2.1.1 Vlan200
192.168.3.0/24 Direct 0 0 192.168.3.1 Loop0
192.168.3.0/32 Direct 0 0 192.168.3.1 Loop0
192.168.3.1/32 Direct 0 0 127.0.0.1 InLoop0
192.168.3.255/32 Direct 0 0 192.168.3.1 Loop0
192.168.5.0/24 O_ASE2 150 1 10.2.1.1 Vlan200
224.0.0.0/4 Direct 0 0 0.0.0.0 NULL0
224.0.0.0/24 Direct 0 0 0.0.0.0 NULL0
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
以上显示信息表明Device C的路由表中已经没有192.168.2.0/24网段的路由信息了。
# 在Device C上使用源地址192.168.3.1Ping目标地址192.168.2.1进行验证。
[DeviceC] ping -a 192.168.3.1 192.168.2.1
Ping 192.168.2.1 (192.168.2.1) from 192.168.3.1: 56 data bytes, press CTRL_C to
break
Request time out
Request time out
Request time out
Request time out
Request time out
--- Ping statistics for 192.168.2.1 ---
5 packet(s) transmitted, 0 packet(s) received, 100.0% packet loss
以上信息表明Device C通过过滤路由表中192.168.2.0/24网段的路由信息,使得市场一部所在网段无法访问研发一部所在网段。
# 查看Device D的路由表信息。
[DeviceD] display ip routing-table
Destinations : 25 Routes : 25
Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
10.1.1.0/24 O_INTER 10 2 10.3.1.1 Vlan300
10.2.1.0/24 O_INTER 10 3 10.3.1.1 Vlan300
10.3.1.0/24 Direct 0 0 10.3.1.2 Vlan300
10.3.1.0/32 Direct 0 0 10.3.1.2 Vlan300
10.3.1.2/32 Direct 0 0 127.0.0.1 InLoop0
10.3.1.255/32 Direct 0 0 10.3.1.2 Vlan300
10.4.1.0/24 O_INTER 10 3 10.3.1.1 Vlan300
10.5.1.0/24 O_ASE2 150 1 10.3.1.1 Vlan300
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
192.168.1.0/24 Direct 0 0 192.168.1.1 Loop0
192.168.1.0/32 Direct 0 0 192.168.1.1 Loop0
192.168.1.1/32 Direct 0 0 127.0.0.1 InLoop0
192.168.1.255/32 Direct 0 0 192.168.1.1 Loop0
192.168.2.0/24 Direct 0 0 192.168.2.1 Loop1
192.168.2.0/32 Direct 0 0 192.168.2.1 Loop1
192.168.2.1/32 Direct 0 0 127.0.0.1 InLoop0
192.168.2.255/32 Direct 0 0 192.168.2.1 Loop1
192.168.3.1/32 O_INTER 10 3 10.3.1.1 Vlan300
224.0.0.0/4 Direct 0 0 0.0.0.0 NULL0
224.0.0.0/24 Direct 0 0 0.0.0.0 NULL0
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
以上显示信息表明Device D的路由表中已经没有192.168.5.0/24网段的路由信息了。
# 在Device D上使用源地址192.168.1.1Ping目标地址192.168.5.1进行验证。
[DeviceD] ping -a 192.168.1.1 192.168.5.1
Ping 192.168.5.1 (192.168.5.1) from 192.168.1.1: 56 data bytes, press CTRL_C to
break
Request time out
Request time out
Request time out
Request time out
Request time out
--- Ping statistics for 192.168.5.1 ---
5 packet(s) transmitted, 0 packet(s) received, 100.0% packet loss
# 在Device D上使用源地址192.168.2.1Ping目标地址192.168.5.1进行验证。
[DeviceD] ping -a 192.168.2.1 192.168.5.1
Ping 192.168.5.1 (192.168.5.1) from 192.168.2.1: 56 data bytes, press CTRL_C to
break
Request time out
Request time out
Request time out
Request time out
Request time out
--- Ping statistics for 192.168.5.1 ---
5 packet(s) transmitted, 0 packet(s) received, 100.0% packet loss
以上信息表明Device D通过过滤路由表中192.168.5.0/24网段的路由信息,使得研发一部和售后服务部所在网段无法访问市场二部所在网段。
综合Device C和Device D的路由表信息,发现路由表中均没有192.168.4.0/24网段路由信息,说明设备已经将引入OSPF的RIP路由中研发二部所在网段过滤掉。
· Device A:
#
ospf 1
area 0.0.0.0
network 10.1.1.0 0.0.0.255
area 0.0.0.1
network 10.4.1.0 0.0.0.255
area 0.0.0.2
network 10.2.1.0 0.0.0.255
#
vlan 100
#
vlan 200
#
vlan 400
#
interface Vlan-interface100
ip address 10.1.1.1 255.255.255.0
#
interface Vlan-interface200
ip address 10.2.1.1 255.255.255.0
#
interface Vlan-interface400
ip address 10.4.1.1 255.255.255.0
#
· Device B:
#
ospf 1
area 0.0.0.0
network 10.1.1.0 0.0.0.255
area 0.0.0.3
network 10.3.1.0 0.0.0.255
#
vlan 100
#
vlan 300
#
interface Vlan-interface100
ip address 10.1.1.2 255.255.255.0
#
interface Vlan-interface300
ip address 10.3.1.1 255.255.255.0
#
· Device C:
#
ospf 1
filter-policy 2000 import
area 0.0.0.2
network 10.2.1.0 0.0.0.255
network 192.168.3.0 0.0.0.255
#
vlan 200
#
interface LoopBack0
ip address 192.168.3.1 255.255.255.0
#
interface Vlan-interface200
ip address 10.2.1.2 255.255.255.0
#
acl basic 2000
rule 0 deny source 192.168.2.0 0.0.0.255
rule 5 permit
#
· Device D:
#
ospf 1
filter-policy 2000 import
area 0.0.0.3
network 10.3.1.0 0.0.0.255
network 192.168.1.0 0.0.0.255
network 192.168.2.0 0.0.0.255
#
vlan 300
#
interface LoopBack0
ip address 192.168.1.1 255.255.255.0
#
interface LoopBack1
ip address 192.168.2.1 255.255.255.0
#
interface Vlan-interface300
ip address 10.3.1.2 255.255.255.0
#
acl basic 2000
rule 0 deny source 192.168.5.0 0.0.0.255
rule 5 permit
#
· Device E:
#
ospf 1
import-route direct
import-route rip 1
filter-policy 2000 export rip 1
area 0.0.0.1
network 10.4.1.0 0.0.0.255
#
rip 1
undo summary
version 2
network 10.5.1.0 0.0.0.255
import-route direct
import-route ospf 1
#
vlan 400
#
vlan 500
#
interface Vlan-interface400
ip address 10.4.1.2 255.255.255.0
#
interface Vlan-interface500
ip address 10.5.1.1 255.255.255.0
#
acl basic 2000
rule 0 deny source 192.168.4.0 0.0.0.255
rule 5 permit
#
· Device F:
#
rip 1
undo summary
version 2
network 10.5.1.0 0.0.0.255
network 192.168.4.0
network 192.168.5.0
#
vlan 500
#
interface LoopBack0
ip address 192.168.4.1 255.255.255.0
#
interface LoopBack1
ip address 192.168.5.1 255.255.255.0
#
interface Vlan-interface500
ip address 10.5.1.2 255.255.255.0
#
如图2所示,DeviceA与DeviceB在OSPF进程100中建立邻居关系,Device B与Device C在OSPF进程200中建立邻居关系。DeviceA和Device C不能通过OSPF学习到对方的路由。
图2 OSPF多进程配置组网图
本举例是在R2825版本上进行配置和验证的。
# 配置设备的名称为DeviceA。
<Sysname> system-view
[Sysname] sysname DeviceA
# 配置OSPF 100,通告网段172.10.1.0/24。
[DeviceA] ospf 100 router-id 1.1.1.9
[DeviceA-ospf-100] area 0.0.0.0
[DeviceA-ospf-100-area-0.0.0.0] network 172.10.1.0 0.0.0.255
[DeviceA-ospf-100-area-0.0.0.0] quit
[DeviceA-ospf-100] quit
# 配置设备的名称为DeviceB。
<Sysname> system-view
[Sysname] sysname DeviceB
# 配置OSPF 100,通告网段172.10.1.0/24。
[DeviceB] ospf 100 router-id 2.2.2.9
[DeviceB-ospf-100] area 0.0.0.0
[DeviceB-ospf-100-area-0.0.0.0] network 172.10.1.0 0.0.0.255
[DeviceB-ospf-100-area-0.0.0.0] quit
[DeviceB-ospf-100] quit
# 配置OSPF 200,通告网段131.108.1.0/24。
[DeviceB] ospf 200 router-id 2.2.2.9
[DeviceB-ospf-200] area 0.0.0.0
[DeviceB-ospf-200-area-0.0.0.0] network 131.108.1.0 0.0.0.255
[DeviceB-ospf-200-area-0.0.0.0] quit
[DeviceB-ospf-200] quit
# 配置设备的名称为DeviceC。
<Sysname> system-view
[Sysname] sysname DeviceC
# 配置OSPF 200,通告网段131.108.1.0/24。
[DeviceC] ospf 200 router-id 3.3.3.9
[DeviceC-ospf-200] area 0.0.0.0
[DeviceC-ospf-200-area-0.0.0.0] network 131.108.1.0 0.0.0.255
[DeviceC-ospf-200-area-0.0.0.0] quit
[DeviceC-ospf-200] quit
# 在Device B上执行display ospf peer命令,查看OSPF邻居信息。看到Device A和Device C已建立邻居关系。
[DeviceB] display ospf peer
OSPF Process 100 with Router ID 2.2.2.9
Neighbor Brief Information
Area: 0.0.0.0
Router ID Address Pri Dead-Time State Interface
1.1.1.9 172.10.1.1 1 30 Full/DR HGE1/0/1
OSPF Process 200 with Router ID 2.2.2.9
Neighbor Brief Information
Area: 0.0.0.0
Router ID Address Pri Dead-Time State Interface
3.3.3.9 131.108.1.1 1 39 Full/BDR HGE1/0/2
# 在Device A上执行display ip routing-table命令,路由表中不存在到达131.108.1.0/24的路由。
[DeviceA] display ip routing-table
Destinations : 11 Routes : 11
Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
1.1.1.9/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
172.10.1.0/24 Direct 0 0 172.10.1.1 HGE1/0/1
172.10.1.0/32 Direct 0 0 172.10.1.1 HGE1/0/1
172.10.1.1/32 Direct 0 0 127.0.0.1 InLoop0
172.10.1.255/32 Direct 0 0 172.10.1.1 HGE1/0/1
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
# 在Device C上执行display ip routing-table命令,。路由表中不存在到达172.10.1.0/24的路由。
[DeviceC] display ip routing-table
Destinations : 11 Routes : 11
Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
3.3.3.9/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
131.108.1.0/24 Direct 0 0 131.108.1.1 HGE1/0/2
131.108.1.0/32 Direct 0 0 131.108.1.1 HGE1/0/2
131.108.1.1/32 Direct 0 0 127.0.0.1 InLoop0
131.108.1.255/32 Direct 0 0 131.108.1.1 HGE1/0/2
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
· Device A:
#
sysname DeviceA
#
ospf 100 router-id 1.1.1.9
area 0.0.0.0
network 172.10.1.0 0.0.0.255
#
interface HundredGigE1/0/1
ip address 172.10.1.2 255.255.255.0
