在华为设备中配置Hub&Spoke

所属类别：网络技术

在华为设备中配置Hub&Spoke 如果希望在VPN中设置中心访问控制设备，其它用户的互访都通过中心访问控制设备进行，可以使用Hub&Spoke组网方案，使得Spoke站点之间的通信通过Hub站点进行。其中，中心访问控制设备所在站点称为Hub站点，其他用户站点称为Spoke站点。Hub站点侧接入VPN骨干网的设备叫Hub-CE；Spoke站点侧接入VPN骨干网的设备叫Spoke-CE。VPN骨干网侧接入Hub站点的设备叫Hub-PE，接入Spoke站点的设备叫Spoke-PE。 每个Spoke-PE上配置一个IPv6 VPN实例；Hub-PE需配置两个IPv6 VPN实例（例如，vpn-in和vpn-out）：vpn-in用于接收并维护所有Spoke-PE发布的VPN-IPv6路由；vpn-out用于维护Hub站点及所有Spoke站点的路由，并发布给所有Spoke-PE。Hub-PE上需要使用两个接口或子接口：一个绑定vpn-in，另一个绑定vpn-out。VPN-Target的配置规则为：vpn-in的Import VPN-Target属性列表包括所有Spoke-PE的Export VPN-Target属性值。vpn-out的Export

VPN-Target属性列表包括所有Spoke-PE的Import VPN-Target属性值。vpn-out的Export VPN-Target属性列表与vpn-in的Import VPN-Target属性列表不能有相同属性值。vpn-out的Import VPN-Target属性列表与vpn-in的Export VPN-Target属性列表也不能有相同的属性值。建议不配置vpn-in的Export VPN-Target和vpn-out的Import VPN-Target。默认情况下，VPN实例没有Export VPN-Target和Import VPN-Target属性。Hub-PE与Spoke-PE之间建立隧道和IBGP对等体关系；Spoke-PE之间不建立隧道和IBGP对等体关系，不交换VPN路由信息。 注意VPN-Target的配置规则。当Hub-CE与Hub-PE之间使用EBGP时，Hub-PE上必须手工配置允许本地AS编号重复（在BGP-VPNv4地址族视图下配置命令peer { ip-address group-name } allow-as-loop [ number ]）。如果Spoke-PE与Spoke-CE使用EBGP，则Hub-CE与Hub-PE可以使用EBGP或默认路由，但不能使用IGP。配置实例一 组网需求 如下图，Spoke-CE之间的通信通过中心站点Hub-CE控制，即Spoke-CE之间的流量经过Hub-CE转发，而不是只经过Hub-PE转发。要求Hub-CE与Hub-PE之间，Spoke-PE与Spoke-CE之间都使用EBGP交换路由信息。适用产品和版本 采用NE系列路由器，版本为（VRP5.30）及后续版本。说明PE路由器推荐采用NE80E、NE40E、NE80、NE40、NE20E、NE20、NE16E或NE08E。CE路由器推荐采用NE80、NE40、NE20E、NE20、NE16E、NE08E或NE05。配置步骤 步骤 1 在骨干网上配置IGP协议，实现骨干网Hub-PE和Spoke-PE的互通本例中采用OSPF，具体配置过程略。配置完成后，PE之间应能建立OSPF邻居关系，执行display ospf peer命令可以看到邻居状态为Full。执行display ip routing-table命令可以看到PE之间学习到对方的Loopback路由。步骤 2 在骨干网上配置MPLS基本能力和MPLS LDP，建立LDP LSP具体配置过程略。配置完成后，Hub-PE和Spoke-PE之间应该建立起LDP对等体关系，在各路由器上执行display mpls ldp session命令可以看到显示结果中Session State项为“Operational”。步骤 3 在各PE路由器上配置VPN实例，将CE接入PE说明注意Hub-PE与Spoke-PE上的VPN Target属性设置。Hub-PE的两个VPN实例的VPN-target分别为两个Spoke-PE发布的VPN-target，且发布的VPN-target与接收的VPN-target不同。Spoke-PE的VPN实例引入的VPN-target为Hub-PE发布的VPN-target。

# 配置Spoke-PE1。

[Spoke-PE1] ip vpn-instance vpna

[Spoke-PE1-vpn-instance-vpna] route-distinguisher 100:1

[Spoke-PE1-vpn-instance-vpna] vpn-target 100:1 export-extcommunity [Spoke-PE1-vpn-instance-vpna] vpn-target 200:1 import-extcommunity

[Spoke-PE1-vpn-instance-vpna] quit[Spoke-PE1] interface gigabitethernet 1/0/0 [Spoke-PE1-GigabitEthernet1/0/0] ip binding vpn-instance vpna [Spoke-PE1-GigabitEthernet1/0/0] ip address 100.1.1.2 24

[Spoke-PE1-GigabitEthernet1/0/0] quit #配置Spoke-PE2。

[Spoke-PE2] ip vpn-instance vpna

[Spoke-PE2-vpn-instance-vpna] route-distinguisher 100:3

[Spoke-PE2-vpn-instance-vpna] vpn-target 100:1 export-extcommunity [Spoke-PE2-vpn-instance-vpna] vpn-target 200:1 import-extcommunity