#
· Device B:
#
sysname DeviceB
#
ospf 100 router-id 2.2.2.9
area 0.0.0.0
network 172.10.1.0 0.0.0.255
#
ospf 200 router-id 2.2.2.9
area 0.0.0.0
network 131.108.1.0 0.0.0.255
#
#
interface HundredGigE1/0/1
ip address 172.10.1.1 255.255.255.0
#
interface HundredGigE1/0/2
ip address 131.108.1.3 255.255.255.0
#
· Device C:
#
sysname DeviceC
#
ospf 200 router-id 3.3.3.9
area 0.0.0.0
network 131.108.1.0 0.0.0.255
#
interface HundredGigE1/0/1
ip address 131.108.1.1 255.255.255.0
#
核心网接入承载网组网中,需要通过OSPF多实例隔离不同业务的路由。
如图3所示,各设备承担的角色分别为:
· Device A为网关设备,称为GW。
· Device B和Device C为核心网设备,称为CE。
· Device D和Device E为承载网设备,称为AR。
本举例中业务1接入VPN1,业务2接入VPN2。通过OSPF多实例隔离业务1和业务2的路由,需要做如下部署:
· GW上创建两个VPN实例vpn1和vpn2。
· GW上创建两个OSPF进程OSPF 15和OSPF 115。将OSPF 15与vpn1绑定,OSPF 115与vpn2绑定。
· CE和AR上分别创建两个VPN实例vpn1和vpn2。
· CE和AR上分别创建两个OSPF进程OSPF 15和OSPF 115。将OSPF 15与vpn1绑定,OSPF 115与vpn2绑定。
· CE上将不同业务的路由分别汇总为静态黑洞路由,然后在OSPF中引入汇总后的静态黑洞路由,并通过路由策略控制引入的路由。这样可以避免CE将业务明细路由发布给AR,减少AR上的路由条目数量,降低路由震荡的风险。
CE 1和CE 2上的业务网段分别为(本例中使用LoopBack接口模拟不同的业务网段):
¡ CE 1上vpn1业务网段为19.0.0.0/24,vpn2业务网段为20.0.0.0/24。
¡ CE 2上vpn1业务网段为21.0.0.0/24,vpn2业务网段为22.0.0.0/24。
图3 OSPF多实例配置组网图
|
设备 |
接口 |
IP地址 |
绑定的VPN实例 |
|
Device A |
Route-Aggregation 11.1 |
201.1.1.2/24 |
vpn1 |
|
|
Route-Aggregation 11.2 |
202.1.1.2/24 |
vpn2 |
|
|
Route-Aggregation 12.1 |
203.1.1.2/24 |
vpn1 |
|
|
Route-Aggregation 12.2 |
204.1.1.2/24 |
vpn2 |
|
|
LoopBack 1 |
1.1.1.9/32 |
vpn1 |
|
|
LoopBack 2 |
1.1.1.10/32 |
vpn2 |
|
Device B |
Route-Aggregation 1.1 |
11.1.1.2/24 |
vpn1 |
|
|
Route-Aggregation 1.2 |
12.1.1.2/24 |
vpn2 |
|
|
Route-Aggregation 2.1 |
172.168.1.1/24 |
vpn1 |
|
|
Route-Aggregation 2.2 |
192.168.1.1/24 |
vpn2 |
|
|
Route-Aggregation 11.1 |
201.1.1.1/24 |
vpn1 |
|
|
Route-Aggregation 11.2 |
202.1.1.1/24 |
vpn2 |
|
|
LoopBack 1 |
2.2.2.9/32 |
vpn1 |
|
|
LoopBack 2 |
2.2.2.10/32 |
vpn2 |
|
|
LoopBack 101 |
19.0.0.1/29 |
vpn1 |
|
|
LoopBack 102 |
20.0.0.1/29 |
vpn2 |
|
|
LoopBack 103 |
19.0.0.9/29 |
vpn1 |
|
|
LoopBack 104 |
20.0.0.9/29 |
vpn2 |
|
|
LoopBack 105 |
19.0.0.17/28 |
vpn1 |
|
|
LoopBack 106 |
20.0.0.17/28 |
vpn2 |
|
|
LoopBack 107 |
19.0.0.33/28 |
vpn1 |
|
|
LoopBack 108 |
20.0.0.33/28 |
vpn2 |
|
Device C |
Route-Aggregation 1.1 |
13.1.1.2/24 |
vpn1 |
|
|
Route-Aggregation 1.2 |
14.1.1.3/24 |
vpn2 |
|
|
Route-Aggregation 2.1 |
172.168.1.2/24 |
vpn1 |
|
|
Route-Aggregation 2.2 |
192.168.1.2/24 |
vpn2 |
|
|
Route-Aggregation 11.1 |
203.1.1.1/24 |
vpn1 |
|
|
Route-Aggregation 11.2 |
204.1.1.1/24 |
vpn2 |
|
|
LoopBack 1 |
3.3.3.9/32 |
vpn1 |
|
|
LoopBack 2 |
3.3.3.10/32 |
vpn2 |
|
|
LoopBack 101 |
21.0.0.1/29 |
vpn1 |
|
|
LoopBack 102 |
22.0.0.1/29 |
vpn2 |
|
|
LoopBack 103 |
21.0.0.9/29 |
vpn1 |
|
|
LoopBack 104 |
22.0.0.9/29 |
vpn2 |
|
|
LoopBack 105 |
21.0.0.17/28 |
vpn1 |
|
|
LoopBack 106 |
22.0.0.17/28 |
vpn2 |
|
|
LoopBack 107 |
21.0.0.33/28 |
vpn1 |
|
|
LoopBack 108 |
22.0.0.33/28 |
vpn2 |
|
Device D |
Route-Aggregation 1.1 |
11.1.1.1/24 |
vpn1 |
|
|
Route-Aggregation 1.2 |
12.1.1.1/24 |
vpn2 |
|
|
LoopBack 1 |
4.4.4.9/32 |
vpn1 |
|
|
LoopBack 2 |
4.4.4.10/32 |
vpn2 |
|
Device E |
Route-Aggregation 1.1 |
13.1.1.1/24 |
vpn1 |
|
|
Route-Aggregation 1.2 |
14.1.1.1/24 |
vpn2 |
|
|
LoopBack 1 |
5.5.5.9/32 |
vpn1 |
|
|
LoopBack 2 |
5.5.5.10/32 |
vpn2 |
本举例是在R2825版本上进行配置和验证的。
# 配置设备的名称为DeviceA。
<Sysname> system-view
[Sysname] sysname DeviceA
# 创建名称为vpn1和vpn2的VPN实例。
[DeviceA] ip vpn-instance vpn1
[DeviceA-vpn-instance-vpn1] quit
[DeviceA] ip vpn-instance vpn2
[DeviceA-vpn-instance-vpn2] quit
# 配置Device A与Device B的互联三层聚合口11。
[DeviceA] interface route-aggregation 11
[DeviceA-Route-Aggregation11] link-aggregation mode dynamic
[DeviceA-Route-Aggregation11] quit
# 将接口HundredGigE1/0/1加入聚合组11。
[DeviceA] interface hundredgige 1/0/1
[DeviceA-HundredGigE1/0/1] port link-mode route
[DeviceA-HundredGigE1/0/1] port link-aggregation group 11
[DeviceA-HundredGigE1/0/1] quit
# 配置三层聚合子接口11.1,将该接口与vpn1绑定。配置该子接口终结VLAN 10,并配置该接口的地址为201.1.1.2/24。
[DeviceA] interface route-aggregation 11.1
[DeviceA-Route-Aggregation11.1] ip binding vpn-instance vpn1
[DeviceA-Route-Aggregation11.1] vlan-type dot1q vid 10
[DeviceA-Route-Aggregation11.1] ip address 201.1.1.2 255.255.255.0
# 在三层聚合子接口11.1上设置OSPF的Hello定时器为1秒、Dead定时器为4秒。该接口的OSPF开销值为10,并采用MD5方式对报文进行验证。
[DeviceA-Route-Aggregation11.1] ospf timer hello 1
[DeviceA-Route-Aggregation11.1] ospf timer dead 4
[DeviceA-Route-Aggregation11.1] ospf cost 10
[DeviceA-Route-Aggregation11.1] ospf authentication-mode md5 1 plain 12345
[DeviceA-Route-Aggregation11.1] quit
# 配置三层聚合子接口11.2,将该接口与vpn2绑定。配置该子接口终结VLAN 20,并配置该接口的地址为202.1.1.2/24。
[DeviceA] interface route-aggregation 11.2
[DeviceA-Route-Aggregation11.2] ip binding vpn-instance vpn2
[DeviceA-Route-Aggregation11.2] vlan-type dot1q vid 20
[DeviceA-Route-Aggregation11.2] ip address 202.1.1.2 255.255.255.0
# 在三层聚合子接口11.2上设置OSPF的Hello定时器为1秒、Dead定时器为4秒。该接口的OSPF开销值为10,并采用MD5方式对报文进行验证。
[DeviceA-Route-Aggregation11.2] ospf timer hello 1
[DeviceA-Route-Aggregation11.2] ospf timer dead 4
[DeviceA-Route-Aggregation11.2] ospf cost 10
[DeviceA-Route-Aggregation11.2] ospf authentication-mode md5 1 plain 12345
[DeviceA-Route-Aggregation11.2] quit
# 配置Device A与Device C的互联三层聚合口12。
[DeviceA] interface route-aggregation 12
[DeviceA-Route-Aggregation12] link-aggregation mode dynamic
[DeviceA-Route-Aggregation12] quit
# 将接口HundredGigE1/0/2加入聚合组12。
[DeviceA] interface hundredgige 1/0/2
[DeviceA-HundredGigE1/0/2] port link-mode route
[DeviceA-HundredGigE1/0/2] port link-aggregation group 12
[DeviceA-HundredGigE1/0/2] quit
# 配置三层聚合子接口12.1,将该接口与vpn1绑定。配置该子接口终结VLAN 10,并配置该接口的地址为203.1.1.2/24。
[DeviceA] interface route-aggregation 12.1
[DeviceA-Route-Aggregation12.1] ip binding vpn-instance vpn1
[DeviceA-Route-Aggregation12.1] vlan-type dot1q vid 10
[DeviceA-Route-Aggregation12.1] ip address 203.1.1.2 255.255.255.0
# 在三层聚合子接口12.1上设置OSPF的Hello定时器为1秒、Dead定时器为4秒。该接口的OSPF开销值为10,并采用MD5方式对报文进行验证。
[DeviceA-Route-Aggregation12.1] ospf timer hello 1
[DeviceA-Route-Aggregation12.1] ospf timer dead 4
[DeviceA-Route-Aggregation12.1] ospf cost 10
[DeviceA-Route-Aggregation12.1] ospf authentication-mode md5 1 plain 12345
[DeviceA-Route-Aggregation12.1] quit
# 配置三层聚合子接口12.2,将该接口与vpn2绑定。配置该子接口终结VLAN 20,并配置该接口的地址为202.1.1.2/24。
[DeviceA] interface route-aggregation 12.2
[DeviceA-Route-Aggregation12.2] ip binding vpn-instance vpn2
[DeviceA-Route-Aggregation12.2] vlan-type dot1q vid 20
[DeviceA-Route-Aggregation12.2] ip address 204.1.1.2 255.255.255.0
# 在三层聚合子接口12.2上设置OSPF的Hello定时器为1秒、Dead定时器为4秒。该接口的OSPF开销值为10,并采用MD5方式对报文进行验证。
[DeviceA-Route-Aggregation12.2] ospf timer hello 1
[DeviceA-Route-Aggregation12.2] ospf timer dead 4
[DeviceA-Route-Aggregation12.2] ospf cost 10
[DeviceA-Route-Aggregation12.2] ospf authentication-mode md5 1 plain 12345
[DeviceA-Route-Aggregation12.2] quit
# 配置Loopback 1的地址为1.1.1.9/32,此地址作为OSPF进程15的Router ID。
[DeviceA] interface loopback 1
[DeviceA-LoopBack1] ip binding vpn-instance vpn1
[DeviceA-LoopBack1] ip address 1.1.1.9 32
[DeviceA-LoopBack1] quit
# 配置Loopback 2的地址为1.1.1.10/32,此地址作为OSPF进程115的Router ID。
[DeviceB] interface loopback 2
[DeviceB-LoopBack2] ip binding vpn-instance vpn2
[DeviceB-LoopBack2] ip address 1.1.1.10 32
[DeviceB-LoopBack2] quit
# 创建OSPF进程15,指定该进程的Router ID为1.1.1.9,并将该进程与vpn1绑定。
[DeviceA] ospf 15 router-id 1.1.1.9 vpn-instance vpn1
# 通告vpn1业务路由201.1.1.0/24和203.1.1.0/24。
[DeviceA-ospf-15] area 0.0.0.0
[DeviceA-ospf-15-area-0.0.0.0] network 201.1.1.0 0.0.0.255
[DeviceA-ospf-15-area-0.0.0.0] network 203.1.1.0 0.0.0.255
[DeviceA-ospf-15-area-0.0.0.0] quit
[DeviceA-ospf-15] quit
# 创建OSPF进程115,指定该进程的Router ID为1.1.1.10,并将该进程与vpn2绑定。
[DeviceA] ospf 115 router-id 1.1.1.10 vpn-instance vpn2
# 通告vpn1业务路由202.1.1.0/24和204.1.1.0/24。
[DeviceA-ospf-115] area 0.0.0.0
[DeviceA-ospf-115-area-0.0.0.0] network 202.1.1.0 0.0.0.255
[DeviceA-ospf-115-area-0.0.0.0] network 204.1.1.0 0.0.0.255
[DeviceA-ospf-115-area-0.0.0.0] quit
[DeviceA-ospf-115] quit
# 配置设备的名称为DeviceB。
<Sysname> system-view
[Sysname] sysname DeviceB
# 创建名称为vpn1和vpn2的VPN实例。
[DeviceB] ip vpn-instance vpn1
[DeviceB-vpn-instance-vpn1] quit
[DeviceB] ip vpn-instance vpn2
[DeviceB-vpn-instance-vpn2] quit
# 将接口LoopBack101、LoopBack103、LoopBack105、LoopBack107与名为vpn1的VPN实例关联,并配置上述接口的IP地址,使其处于19.0.0.0/24网段。
[DeviceB] interface loopback 101
[DeviceB-LoopBack101] ip binding vpn-instance vpn1
[DeviceB-LoopBack101] ip address 19.0.0.1 255.255.255.248
[DeviceB-LoopBack101] quit
[DeviceB] interface loopback 103
[DeviceB-LoopBack103] ip binding vpn-instance vpn1
[DeviceB-LoopBack103] ip address 19.0.0.9 255.255.255.248
[DeviceB-LoopBack103] quit
[DeviceB] interface loopback 105
[DeviceB-LoopBack105] ip binding vpn-instance vpn1
[DeviceB-LoopBack105] ip address 19.0.0.17 255.255.255.240
[DeviceB-LoopBack105] quit
[DeviceB] interface loopback 107
[DeviceB-LoopBack107] ip binding vpn-instance vpn1
[DeviceB-LoopBack107] ip address 19.0.0.33 255.255.255.240
[DeviceB-LoopBack107] quit
# 将接口LoopBack102、LoopBack104、LoopBack106、LoopBack108与名为vpn2的VPN实例关联,并配置上述接口的IP地址,使其处于20.0.0.0/24网段。
[DeviceB] interface loopback 102
[DeviceB-LoopBack102] ip binding vpn-instance vpn2
[DeviceB-LoopBack102] ip address 20.0.0.1 255.255.255.248
[DeviceB-LoopBack102] quit
[DeviceB] interface loopback 104
[DeviceB-LoopBack104] ip binding vpn-instance vpn2
[DeviceB-LoopBack104] ip address 20.0.0.9 255.255.255.248
[DeviceB-LoopBack104] quit
[DeviceB] interface loopback 106
[DeviceB-LoopBack106] ip binding vpn-instance vpn2
[DeviceB-LoopBack106] ip address 20.0.0.17 255.255.255.240
[DeviceB-LoopBack106] quit
[DeviceB] interface loopback 108
[DeviceB-LoopBack108] ip binding vpn-instance vpn2
[DeviceB-LoopBack108] ip address 20.0.0.33 255.255.255.240
[DeviceB-LoopBack108] quit
# 配置Device B与Device D的互联三层聚合口1。
[DeviceB] interface route-aggregation 1
[DeviceB-Route-Aggregation1] link-aggregation mode dynamic
[DeviceB-Route-Aggregation1] quit
# 将接口HundredGigE1/0/1加入聚合组1。
[DeviceB] interface hundredgige 1/0/1
[DeviceB-HundredGigE1/0/1] port link-mode route
[DeviceB-HundredGigE1/0/1] port link-aggregation group 1
[DeviceB-HundredGigE1/0/1] quit
# 配置三层聚合子接口1.1,将该接口与vpn1绑定。配置该子接口终结VLAN 10,并配置该接口的地址为11.1.1.2/24。
[DeviceB] interface route-aggregation 1.1
[DeviceB-Route-Aggregation1.1] ip binding vpn-instance vpn1
[DeviceB-Route-Aggregation1.1] vlan-type dot1q vid 10
[DeviceB-Route-Aggregation1.1] ip address 11.1.1.2 255.255.255.0
# 在三层聚合子接口1.1上设置OSPF的Hello定时器为1秒、Dead定时器为4秒。该接口的OSPF开销值为10,并采用MD5方式对报文进行验证。
[DeviceB-Route-Aggregation1.1] ospf timer hello 1
[DeviceB-Route-Aggregation1.1] ospf timer dead 4
[DeviceB-Route-Aggregation1.1] ospf cost 10
[DeviceB-Route-Aggregation1.1] ospf authentication-mode md5 1 plain 12345
[DeviceB-Route-Aggregation1.1] quit
# 配置三层聚合子接口1.2,将该接口与vpn2绑定。配置该子接口终结VLAN 20,并配置该接口的地址为12.1.1.2/24。
[DeviceB] interface Route-Aggregation1.2
[DeviceB-Route-Aggregation1.1] ip binding vpn-instance vpn2
[DeviceB-Route-Aggregation1.1] vlan-type dot1q vid 20
[DeviceB-Route-Aggregation1.1] ip address 12.1.1.2 255.255.255.0
# 在三层聚合子接口1.2上设置OSPF的Hello定时器为1秒、Dead定时器为4秒。该接口的OSPF开销值为10,并采用MD5方式对报文进行验证。
[DeviceB-Route-Aggregation1.1] ospf timer hello 1
[DeviceB-Route-Aggregation1.1] ospf timer dead 4
[DeviceB-Route-Aggregation1.1] ospf cost 10
[DeviceB-Route-Aggregation1.1] ospf authentication-mode md5 1 plain 12345
[DeviceB-Route-Aggregation1.1] quit
# 配置Device B与Device C的互联三层聚合口2。
[DeviceB] interface route-aggregation 2
[DeviceB-Route-Aggregation2] link-aggregation mode dynamic
[DeviceB-Route-Aggregation2] quit
# 将接口HundredGigE1/0/2加入聚合组2。
[DeviceB] interface hundredgige 1/0/2
[DeviceB-HundredGigE1/0/2] port link-mode route
[DeviceB-HundredGigE1/0/2] port link-aggregation group 2
[DeviceB-HundredGigE1/0/2] quit
# 配置三层聚合子接口2.1,将该接口与vpn1绑定。配置该子接口终结VLAN 10,并配置该接口的地址为172.168.1.1/24。
[DeviceB] interface route-aggregation 2.1
[DeviceB-Route-Aggregation2.1] ip binding vpn-instance vpn1
[DeviceB-Route-Aggregation2.1] vlan-type dot1q vid 10
[DeviceB-Route-Aggregation2.1] ip address 172.168.1.1 255.255.255.0
# 在三层聚合子接口2.1上设置OSPF的Hello定时器为1秒、Dead定时器为4秒。该接口的OSPF开销值为10,并采用MD5方式对报文进行验证。
[DeviceB-Route-Aggregation2.1] ospf timer hello 1
[DeviceB-Route-Aggregation2.1] ospf timer dead 4
[DeviceB-Route-Aggregation2.1] ospf cost 10
[DeviceB-Route-Aggregation2.1] ospf authentication-mode md5 1 plain 12345
[DeviceB-Route-Aggregation2.1] quit
# 配置三层聚合子接口2.2,将该接口与vpn2绑定。配置该子接口终结VLAN 20,并配置该接口的地址为192.168.1.1/24。
[DeviceB] interface route-aggregation 2.2
[DeviceB-Route-Aggregation2.2] ip binding vpn-instance vpn2
[DeviceB-Route-Aggregation2.2] vlan-type dot1q vid 20
[DeviceB-Route-Aggregation2.2] ip address 192.168.1.1 255.255.255.0
# 在三层聚合子接口2.2上设置OSPF的Hello定时器为1秒、Dead定时器为4秒。该接口的OSPF开销值为10,并采用MD5方式对报文进行验证。
[DeviceB-Route-Aggregation2.2] ospf timer hello 1
[DeviceB-Route-Aggregation2.2] ospf timer dead 4
[DeviceB-Route-Aggregation2.2] ospf cost 10
[DeviceB-Route-Aggregation2.2] ospf authentication-mode md5 1 plain 12345
[DeviceB-Route-Aggregation2.2] quit
# 配置Device B与Device A的互联聚合口11。
[DeviceB] interface route-aggregation 11
[DeviceB-Route-Aggregation11] link-aggregation mode dynamic
[DeviceB-Route-Aggregation11] quit
# 将接口HundredGigE1/0/3加入聚合组11。
[DeviceB] interface hundredgige 1/0/3
[DeviceB-HundredGigE1/0/3] port link-mode route
[DeviceB-HundredGigE1/0/3] port link-aggregation group 11
[DeviceB-HundredGigE1/0/3] quit
# 配置三层聚合子接口11.1,将该接口与vpn1绑定。配置该子接口终结VLAN 10,并配置该接口的地址为201.1.1.1/24。
[DeviceB] interface route-aggregation 11.1
[DeviceB-Route-Aggregation11.1] ip binding vpn-instance vpn1
[DeviceB-Route-Aggregation11.1] vlan-type dot1q vid 10
[DeviceB-Route-Aggregation11.1] ip address 201.1.1.1 255.255.255.0
# 在三层聚合子接口11.1上设置OSPF的Hello定时器为1秒、Dead定时器为4秒。该接口的OSPF开销值为10,并采用MD5方式对报文进行验证。
[DeviceB-Route-Aggregation11.1] ospf timer hello 1
[DeviceB-Route-Aggregation11.1] ospf timer dead 4
[DeviceB-Route-Aggregation11.1] ospf cost 10
[DeviceB-Route-Aggregation11.1] ospf authentication-mode md5 1 plain 12345
[DeviceB-Route-Aggregation11.1] quit
# 配置三层聚合子接口11.2,将该接口与vpn2绑定。配置该子接口终结VLAN 20,并配置该接口的地址为202.1.1.1/24。
[DeviceB] interface route-aggregation 11.2
[DeviceB-Route-Aggregation11.2] ip binding vpn-instance vpn2
[DeviceB-Route-Aggregation11.2] vlan-type dot1q vid 20
[DeviceB-Route-Aggregation11.2] ip address 202.1.1.1 255.255.255.0
# 在三层聚合子接口11.2上设置OSPF的Hello定时器为1秒、Dead定时器为4秒。该接口的OSPF开销值为10,并采用MD5方式对报文进行验证。
[DeviceB-Route-Aggregation11.2] ospf timer hello 1
[DeviceB-Route-Aggregation11.2] ospf timer dead 4
[DeviceB-Route-Aggregation11.2] ospf cost 10
[DeviceB-Route-Aggregation11.2] ospf authentication-mode md5 1 plain 12345
[DeviceB-Route-Aggregation11.2] quit
# 配置名称为list1的前缀列表,其中序号10的表项仅允许201.1.1.0/24网段通过过滤;序号20的表项仅允许19.0.0.0/24网段通过过滤。
[DeviceB] ip prefix-list list1 index 10 permit 201.1.1.0 24
[DeviceB] ip prefix-list list1 index 20 permit 19.0.0.0 24
# 配置名称为list2的前缀列表,其中序号10的表项仅允许202.1.1.0/24网段通过过滤;序号20的表项仅允许20.0.0.0/24网段通过过滤。
[DeviceB] ip prefix-list list2 index 10 permit 202.1.1.0 24
[DeviceB] ip prefix-list list2 index 20 permit 20.0.0.0 24
# 配置路由策略p1。
[DeviceB] route-policy p1 permit node 10
[DeviceB-route-policy-p1-10] if-match ip address prefix-list list1
[DeviceB-route-policy-p1-10] quit
# 配置路由策略p2。
[DeviceB] route-policy p2 permit node 10
[DeviceB-route-policy-p2-10] if-match ip address prefix-list list2
[DeviceB-route-policy-p2-10] quit
# 静态汇总vpn1的业务黑洞路由。
[DeviceB] ip route-static vpn-instance vpn1 19.0.0.0 24 null0
# 静态汇总vpn2的业务黑洞路由。
[DeviceB] ip route-static vpn-instance vpn2 20.0.0.0 24 null0
# 配置Loopback 1的地址为2.2.2.9/32,此地址作为OSPF进程15的Router ID。
[DeviceB] interface loopback 1
[DeviceB-LoopBack1] ip binding vpn-instance vpn1
[DeviceB-LoopBack1] ip address 2.2.2.9 32
[DeviceB-LoopBack1] quit
# 配置Loopback 2的地址为2.2.2.10/32,此地址作为OSPF进程115的Router ID。
[DeviceB] interface loopback 2
[DeviceB-LoopBack2] ip binding vpn-instance vpn2
[DeviceB-LoopBack2] ip address 2.2.2.10 32
[DeviceB-LoopBack2] quit
# 创建OSPF进程15,指定该进程的Router ID为2.2.2.9,并将该进程与vpn1绑定。
[DeviceB] ospf 15 router-id 2.2.2.9 vpn-instance vpn1
# 在OSPF进程15中通告vpn1业务路由11.1.1.0/24、172.168.1.0/24和201.1.1.0/24。
[DeviceB-ospf-15] area 0.0.0.0
[DeviceB-ospf-15-area-0.0.0.0] network 11.1.1.0 0.0.0.255
[DeviceB-ospf-15-area-0.0.0.0] network 172.168.1.0 0.0.0.255
[DeviceB-ospf-15-area-0.0.0.0] network 201.1.1.0 0.0.0.255
[DeviceB-ospf-15-area-0.0.0.0] quit
# 在OSPF进程15中引入直连路由和静态汇总后的业务路由,并通过路由策略对引入的路由进行过滤,避免Device B将业务1的明细路由发布给Device D。
[DeviceB-ospf-15] import-route direct route-policy p1
[DeviceB-ospf-15] import-route static route-policy p1
[DeviceB-ospf-15] quit
# 创建OSPF进程115,将该进程与vpn2绑定。并指定该进程的Router ID为2.2.2.10。
[DeviceB] ospf 115 router-id 2.2.2.10 vpn-instance vpn2
# 在OSPF进程115中通告vpn2业务路由12.1.1.0/24、192.168.1.0/24和202.1.1.0/24。
[DeviceB-ospf-115] area 0.0.0.0
[DeviceB-ospf-115-area-0.0.0.0] network 12.1.1.0 0.0.0.255
[DeviceB-ospf-115-area-0.0.0.0] network 192.168.1.0 0.0.0.255
[DeviceB-ospf-115-area-0.0.0.0] network 202.1.1.0 0.0.0.255
[DeviceB-ospf-115-area-0.0.0.0] quit
# 在OSPF进程115中引入直连路由和静态汇总后的业务路由,并通过路由策略对引入的路由进行过滤,避免Device B将业务2的明细路由发布给Device D。
[DeviceB-ospf-115] import-route direct route-policy p2
[DeviceB-ospf-115] import-route static route-policy p2
[DeviceB-ospf-115] quit
# 配置设备的名称为DeviceC。
<Sysname> system-view
[Sysname] sysname DeviceC
# 创建名称为vpn1和vpn2的VPN实例。
[DeviceC] ip vpn-instance vpn1
[DeviceC-vpn-instance-vpn1] quit
[DeviceC] ip vpn-instance vpn2
[DeviceC-vpn-instance-vpn2] quit
# 将接口LoopBack101、LoopBack103、LoopBack105、LoopBack107与名为vpn1的VPN实例关联,并配置上述接口的IP地址,使其处于21.0.0.0/24网段。
[DeviceC] interface loopback 101
[DeviceC-LoopBack101] ip binding vpn-instance vpn1
[DeviceC-LoopBack101] ip address 21.0.0.1 255.255.255.248
[DeviceC-LoopBack101] quit
[DeviceC] interface loopback 103
[DeviceC-LoopBack103] ip binding vpn-instance vpn1
[DeviceC-LoopBack103] ip address 21.0.0.9 255.255.255.248
[DeviceC-LoopBack103] quit
[DeviceC] interface loopback 105
[DeviceC-LoopBack105] ip binding vpn-instance vpn1
[DeviceC-LoopBack105] ip address 21.0.0.17 255.255.255.240
[DeviceC-LoopBack105] quit
[DeviceC] interface loopback 107
[DeviceC-LoopBack107] ip binding vpn-instance vpn1
[DeviceC-LoopBack107] ip address 21.0.0.33 255.255.255.240
[DeviceC-LoopBack107] quit
# 将接口LoopBack102、LoopBack104、LoopBack106、LoopBack108与名为vpn2的VPN实例关联,并配置上述接口的IP地址,使其处于22.0.0.0/24网段。
[DeviceC] interface loopback 102
[DeviceC-LoopBack102] ip binding vpn-instance vpn2
[DeviceC-LoopBack102] ip address 22.0.0.1 255.255.255.248
[DeviceC-LoopBack102] quit
[DeviceC] interface loopback 104
[DeviceC-LoopBack104] ip binding vpn-instance vpn2
[DeviceC-LoopBack104] ip address 22.0.0.9 255.255.255.248
[DeviceC-LoopBack104] quit
[DeviceC] interface loopback 106
[DeviceC-LoopBack106] ip binding vpn-instance vpn2
[DeviceC-LoopBack106] ip address 22.0.0.17 255.255.255.240
[DeviceC-LoopBack106] quit
[DeviceC] interface loopback 108
[DeviceC-LoopBack108] ip binding vpn-instance vpn2
[DeviceC-LoopBack108] ip address 22.0.0.33 255.255.255.240
[DeviceC-LoopBack108] quit
# 配置Device C与Device E的互联聚合口1。
[DeviceC] interface route-aggregation1
[DeviceC-Route-Aggregation1] link-aggregation mode dynamic
[DeviceC-Route-Aggregation1] quit
# 将接口HundredGigE1/0/1加入聚合组1。
[DeviceC] interface hundredgige 1/0/1
[DeviceC-HundredGigE1/0/1] port link-mode route
[DeviceC-HundredGigE1/0/1] port link-aggregation group 1
[DeviceC-HundredGigE1/0/1] quit
# 配置三层聚合子接口1.1,将该接口与vpn1绑定。配置该子接口终结VLAN 10,并配置该接口的地址为13.1.1.2/24。
[DeviceC] interface route-aggregation 1.1
[DeviceC-Route-Aggregation1.1] ip binding vpn-instance vpn1
[DeviceC-Route-Aggregation1.1] vlan-type dot1q vid 10
[DeviceC-Route-Aggregation1.1] ip address 13.1.1.2 255.255.255.0
# 在三层聚合子接口1.1上设置OSPF的Hello定时器为1秒、Dead定时器为4秒。该接口的OSPF开销值为10,并采用MD5方式对报文进行验证。
[DeviceC-Route-Aggregation1.1] ospf timer hello 1
[DeviceC-Route-Aggregation1.1] ospf timer dead 4
[DeviceC-Route-Aggregation1.1] ospf cost 10
[DeviceC-Route-Aggregation1.1] ospf authentication-mode md5 1 plain 12345
[DeviceC-Route-Aggregation1.1] quit
# 配置三层聚合子接口1.2,将该接口与vpn2绑定。配置该子接口终结VLAN 20,并配置该接口的地址为14.1.1.2/24。
[DeviceC] interface route-aggregation 1.2
[DeviceC-Route-Aggregation1.2] ip binding vpn-instance vpn2
[DeviceC-Route-Aggregation1.2] vlan-type dot1q vid 20
[DeviceC-Route-Aggregation1.2] ip address 14.1.1.2 255.255.255.0
# 在三层聚合子接口1.2上设置OSPF的Hello定时器为1秒、Dead定时器为4秒。该接口的OSPF开销值为10,并采用MD5方式对报文进行验证。
[DeviceC-Route-Aggregation1.2] ospf timer hello 1
[DeviceC-Route-Aggregation1.2] ospf timer dead 4
[DeviceC-Route-Aggregation1.2] ospf cost 10
[DeviceC-Route-Aggregation1.2] ospf authentication-mode md5 1 plain 12345
[DeviceC-Route-Aggregation1.2] quit
# 配置Device C与Device B的互联聚合口2。
[DeviceC] interface route-aggregation 2
[DeviceC-Route-Aggregation2] link-aggregation mode dynamic
[DeviceC-Route-Aggregation2] quit
# 将接口HundredGigE1/0/2加入聚合组2。
[DeviceC] interface hundredgige 1/0/2
[DeviceC-HundredGigE1/0/2] port link-mode route
[DeviceC-HundredGigE1/0/2] port link-aggregation group 2
[DeviceC-HundredGigE1/0/2] quit
# 配置三层聚合子接口2.1,将该接口与vpn1绑定。配置该子接口终结VLAN 10,并配置该接口的地址为172.168.1.2/24。
[DeviceC] interface route-aggregation 2.1
[DeviceC-Route-Aggregation2.1] ip binding vpn-instance vpn1
[DeviceC-Route-Aggregation2.1] vlan-type dot1q vid 10
[DeviceC-Route-Aggregation2.1] ip address 172.168.1.2 255.255.255.0
# 在三层聚合子接口2.1上设置OSPF的Hello定时器为1秒、Dead定时器为4秒。该接口的OSPF开销值为10,并采用MD5方式对报文进行验证。
[DeviceC-Route-Aggregation2.1] ospf timer hello 1
[DeviceC-Route-Aggregation2.1] ospf timer dead 4
[DeviceC-Route-Aggregation2.1] ospf cost 10
[DeviceC-Route-Aggregation2.1] ospf authentication-mode md5 1 plain 12345
[DeviceC-Route-Aggregation2.1] quit
# 配置三层聚合子接口2.2,将该接口与vpn2绑定。配置该子接口终结VLAN 20,并配置该接口的地址为192.168.1.2/24。
[DeviceC] interface route-aggregation 2.2
[DeviceC-Route-Aggregation2.2] ip binding vpn-instance vpn2
[DeviceC-Route-Aggregation2.2] vlan-type dot1q vid 20
[DeviceC-Route-Aggregation2.2] ip address 192.168.1.2 255.255.255.0
# 在三层聚合子接口2.2上设置OSPF的Hello定时器为1秒、Dead定时器为4秒。该接口的OSPF开销值为10,并采用MD5方式对报文进行验证。
[DeviceC-Route-Aggregation2.2] ospf timer hello 1
[DeviceC-Route-Aggregation2.2] ospf timer dead 4
[DeviceC-Route-Aggregation2.2] ospf cost 10
[DeviceC-Route-Aggregation2.2] ospf authentication-mode md5 1 plain 12345
[DeviceC-Route-Aggregation2.2] quit
# 配置Device C与Device A的互联聚合口11。
[DeviceC] interface route-aggregation 11
[DeviceC-Route-Aggregation11] link-aggregation mode dynamic
[DeviceC-Route-Aggregation11] quit
# 将接口HundredGigE1/0/3加入聚合组11。
[DeviceC] interface hundredgige 1/0/3
[DeviceC-HundredGigE1/0/3] port link-mode route
[DeviceC-HundredGigE1/0/3] port link-aggregation group 11
[DeviceC-HundredGigE1/0/3] quit
# 配置三层聚合子接口11.1,将该接口与vpn1绑定。配置该子接口终结VLAN 10,并配置该接口的地址为203.1.1.1/24。
[DeviceC] interface route-aggregation 11.1
[DeviceC-Route-Aggregation11.1] ip binding vpn-instance vpn1
[DeviceC-Route-Aggregation11.1] vlan-type dot1q vid 10
[DeviceC-Route-Aggregation11.1] ip address 203.1.1.1 255.255.255.0
# 在三层聚合子接口11.1上设置OSPF的Hello定时器为1秒、Dead定时器为4秒。该接口的OSPF开销值为10,并采用MD5方式对报文进行验证。
[DeviceC-Route-Aggregation11.1] ospf timer hello 1
[DeviceC-Route-Aggregation11.1] ospf timer dead 4
[DeviceC-Route-Aggregation11.1] ospf cost 10
[DeviceC-Route-Aggregation11.1] ospf authentication-mode md5 1 plain 12345
[DeviceC-Route-Aggregation11.1] quit
# 配置三层聚合子接口11.2,将该接口与vpn2绑定。配置该子接口终结VLAN 20,并配置该接口的地址为204.1.1.1/24。
[DeviceC] interface route-aggregation 11.2
[DeviceC-Route-Aggregation11.2] ip binding vpn-instance vpn2
[DeviceC-Route-Aggregation11.2] vlan-type dot1q vid 20
[DeviceC-Route-Aggregation11.2] ip address 204.1.1.1 255.255.255.0
# 在三层聚合子接口11.2上设置OSPF的Hello定时器为1秒、Dead定时器为4秒。该接口的OSPF开销值为10,并采用MD5方式对报文进行验证。
[DeviceC-Route-Aggregation11.2] ospf timer hello 1
[DeviceC-Route-Aggregation11.2] ospf timer dead 4
[DeviceC-Route-Aggregation11.2] ospf cost 10
[DeviceC-Route-Aggregation11.2] ospf authentication-mode md5 1 plain 12345
[DeviceC-Route-Aggregation11.2] quit
# 配置名称为list1的前缀列表,其中序号10的表项仅允许203.1.1.0/24网段通过过滤;序号20的表项仅允许21.0.0.0/24网段通过过滤。
[DeviceC] ip prefix-list list1 index 10 permit 203.1.1.0 24
[DeviceC] ip prefix-list list1 index 20 permit 21.0.0.0 24
# 配置名称为list2的前缀列表,其中序号10的表项仅允许204.1.1.0/24网段通过过滤;序号20的表项仅允许22.0.0.0/24网段通过过滤。
[DeviceC] ip prefix-list list2 index 10 permit 204.1.1.0 24
[DeviceC] ip prefix-list list2 index 20 permit 22.0.0.0 24
# 配置路由策略p1。
[DeviceC] route-policy p1 permit node 10
[DeviceC-route-policy-p1-10] if-match ip address prefix-list list1
[DeviceC-route-policy-p1-10] quit
# 配置路由策略p2。
[DeviceC] route-policy p2 permit node 10
[DeviceC-route-policy-p2-10] if-match ip address prefix-list list2
[DeviceC-route-policy-p2-10] quit
# 静态汇总vpn1的业务黑洞路由。
[DevicC] ip route-static vpn-instance vpn1 21.0.0.0 24 null0
# 静态汇总vpn2的业务黑洞路由。
[DeviceC] ip route-static vpn-instance vpn2 22.0.0.0 24 null0
# 配置Loopback 1的地址为3.3.3.9/32,此地址作为OSPF进程15的Router ID。
[DeviceC] interface loopback 1
[DeviceC-LoopBack1] ip binding vpn-instance vpn1
[DeviceC-LoopBack1] ip address 3.3.3.9 32
[DeviceC-LoopBack1] quit
# 配置Loopback 2的地址为3.3.3.10/32,此地址作为OSPF进程115的Router ID。
[DeviceC] interface loopback 2
[DeviceC-LoopBack2] ip binding vpn-instance vpn2
[DeviceC-LoopBack2] ip address 3.3.3.10 32
[DeviceC-LoopBack2] quit
# 创建OSPF进程15,指定该进程的Router ID为3.3.3.9,并将该进程与vpn1绑定。
[DeviceC] ospf 15 router-id 3.3.3.9 vpn-instance vpn1
# 通告vpn1业务路由13.1.1.0/24、172.168.1.0/24和203.1.1.0/24。
[DeviceC-ospf-15] area 0.0.0.0
[DeviceC-ospf-15-area-0.0.0.0] network 13.1.1.0 0.0.0.255
[DeviceC-ospf-15-area-0.0.0.0] network 172.168.1.0 0.0.0.255
[DeviceC-ospf-15-area-0.0.0.0] network 203.1.1.0 0.0.0.255
[DeviceC-ospf-15-area-0.0.0.0] quit
# 在OSPF进程15中引入直连路由和静态汇总后的业务路由,通过路由策略对引入的路由进行过滤,避免Device C将业务1的明细路由发布给Device E。
[DeviceC-ospf-15] import-route direct route-policy p1
[DeviceC-ospf-15] import-route static route-policy p1
[DeviceC-ospf-15] quit
# 创建OSPF进程115,指定该进程的Router ID为3.3.3.10,并将该进程与vpn2绑定。
[DeviceC] ospf 115 router-id 3.3.3.10 vpn-instance vpn2
# 通告vpn2业务路由14.1.1.0/24、192.168.1.0/24和204.1.1.0/24。
[DeviceC-ospf-115] area 0.0.0.0
[DeviceC-ospf-115-area-0.0.0.0] network 14.1.1.0 0.0.0.255
[DeviceC-ospf-115-area-0.0.0.0] network 192.168.1.0 0.0.0.255
[DeviceC-ospf-115-area-0.0.0.0] network 204.1.1.0 0.0.0.255
[DeviceC-ospf-115-area-0.0.0.0] quit
# 在OSPF 115中引入直连路由和静态汇总后的业务路由,并通过路由策略对引入的路由进行过滤,避免Device C将业务2的明细路由发布给Device E。
[DeviceC-ospf-115] import-route direct route-policy p2
[DeviceC-ospf-115] import-route static route-policy p2
[DeviceC-ospf-115] quit
# 配置设备的名称为DeviceD。
<Sysname> system-view
[Sysname] sysname DeviceD
# 创建名称为vpn1和vpn2的VPN实例。
[DeviceD] ip vpn-instance vpn1
[DeviceD-vpn-instance-vpn1] quit
[DeviceD] ip vpn-instance vpn2
[DeviceD-vpn-instance-vpn2] quit
# 配置Device D与Device B的互联三层聚合口1。
[DeviceD] interface route-aggregation1
[DeviceD-Route-Aggregation1] link-aggregation mode dynamic
[DeviceD-Route-Aggregation1] quit
# 将接口HundredGigE1/0/1加入聚合组1。
[DeviceD] interface hundredgige 1/0/1
[DeviceD-HundredGigE1/0/1] port link-mode route
[DeviceD-HundredGigE1/0/1] port link-aggregation group 1
[DeviceD-HundredGigE1/0/1] quit
# 配置三层聚合子接口1.1,将该接口与vpn1绑定。配置该子接口终结VLAN 10,并配置该接口的地址为11.1.1.1/24。
[DeviceD] interface route-aggregation 1.1
[DeviceD-Route-Aggregation1.1] ip binding vpn-instance vpn1
[DeviceD-Route-Aggregation1.1] vlan-type dot1q vid 10
[DeviceD-Route-Aggregation1.1] ip address 11.1.1.1 255.255.255.0
# 在三层聚合子接口1.1上设置OSPF的Hello定时器为1秒、Dead定时器为4秒。该接口的OSPF开销值为10,并采用MD5方式对报文进行验证。
[DeviceD-Route-Aggregation1.1] ospf timer hello 1
[DeviceD-Route-Aggregation1.1] ospf timer dead 4
[DeviceD-Route-Aggregation1.1] ospf cost 10
[DeviceD-Route-Aggregation1.1] ospf authentication-mode md5 1 plain 12345
[DeviceD-Route-Aggregation1.1] quit
# 配置三层聚合子接口1.2,将该接口与vpn2绑定。配置该子接口终结VLAN 20,并配置该接口的地址为12.1.1.1/24。
[DeviceD] interface route-aggregation 1.2
[DeviceD-Route-Aggregation1.2] ip binding vpn-instance vpn2
[DeviceD-Route-Aggregation1.2] vlan-type dot1q vid 20
[DeviceD-Route-Aggregation1.2] ip address 12.1.1.1 255.255.255.0
# 在三层聚合子接口1.2上设置OSPF的Hello定时器为1秒、Dead定时器为4秒。该接口的OSPF开销值为10,并采用MD5方式对报文进行验证。
[DeviceD-Route-Aggregation1.2] ospf timer hello 1
[DeviceD-Route-Aggregation1.2] ospf timer dead 4
[DeviceD-Route-Aggregation1.2] ospf cost 10
[DeviceD-Route-Aggregation1.2] ospf authentication-mode md5 1 plain 12345
[DeviceD-Route-Aggregation1.2] quit
# 配置Loopback 1的地址为4.4.4.9/32,此地址作为OSPF进程15的Router ID。
[DeviceD] interface loopback 1
[DeviceD-LoopBack1] ip binding vpn-instance vpn1
[DeviceD-LoopBack1] ip address 4.4.4.9 32
[DeviceD-LoopBack1] quit
# 配置Loopback 2的地址为4.4.4.10/32,此地址作为OSPF进程115的Router ID。
[DeviceD] interface loopback 2
[DeviceD-LoopBack1] ip binding vpn-instance vpn2
[DeviceD-LoopBack1] ip address 4.4.4.10 32
[DeviceD-LoopBack1] quit
# 创建OSPF进程15,指定该进程的Router ID为4.4.4.9,并将该进程与vpn1绑定。
[DeviceD] ospf 15 router-id 4.4.4.9 vpn-instance vpn1
# 通告vpn1网段路由11.1.1.0/24。
[DeviceD-ospf-15] area 0.0.0.0
[DeviceD-ospf-15-area-0.0.0.0] network 11.1.1.0 0.0.0.255
[DeviceD-ospf-15-area-0.0.0.0] quit
[DeviceD-ospf-15] quit
# 创建OSPF进程115,指定该进程的Router ID为4.4.4.10,并将该进程与vpn2绑定。
[DeviceD] ospf 115 router-id 4.4.4.10 vpn-instance vpn2
# 通告vpn2网段路由12.1.1.0/24。
[DeviceD-ospf-115] area 0.0.0.0
[DeviceD-ospf-115-area-0.0.0.0] network 12.1.1.0 0.0.0.255
[DeviceD-ospf-115-area-0.0.0.0] quit
# 配置设备的名称为DeviceE。
<Sysname> system-view
[Sysname] sysname DeviceE
# 创建名称为vpn1和vpn2的实例。
[DeviceE] ip vpn-instance vpn1
[DeviceE-vpn-instance-vpn1] quit
[DeviceE] ip vpn-instance vpn2
[DeviceE-vpn-instance-vpn2] quit
# 配置Device D与Device C的互联三层聚合口1。
[DeviceE] interface route-aggregation 1
[DeviceE-Route-Aggregation1] link-aggregation mode dynamic
[DeviceE-Route-Aggregation1] quit
# 将接口HundredGigE1/0/1加入聚合组1。
[DeviceE] interface hundredgige 1/0/1
[DeviceE-HundredGigE1/0/1] port link-mode route
[DeviceE-HundredGigE1/0/1] port link-aggregation group 1
[DeviceE-HundredGigE1/0/1] quit
# 配置三层聚合子接口1.1,将该接口与vpn1绑定。配置该子接口终结VLAN 10,并配置该接口的地址为13.1.1.1/24。
[DeviceE] interface route-aggregation 1.1
[DeviceE-Route-Aggregation1.1] ip binding vpn-instance vpn1
[DeviceE-Route-Aggregation1.1] vlan-type dot1q vid 10
[DeviceE-Route-Aggregation1.1] ip address 13.1.1.1 255.255.255.0
# 在三层聚合子接口1.1上设置OSPF的Hello定时器为1秒、Dead定时器为4秒。该接口的OSPF开销值为10,并采用MD5方式对报文进行验证。
[DeviceE-Route-Aggregation1.1] ospf timer hello 1
[DeviceE-Route-Aggregation1.1] ospf timer dead 4
[DeviceE-Route-Aggregation1.1] ospf cost 10
[DeviceE-Route-Aggregation1.1] ospf authentication-mode md5 1 plain 12345
[DeviceE-Route-Aggregation1.1] quit
# 配置三层聚合子接口1.2,将该接口与vpn2绑定。配置该子接口终结VLAN 20,并配置该接口的地址为14.1.1.1/24。
[DeviceE] interface route-aggregation 1.2
[DeviceE-Route-Aggregation1.2] ip binding vpn-instance vpn2
[DeviceE-Route-Aggregation1.2] vlan-type dot1q vid 20
[DeviceE-Route-Aggregation1.2] ip address 14.1.1.1 255.255.255.0
# 在三层聚合子接口1.2上设置OSPF的Hello定时器为1秒、Dead定时器为4秒。该接口的OSPF开销值为10,并采用MD5方式对报文进行验证。
[DeviceE-Route-Aggregation1.2] ospf timer hello 1
[DeviceE-Route-Aggregation1.2] ospf timer dead 4
[DeviceE-Route-Aggregation1.2] ospf cost 10
[DeviceE-Route-Aggregation1.2] ospf authentication-mode md5 1 plain 12345
[DeviceE-Route-Aggregation1.2] quit
# 配置Loopback 1的地址为5.5.5.9/32,此地址作为OSPF进程15的Router ID。
[DeviceE] interface loopback 1
[DeviceE-LoopBack1] ip binding vpn-instance vpn1
[DeviceE-LoopBack1] ip address 5.5.5.9 32
[DeviceE-LoopBack1] quit
# 配置Loopback 2的地址为5.5.5.10/32,此地址作为OSPF进程115的Router ID。
[DeviceE] interface loopback 2
[DeviceE-LoopBack2] ip binding vpn-instance vpn2
[DeviceE-LoopBack2] ip address 5.5.5.10 32
[DeviceE-LoopBack2] quit
# 创建OSPF进程15,指定该进程的Router ID为5.5.5.9,并将该进程与vpn1的实例绑定。
[DeviceE] ospf 15 router-id 5.5.5.9 vpn-instance vpn1
# 通告vpn1网段路由13.1.1.0/24。
[DeviceE-ospf-15] area 0.0.0.0
[DeviceE-ospf-15-area-0.0.0.0] network 13.1.1.0 0.0.0.255
[DeviceE-ospf-15-area-0.0.0.0] quit
[DeviceE-ospf-15] quit
# 创建OSPF进程115,指定该进程的Router ID为5.5.5.10,并将该进程与vpn2的实例绑定。
[DeviceE] ospf 115 router-id 5.5.5.10 vpn-instance vpn2
# 通告vpn2网段路由14.1.1.0/24。
[DeviceE-ospf-115] area 0.0.0.0
[DeviceE-ospf-115-area-0.0.0.0] network 14.1.1.0 0.0.0.255
[DeviceE-ospf-115-area-0.0.0.0] quit
[DeviceE-ospf-115] quit
# 在Device B上执行display ip routing-table vpn-instance命令,查看路由表信息,业务1和业务2的路由相互隔离。同时,Device B上拥有19.0.0.0/24和20.0.0.0/24网段的明细路由。
[DeviceB] display ip routing-table vpn-instance vpn1
Destinations : 36 Routes : 37
Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
2.2.2.9/32 Direct 0 0 127.0.0.1 InLoop0
11.1.1.0/24 Direct 0 0 11.1.1.2 RAGG1.1
11.1.1.0/32 Direct 0 0 11.1.1.2 RAGG1.1
11.1.1.2/32 Direct 0 0 127.0.0.1 InLoop0
11.1.1.255/32 Direct 0 0 11.1.1.2 RAGG1.1
13.1.1.0/24 O_INTRA 10 20 172.168.1.2 RAGG2.1
19.0.0.0/24 Static 60 0 0.0.0.0 NULL0
19.0.0.0/29 Direct 0 0 19.0.0.1 Loop101
19.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
19.0.0.7/32 Direct 0 0 19.0.0.1 Loop101
19.0.0.8/29 Direct 0 0 19.0.0.9 Loop103
19.0.0.8/32 Direct 0 0 19.0.0.9 Loop103
19.0.0.9/32 Direct 0 0 127.0.0.1 InLoop0
19.0.0.15/32 Direct 0 0 19.0.0.9 Loop103
19.0.0.16/28 Direct 0 0 19.0.0.17 Loop105
19.0.0.16/32 Direct 0 0 19.0.0.17 Loop105
19.0.0.17/32 Direct 0 0 127.0.0.1 InLoop0
19.0.0.31/32 Direct 0 0 19.0.0.17 Loop105
19.0.0.32/28 Direct 0 0 19.0.0.33 Loop107
19.0.0.32/32 Direct 0 0 19.0.0.33 Loop107
19.0.0.33/32 Direct 0 0 127.0.0.1 InLoop0
19.0.0.47/32 Direct 0 0 19.0.0.33 Loop107
21.0.0.0/24 O_ASE2 150 1 172.168.1.2 RAGG2.1
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
172.168.1.0/24 Direct 0 0 172.168.1.1 RAGG2.1
172.168.1.0/32 Direct 0 0 172.168.1.1 RAGG2.1
172.168.1.1/32 Direct 0 0 127.0.0.1 InLoop0
172.168.1.255/32 Direct 0 0 172.168.1.1 RAGG2.1
201.1.1.0/24 Direct 0 0 201.1.1.1 RAGG11.1
201.1.1.0/32 Direct 0 0 201.1.1.1 RAGG11.1
201.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0
201.1.1.255/32 Direct 0 0 201.1.1.1 RAGG11.1
203.1.1.0/24 O_INTRA 10 20 172.168.1.2 RAGG2.1
O_INTRA 10 20 201.1.1.2 RAGG11.1
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
[DeviceB] display ip routing-table vpn-instance vpn2
Destinations : 36 Routes : 37
Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
2.2.2.10/32 Direct 0 0 127.0.0.1 InLoop0
12.1.1.0/24 Direct 0 0 12.1.1.2 RAGG1.2
12.1.1.0/32 Direct 0 0 12.1.1.2 RAGG1.2
12.1.1.2/32 Direct 0 0 127.0.0.1 InLoop0
12.1.1.255/32 Direct 0 0 12.1.1.2 RAGG1.2
14.1.1.0/24 O_INTRA 10 20 192.168.1.2 RAGG2.2
20.0.0.0/24 Static 60 0 0.0.0.0 NULL0
20.0.0.0/29 Direct 0 0 20.0.0.1 Loop102
20.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
20.0.0.7/32 Direct 0 0 20.0.0.1 Loop102
20.0.0.8/29 Direct 0 0 20.0.0.9 Loop104
20.0.0.8/32 Direct 0 0 20.0.0.9 Loop104
20.0.0.9/32 Direct 0 0 127.0.0.1 InLoop0
20.0.0.15/32 Direct 0 0 20.0.0.9 Loop104
20.0.0.16/28 Direct 0 0 20.0.0.17 Loop106
20.0.0.16/32 Direct 0 0 20.0.0.17 Loop106
20.0.0.17/32 Direct 0 0 127.0.0.1 InLoop0
20.0.0.31/32 Direct 0 0 20.0.0.17 Loop106
20.0.0.32/28 Direct 0 0 20.0.0.33 Loop108
20.0.0.32/32 Direct 0 0 20.0.0.33 Loop108
20.0.0.33/32 Direct 0 0 127.0.0.1 InLoop0
20.0.0.47/32 Direct 0 0 20.0.0.33 Loop108
22.0.0.0/24 O_ASE2 150 1 192.168.1.2 RAGG2.2
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
192.168.1.0/24 Direct 0 0 192.168.1.1 RAGG2.2
192.168.1.0/32 Direct 0 0 192.168.1.1 RAGG2.2
192.168.1.1/32 Direct 0 0 127.0.0.1 InLoop0
192.168.1.255/32 Direct 0 0 192.168.1.1 RAGG2.2
202.1.1.0/24 Direct 0 0 202.1.1.1 RAGG11.2
202.1.1.0/32 Direct 0 0 202.1.1.1 RAGG11.2
202.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0
202.1.1.255/32 Direct 0 0 202.1.1.1 RAGG11.2
204.1.1.0/24 O_INTRA 10 20 192.168.1.2 RAGG2.2
O_INTRA 10 20 202.1.1.2 RAGG11.2
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
# 在Device C上执行display ip routing-table vpn-instance命令,查看路由表信息,业务1和业务2的路由相互隔离。同时,Device C上拥有21.0.0.0/24和22.0.0.0/24网段的明细路由。
[DeviceC] display ip routing-table vpn-instance vpn1
Destinations : 32 Routes : 33
Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
3.3.3.9/32 Direct 0 0 127.0.0.1 InLoop0
11.1.1.0/24 O_INTRA 10 20 172.168.1.1 RAGG2.1
13.1.1.0/24 Direct 0 0 13.1.1.2 RAGG1.1
13.1.1.0/32 Direct 0 0 13.1.1.2 RAGG1.1
13.1.1.2/32 Direct 0 0 127.0.0.1 InLoop0
13.1.1.255/32 Direct 0 0 13.1.1.2 RAGG1.1
19.0.0.0/24 O_ASE2 150 1 172.168.1.1 RAGG2.1
21.0.0.0/24 Static 60 0 0.0.0.0 NULL0
21.0.0.0/29 Direct 0 0 21.0.0.1 Loop101
21.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
21.0.0.7/32 Direct 0 0 21.0.0.1 Loop101
21.0.0.8/29 Direct 0 0 21.0.0.9 Loop103
21.0.0.8/32 Direct 0 0 21.0.0.9 Loop103
21.0.0.9/32 Direct 0 0 127.0.0.1 InLoop0
21.0.0.15/32 Direct 0 0 21.0.0.9 Loop103
21.0.0.32/28 Direct 0 0 21.0.0.33 Loop107
21.0.0.32/32 Direct 0 0 21.0.0.33 Loop107
21.0.0.33/32 Direct 0 0 127.0.0.1 InLoop0
21.0.0.47/32 Direct 0 0 21.0.0.33 Loop107
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
172.168.1.0/24 Direct 0 0 172.168.1.2 RAGG2.1
172.168.1.0/32 Direct 0 0 172.168.1.2 RAGG2.1
172.168.1.2/32 Direct 0 0 127.0.0.1 InLoop0
172.168.1.255/32 Direct 0 0 172.168.1.2 RAGG2.1
201.1.1.0/24 O_INTRA 10 20 172.168.1.1 RAGG2.1
O_INTRA 10 20 203.1.1.2 RAGG11.1
203.1.1.0/24 Direct 0 0 203.1.1.1 RAGG11.1
203.1.1.0/32 Direct 0 0 203.1.1.1 RAGG11.1
203.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0
203.1.1.255/32 Direct 0 0 203.1.1.1 RAGG11.1
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
[DeviceC] display ip routing-table vpn-instance vpn2
Destinations : 32 Routes : 33
Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
3.3.3.10/32 Direct 0 0 127.0.0.1 InLoop0
12.1.1.0/24 O_INTRA 10 20 192.168.1.1 RAGG2.2
14.1.1.0/24 Direct 0 0 14.1.1.2 RAGG1.2
14.1.1.0/32 Direct 0 0 14.1.1.2 RAGG1.2
14.1.1.2/32 Direct 0 0 127.0.0.1 InLoop0
14.1.1.255/32 Direct 0 0 14.1.1.2 RAGG1.2
20.0.0.0/24 O_ASE2 150 1 192.168.1.1 RAGG2.2
22.0.0.0/24 Static 60 0 0.0.0.0 NULL0
22.0.0.0/29 Direct 0 0 22.0.0.1 Loop102
22.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
22.0.0.7/32 Direct 0 0 22.0.0.1 Loop102
22.0.0.8/29 Direct 0 0 22.0.0.9 Loop104
22.0.0.8/32 Direct 0 0 22.0.0.9 Loop104
22.0.0.9/32 Direct 0 0 127.0.0.1 InLoop0
22.0.0.15/32 Direct 0 0 22.0.0.9 Loop104
22.0.0.16/28 Direct 0 0 22.0.0.17 Loop106
22.0.0.16/32 Direct 0 0 22.0.0.17 Loop106
22.0.0.17/32 Direct 0 0 127.0.0.1 InLoop0
22.0.0.31/32 Direct 0 0 22.0.0.17 Loop106
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
192.168.1.0/24 Direct 0 0 192.168.1.2 RAGG2.2
192.168.1.0/32 Direct 0 0 192.168.1.2 RAGG2.2
192.168.1.2/32 Direct 0 0 127.0.0.1 InLoop0
192.168.1.255/32 Direct 0 0 192.168.1.2 RAGG2.2
202.1.1.0/24 O_INTRA 10 20 192.168.1.1 RAGG2.2
O_INTRA 10 20 204.1.1.2 RAGG11.2
204.1.1.0/24 Direct 0 0 204.1.1.1 RAGG11.2
204.1.1.0/32 Direct 0 0 204.1.1.1 RAGG11.2
204.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0
204.1.1.255/32 Direct 0 0 204.1.1.1 RAGG11.2
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
# 在Device D上执行display ip routing-table vpn-instance命令,查看路由表信息。业务1和业务2的路由相互隔离。同时,Device D上仅有vpn1的业务网段19.0.0.0/24和21.0.0.0/24、vpn2的业务网段20.0.0.0/24和22.0.0.0/24的聚合路由,不存在上述网段的明细路由。
[DeviceD] display ip routing-table vpn-instance vpn1
Destinations : 14 Routes : 14
Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
4.4.4.9/32 Direct 0 0 127.0.0.1 InLoop0
11.1.1.0/24 Direct 0 0 11.1.1.1 RAGG1.1
11.1.1.0/32 Direct 0 0 11.1.1.1 RAGG1.1
11.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0
11.1.1.255/32 Direct 0 0 11.1.1.1 RAGG1.1
13.1.1.0/24 O_INTRA 10 30 11.1.1.2 RAGG1.1
19.0.0.0/24 O_ASE2 150 1 11.1.1.2 RAGG1.1
21.0.0.0/24 O_ASE2 150 1 11.1.1.2 RAGG1.1
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
172.168.1.0/24 O_INTRA 10 20 11.1.1.2 RAGG1.1
201.1.1.0/24 O_INTRA 10 20 11.1.1.2 RAGG1.1
203.1.1.0/24 O_INTRA 10 30 11.1.1.2 RAGG1.1
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
[DeviceD] display ip routing-table vpn-instance vpn2
Destinations : 14 Routes : 14
Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
4.4.4.10/32 Direct 0 0 127.0.0.1 InLoop0
12.1.1.0/24 Direct 0 0 12.1.1.1 RAGG1.2
12.1.1.0/32 Direct 0 0 12.1.1.1 RAGG1.2
12.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0
12.1.1.255/32 Direct 0 0 12.1.1.1 RAGG1.2
14.1.1.0/24 O_INTRA 10 30 12.1.1.2 RAGG1.2
20.0.0.0/24 O_ASE2 150 1 12.1.1.2 RAGG1.2
22.0.0.0/24 O_ASE2 150 1 12.1.1.2 RAGG1.2
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
192.168.1.0/24 O_INTRA 10 20 12.1.1.2 RAGG1.2
202.1.1.0/24 O_INTRA 10 20 12.1.1.2 RAGG1.2
204.1.1.0/24 O_INTRA 10 30 12.1.1.2 RAGG1.2
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
# 在Device E上执行display ip routing-table vpn-instance命令,查看路由表信息。可以看到业务1和业务2的路由相互隔离。同时,Device E上仅有vpn1的业务网段19.0.0.0/24和21.0.0.0/24、vpn2的业务网段20.0.0.0/24和22.0.0.0/24的聚合路由,不存在上述网段的明细路由。
[DeviceE] display ip routing-table vpn-instance vpn1
Destinations : 14 Routes : 14
Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
5.5.5.9/32 Direct 0 0 127.0.0.1 InLoop0
11.1.1.0/24 O_INTRA 10 30 13.1.1.2 RAGG1.1
13.1.1.0/24 Direct 0 0 13.1.1.1 RAGG1.1
13.1.1.0/32 Direct 0 0 13.1.1.1 RAGG1.1
13.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0
13.1.1.255/32 Direct 0 0 13.1.1.1 RAGG1.1
19.0.0.0/24 O_ASE2 150 1 13.1.1.2 RAGG1.1
21.0.0.0/24 O_ASE2 150 1 13.1.1.2 RAGG1.1
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
172.168.1.0/24 O_INTRA 10 20 13.1.1.2 RAGG1.1
201.1.1.0/24 O_INTRA 10 30 13.1.1.2 RAGG1.1
203.1.1.0/24 O_INTRA 10 20 13.1.1.2 RAGG1.1
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
[DeviceE] display ip routing-table vpn-instance vpn2
Destinations : 14 Routes : 14
Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
5.5.5.10/32 Direct 0 0 127.0.0.1 InLoop0
12.1.1.0/24 O_INTRA 10 30 14.1.1.2 RAGG1.2
14.1.1.0/24 Direct 0 0 14.1.1.1 RAGG1.2
14.1.1.0/32 Direct 0 0 14.1.1.1 RAGG1.2
14.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0
14.1.1.255/32 Direct 0 0 14.1.1.1 RAGG1.2
20.0.0.0/24 O_ASE2 150 1 14.1.1.2 RAGG1.2
22.0.0.0/24 O_ASE2 150 1 14.1.1.2 RAGG1.2
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
192.168.1.0/24 O_INTRA 10 20 14.1.1.2 RAGG1.2
202.1.1.0/24 O_INTRA 10 30 14.1.1.2 RAGG1.2
204.1.1.0/24 O_INTRA 10 20 14.1.1.2 RAGG1.2
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
# 在Device A上执行ping命令,可以与Device D的vpn1网段、vpn2网段互通,也可以与Device E的vpn1网段、vpn2网段互通。
· Device A能ping通Device D的vpn1网段IP 11.1.1.1。
<DeviceA> ping -vpn-instance vpn1 11.1.1.1
Ping 11.1.1.1 (11.1.1.1): 56 data bytes, press CTRL+C to break
56 bytes from 11.1.1.1: icmp_seq=0 ttl=254 time=2.000 ms
56 bytes from 11.1.1.1: icmp_seq=1 ttl=254 time=2.000 ms
56 bytes from 11.1.1.1: icmp_seq=2 ttl=254 time=2.000 ms
56 bytes from 11.1.1.1: icmp_seq=3 ttl=254 time=2.000 ms
56 bytes from 11.1.1.1: icmp_seq=4 ttl=254 time=1.000 ms
--- Ping statistics for 11.1.1.1 in VPN instance vpn1 ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 1.000/1.800/2.000/0.400 ms
· Device A能ping通Device D的vpn2网段IP 12.1.1.1。
<DeviceA> ping -vpn-instance vpn2 12.1.1.1
Ping 12.1.1.1 (12.1.1.1): 56 data bytes, press CTRL+C to break
56 bytes from 12.1.1.1: icmp_seq=0 ttl=254 time=2.000 ms
56 bytes from 12.1.1.1: icmp_seq=1 ttl=254 time=1.000 ms
56 bytes from 12.1.1.1: icmp_seq=2 ttl=254 time=1.000 ms
56 bytes from 12.1.1.1: icmp_seq=3 ttl=254 time=1.000 ms
56 bytes from 12.1.1.1: icmp_seq=4 ttl=254 time=2.000 ms
--- Ping statistics for 12.1.1.1 in VPN instance vpn2 ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 1.000/1.400/2.000/0.490 ms
· Device A能ping通Device E的vpn1网段IP 13.1.1.1。
<DeviceA> ping -vpn-instance vpn1 13.1.1.1
Ping 13.1.1.1 (13.1.1.1): 56 data bytes, press CTRL+C to break
56 bytes from 13.1.1.1: icmp_seq=0 ttl=254 time=2.000 ms
56 bytes from 13.1.1.1: icmp_seq=1 ttl=254 time=2.000 ms
56 bytes from 13.1.1.1: icmp_seq=2 ttl=254 time=2.000 ms
56 bytes from 13.1.1.1: icmp_seq=3 ttl=254 time=2.000 ms
56 bytes from 13.1.1.1: icmp_seq=4 ttl=254 time=1.000 ms
--- Ping statistics for 13.1.1.1 in VPN instance vpn1 ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 1.000/1.800/2.000/0.400 ms
· Device A能ping通Device E的vpn2网段IP 14.1.1.1。
<DeviceA> ping -vpn-instance vpn2 14.1.1.1
Ping 14.1.1.1 (14.1.1.1): 56 data bytes, press CTRL+C to break
56 bytes from 14.1.1.1: icmp_seq=0 ttl=254 time=2.000 ms
56 bytes from 14.1.1.1: icmp_seq=1 ttl=254 time=1.000 ms
56 bytes from 14.1.1.1: icmp_seq=2 ttl=254 time=1.000 ms
56 bytes from 14.1.1.1: icmp_seq=3 ttl=254 time=1.000 ms
56 bytes from 14.1.1.1: icmp_seq=4 ttl=254 time=2.000 ms
--- Ping statistics for 14.1.1.1 in VPN instance vpn2 ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 1.000/1.400/2.000/0.490 ms
· Device A:
#
sysname DeviceA
#
ip vpn-instance vpn1
#
ip vpn-instance vpn2
#
ospf 15 router-id 1.1.1.9 vpn-instance vpn1
area 0.0.0.0
network 201.1.1.0 0.0.0.255
network 203.1.1.0 0.0.0.255
#
ospf 115 router-id 1.1.1.10 vpn-instance vpn2
area 0.0.0.0
network 202.1.1.0 0.0.0.255
network 204.1.1.0 0.0.0.255
#
interface Route-Aggregation11
link-aggregation mode dynamic
#
interface Route-Aggregation11.1
ip binding vpn-instance vpn1
ip address 201.1.1.2 255.255.255.0
ospf cost 10
ospf timer hello 1
ospf timer dead 4
ospf authentication-mode md5 1 plain 12345
vlan-type dot1q vid 10
#
interface Route-Aggregation11.2
ip binding vpn-instance vpn2
ip address 202.1.1.2 255.255.255.0
ospf cost 10
ospf timer hello 1
ospf timer dead 4
ospf authentication-mode md5 1 plain 12345
vlan-type dot1q vid 20
#
interface Route-Aggregation12
link-aggregation mode dynamic
#
interface Route-Aggregation12.1
ip binding vpn-instance vpn1
ip address 203.1.1.2 255.255.255.0
ospf cost 10
ospf timer hello 1
ospf timer dead 4
ospf authentication-mode md5 1 plain 12345
vlan-type dot1q vid 10
#
interface Route-Aggregation12.2
ip binding vpn-instance vpn2
ip address 204.1.1.2 255.255.255.0
ospf cost 10
ospf timer hello 1
ospf timer dead 4
ospf authentication-mode md5 1 plain 12345
vlan-type dot1q vid 20
#
interface LoopBack1
ip binding vpn-instance vpn1
ip address 1.1.1.9 255.255.255.255
#
interface LoopBack2
ip binding vpn-instance vpn2
ip address 1.1.1.10 255.255.255.255
#
interface HundredGigE1/0/1
port link-mode route
port link-aggregation group 11
#
interface HundredGigE1/0/2
port link-mode route
port link-aggregation group 12
#
· Device B:
#
sysname DeviceB
#
ip vpn-instance vpn1
#
ip vpn-instance vpn2
#
ospf 15 router-id 2.2.2.9 vpn-instance vpn1
import-route direct route-policy p1
import-route static route-policy p1
area 0.0.0.0
network 11.1.1.0 0.0.0.255
network 172.168.1.0 0.0.0.255
network 201.1.1.0 0.0.0.255
#
ospf 115 router-id 2.2.2.10 vpn-instance vpn2
import-route direct route-policy p2
import-route static route-policy p2
area 0.0.0.0
network 12.1.1.0 0.0.0.255
network 192.168.1.0 0.0.0.255
network 202.1.1.0 0.0.0.255
#
interface Route-Aggregation1
link-aggregation mode dynamic
#
interface Route-Aggregation1.1
ip binding vpn-instance vpn1
ip address 11.1.1.2 255.255.255.0
ospf cost 10
ospf timer hello 1
ospf timer dead 4
ospf authentication-mode md5 1 plain 12345
vlan-type dot1q vid 10
#
interface Route-Aggregation1.2
ip binding vpn-instance vpn2
ip address 12.1.1.2 255.255.255.0
ospf cost 10
ospf timer hello 1
ospf timer dead 4
ospf authentication-mode md5 1 plain 12345
vlan-type dot1q vid 20
#
interface Route-Aggregation2
link-aggregation mode dynamic
#
interface Route-Aggregation2.1
ip binding vpn-instance vpn1
ip address 172.168.1.1 255.255.255.0
ospf cost 10
ospf timer hello 1
ospf timer dead 4
ospf authentication-mode md5 1 plain 12345
ospf network-type p2p
vlan-type dot1q vid 10
#
interface Route-Aggregation2.2
ip binding vpn-instance vpn2
ip address 192.168.1.1 255.255.255.0
ospf cost 10
ospf timer hello 1
ospf timer dead 4
ospf authentication-mode md5 1 plain 12345
vlan-type dot1q vid 20
#
interface Route-Aggregation11
link-aggregation mode dynamic
#
interface Route-Aggregation11.1
ip binding vpn-instance vpn1
ip address 201.1.1.1 255.255.255.0
ospf cost 10
ospf timer hello 1
ospf timer dead 4
ospf authentication-mode md5 1 plain 12345
vlan-type dot1q vid 10
#
interface Route-Aggregation11.2
ip binding vpn-instance vpn2
ip address 202.1.1.1 255.255.255.0
ospf cost 10
ospf timer hello 1
ospf timer dead 4
ospf authentication-mode md5 1 plain 12345
vlan-type dot1q vid 20
#
interface LoopBack1
ip binding vpn-instance vpn1
ip address 2.2.2.9 255.255.255.255
#
interface LoopBack2
ip binding vpn-instance vpn2
ip address 2.2.2.10 255.255.255.255
#
interface LoopBack101
ip binding vpn-instance vpn1
ip address 19.0.0.1 255.255.255.248
#
interface LoopBack102
ip binding vpn-instance vpn2
ip address 20.0.0.1 255.255.255.248
#
interface LoopBack103
ip binding vpn-instance vpn1
ip address 19.0.0.9 255.255.255.248
#
interface LoopBack104
ip binding vpn-instance vpn2
ip address 20.0.0.9 255.255.255.248
#
interface LoopBack105
ip binding vpn-instance vpn1
ip address 19.0.0.17 255.255.255.240
#
interface LoopBack106
ip binding vpn-instance vpn2
ip address 20.0.0.17 255.255.255.240
#
interface LoopBack107
ip binding vpn-instance vpn1
ip address 19.0.0.33 255.255.255.240
#
interface HundredGigE1/0/1
port link-mode route
port link-aggregation group 1
#
interface HundredGigE1/0/2
port link-mode route
port link-aggregation group 2
#
interface HundredGigE1/0/3
port link-mode route
port link-aggregation group 11
#
route-policy p1 permit node 10
if-match ip address prefix-list list1
#
route-policy p2 permit node 10
if-match ip address prefix-list list2
#
ip prefix-list list1 index 10 permit 19.0.0.0 24
ip prefix-list list1 index 20 permit 201.1.1.0 24
ip prefix-list list2 index 10 permit 20.0.0.0 24
ip prefix-list list2 index 20 permit 202.1.1.0 24
#
ip route-static vpn-instance vpn1 19.0.0.0 24 NULL0
ip route-static vpn-instance vpn2 20.0.0.0 24 NULL0
#
· Device C:
#
sysname DeviceC
#
ip vpn-instance vpn1
#
ip vpn-instance vpn2
#
ospf 15 router-id 3.3.3.9 vpn-instance vpn1
import-route direct route-policy p1
import-route static route-policy p1
area 0.0.0.0
network 13.1.1.0 0.0.0.255
network 172.168.1.0 0.0.0.255
network 203.1.1.0 0.0.0.255
#
ospf 115 router-id 3.3.3.10 vpn-instance vpn2
import-route direct route-policy p2
import-route static route-policy p2
area 0.0.0.0
network 14.1.1.0 0.0.0.255
network 192.168.1.0 0.0.0.255
network 204.1.1.0 0.0.0.255
#
interface Route-Aggregation1.1
ip binding vpn-instance vpn1
ip address 13.1.1.2 255.255.255.0
ospf cost 10
ospf timer hello 1
ospf timer dead 4
ospf authentication-mode md5 1 plain 12345
vlan-type dot1q vid 10
#
interface Route-Aggregation1.2
ip binding vpn-instance vpn2
ip address 14.1.1.2 255.255.255.0
ospf cost 10
ospf timer hello 1
ospf timer dead 4
ospf authentication-mode md5 1 plain 12345
vlan-type dot1q vid 20
#
interface Route-Aggregation2
link-aggregation mode dynamic
#
interface Route-Aggregation2.1
ip binding vpn-instance vpn1
ip address 172.168.1.2 255.255.255.0
ospf cost 10
ospf timer hello 1
ospf timer dead 4
ospf authentication-mode md5 1 plain 12345
vlan-type dot1q vid 10
#
interface Route-Aggregation2.2
ip binding vpn-instance vpn2
ip address 192.168.1.2 255.255.255.0
ospf cost 10
ospf timer hello 1
ospf timer dead 4
ospf authentication-mode md5 1 plain 12345
vlan-type dot1q vid 20
#
interface Route-Aggregation11
link-aggregation mode dynamic
#
interface Route-Aggregation11.1
ip binding vpn-instance vpn1
ip address 203.1.1.1 255.255.255.0
ospf cost 10
ospf timer hello 1
ospf timer dead 4
ospf authentication-mode md5 1 plain 12345
vlan-type dot1q vid 10
#
interface Route-Aggregation11.2
ip binding vpn-instance vpn2
ip address 204.1.1.1 255.255.255.0
ospf cost 10
ospf timer hello 1
ospf timer dead 4
ospf authentication-mode md5 1 plain 12345
vlan-type dot1q vid 20
#
interface LoopBack1
ip binding vpn-instance vpn1
ip address 3.3.3.9 255.255.255.255
#
interface LoopBack2
ip binding vpn-instance vpn2
ip address 3.3.3.10 255.255.255.255
#
interface LoopBack101
ip binding vpn-instance vpn1
ip address 21.0.0.1 255.255.255.248
#
interface LoopBack102
ip binding vpn-instance vpn2
ip address 22.0.0.1 255.255.255.248
#
interface LoopBack103
ip binding vpn-instance vpn1
ip address 21.0.0.17 255.255.255.240
#
interface LoopBack104
ip binding vpn-instance vpn2
ip address 22.0.0.9 255.255.255.248
#
interface LoopBack105
ip address 21.0.0.33 255.255.255.240
#
interface LoopBack106
ip binding vpn-instance vpn2
ip address 22.0.0.17 255.255.255.0
#
interface LoopBack107
ip binding vpn-instance vpn1
ip address 21.0.0.9 255.255.255.0
#
interface LoopBack108
ip address 22.0.0.33 255.255.255.0
#
interface HundredGigE1/0/1
port link-mode route
port link-aggregation group 1
#
interface HundredGigE1/0/2
port link-mode route
port link-aggregation group 2
#
interface HundredGigE1/0/3
port link-mode route
port link-aggregation group 11
#
route-policy p1 permit node 10
if-match ip address prefix-list list1
#
route-policy p2 permit node 10
if-match ip address prefix-list list2
#
ip prefix-list list1 index 10 permit 21.0.0.0 24
ip prefix-list list1 index 20 permit 203.1.1.0 24
ip prefix-list list2 index 10 permit 22.0.0.0 24
ip prefix-list list2 index 20 permit 204.1.1.0 24
#
ip route-static vpn-instance vpn1 21.0.0.0 24 NULL0
ip route-static vpn-instance vpn2 22.0.0.0 24 NULL0
#
· Device D:
#
sysname DeviceD
#
ip vpn-instance vpn1
#
ip vpn-instance vpn2
#
ospf 15 router-id 4.4.4.9 vpn-instance vpn1
area 0.0.0.0
network 11.1.1.0 0.0.0.255
#
ospf 115 router-id 4.4.4.10 vpn-instance vpn2
area 0.0.0.0
network 11.1.1.0 0.0.0.255
network 12.1.1.0 0.0.0.255
#
interface Route-Aggregation1
link-aggregation mode dynamic
#
interface Route-Aggregation1.1
ip binding vpn-instance vpn1
ip address 11.1.1.1 255.255.255.0
ospf cost 10
ospf timer hello 1
ospf timer dead 4
ospf authentication-mode md5 1 plain 12345
vlan-type dot1q vid 10
#
interface Route-Aggregation1.2
ip binding vpn-instance vpn2
ip address 12.1.1.1 255.255.255.0
ospf cost 10
ospf timer hello 1
ospf timer dead 4
ospf authentication-mode md5 1 plain12345
vlan-type dot1q vid 20
#
interface LoopBack1
ip binding vpn-instance vpn1
ip address 4.4.4.9 255.255.255.255
#
interface LoopBack2
ip binding vpn-instance vpn2
ip address 4.4.4.10 255.255.255.255
#
interface HundredGigE1/0/1
port link-mode route
port link-aggregation group 1
#
· Device E:
#
sysname DeviceE
#
ip vpn-instance vpn1
#
ip vpn-instance vpn2
#
ospf 15 router-id 5.5.5.9 vpn-instance vpn1
area 0.0.0.0
network 13.1.1.0 0.0.0.255
#
ospf 115 router-id 5.5.5.10 vpn-instance vpn2
area 0.0.0.0
network 14.1.1.0 0.0.0.255
#
interface Route-Aggregation1
link-aggregation mode dynamic
#
interface Route-Aggregation1.1
ip binding vpn-instance vpn1
ip address 13.1.1.1 255.255.255.0
ospf cost 10
ospf timer hello 1
ospf timer dead 4
ospf authentication-mode md5 1 plain 12345
vlan-type dot1q vid 10
#
interface Route-Aggregation1.2
ip binding vpn-instance vpn2
ip address 14.1.1.1 255.255.255.0
ospf cost 10
ospf timer hello 1
ospf timer dead 4
ospf authentication-mode md5 1 plain 12345
vlan-type dot1q vid 20
#
interface LoopBack1
ip binding vpn-instance vpn1
ip address 5.5.5.9 255.255.255.255
#
interface LoopBack2
ip binding vpn-instance vpn2
ip address 5.5.5.10 255.255.255.255
#
interface HundredGigE1/0/1
port link-mode route
port link-aggregation group 1
#
· H3C S12500X-AF系列交换机 三层技术-IP路由配置指导-R28xx
· H3C S12500X-AF系列交换机 三层技术-IP路由命令参考-R28xx
不同款型规格的资料略有差异, 详细信息请向具体销售和400咨询。H3C保留在没有任何通知或提示的情况下对资料内容进行修改的权利!
支持