[Spoke-PE2-vpn-instance-vpna] quit[Spoke-PE2] interface gigabitethernet 1/0/0 [Spoke-PE2-GigabitEthernet1/0/0] ip binding vpn-instance vpna [Spoke-PE2-GigabitEthernet1/0/0] ip address 120.1.1.2 24 [Spoke-PE2-GigabitEthernet1/0/0] quit # 配置Hub-PE。

[Hub-PE] ip vpn-instance vpn_in

[Hub-PE-vpn-instance-vpn_in] route-distinguisher 100:21

[Hub-PE-vpn-instance-vpn_in] vpn-target 100:1 import-extcommunity [Hub-PE-vpn-instance-vpn_in] quit[Hub-PE] ip vpn-instance vpn_out [Hub-PE-vpn-instance-vpn_out] route-distinguisher 100:22

[Hub-PE-vpn-instance-vpn_out] vpn-target 200:1 export-extcommunity

[Hub-PE-vpn-instance-vpn_out] quit[Hub-PE] interface gigabitethernet 3/0/0 [Hub-PE-GigabitEthernet3/0/0] ip binding vpn-instance vpn_in [Hub-PE-GigabitEthernet3/0/0] ip address 110.1.1.2 24

[Hub-PE-GigabitEthernet3/0/0] quit[Hub-PE] interface gigabitethernet 4/0/0 [Hub-PE-GigabitEthernet4/0/0] ip binding vpn-instance vpn_out [Hub-PE-GigabitEthernet4/0/0] ip address 110.2.1.2 24 [Hub-PE-GigabitEthernet4/0/0] quit#

按图1-1配置各CE的接口IP地址，配置过程略。配置完成后，在PE路由器上执行display ip vpn-instance verbose命令可以看到VPN实例的配置情况。各PE能用命令ping -vpn-instance vpn-name ip-address ping通自己接入的CE。说明当PE上有多个绑定了同一个VPN的接口，则使用ping -vpn-instance 命令ping对端PE接入的CE时，要指定源IP地址，即要指定ping -vpn-instance vpn-instance-name -a source-ip-address dest-ip-address命令中的参数-a source-ip-address，否则可能ping不通。步骤 4 在PE与CE之间建立EBGP对等体关系，引入VPN路由说明Hub-PE上需要配置允许AS号重复一次，以接收Hub-CE发布的路由。

# 配置Spoke-CE1。 [Spoke-CE1] bgp 65410

[Spoke-CE1-bgp] peer 100.1.1.2 as-number 100 [Spoke-CE1-bgp] import-route direct [Spoke-CE1-bgp] quit # 配置Spoke-PE1。 [Spoke-PE1] bgp 100

[Spoke-PE1-bgp] ipv4-family vpn-instance vpna [Spoke-PE1-bgp-vpna] peer 100.1.1.1 as-number 65410 [Spoke-PE1-bgp-vpna] import-route direct [Spoke-PE1-bgp-vpna] quit[Spoke-PE1-bgp] quit# 配置Spoke-CE2。 [Spoke-CE2] bgp 65420

[Spoke-CE2-bgp] peer 120.1.1.2 as-number 100 [Spoke-CE2-bgp] import-route direct [Spoke-CE2-bgp] quit# 配置Spoke-PE2。 [Spoke-PE2] bgp 100

[Spoke-PE2-bgp] ipv4-family vpn-instance vpna [Spoke-PE2-bgp-vpna] peer 120.1.1.1 as-number 65420 [Spoke-PE2-bgp-vpna] import-route direct [Spoke-PE2-bgp-vpna] quit [Spoke-PE2-bgp] quit# 配置Hub-CE。 [Hub-CE] bgp 65430

[Hub-CE-bgp] peer 110.1.1.2 as-number 100 [Hub-CE-bgp] peer 110.2.1.2 as-number 100 [Hub-CE-bgp] import-route direct [Hub-CE-bgp] quit# 配置Hub-PE。 [Hub-PE] bgp 100

[Hub-PE-bgp] ipv4-family vpn-instance vpn_in [Hub-PE-bgp-vpn_in] peer 110.1.1.1 as-number 65430 [Hub-PE-bgp-vpn_in] import-route direct [Hub-PE-bgp-vpn_in] quit

[Hub-PE-bgp] ipv4-family vpn-instance vpn_out [Hub-PE-bgp-vpn_out] peer 110.2.1.1 as-number 65430 [Hub-PE-bgp-vpn_out] peer 110.2.1.1 allow-as-loop 1 [Hub-PE-bgp-vpn_out] import-route direct [Hub-PE-bgp-vpn_out] quit [Hub-PE-bgp] quit

配置完成后，在各PE路由器上执行display bgp vpnv4 all peer命令，可以看到PE与CE之间的BGP对等体关系已建立，并达到Established状态。步骤 5 在PE之间建立MP-IBGP对等体关系说明Spoke-PE上不需要配置允许AS号重复一次，因为路由器接收IBGP对等体发布的路由时并不检查其中的AS-PATH属性。

# 配置Spoke-PE1。 [Spoke-PE1] bgp 100

[Spoke-PE1-bgp] peer 2.2.2.9 as-number 100

[Spoke-PE1-bgp] peer 2.2.2.9 connect-interface loopback 1 [Spoke-PE1-bgp] ipv4-family vpnv4

[Spoke-PE1-bgp-af-vpnv4] peer 2.2.2.9 enable [Spoke-PE1-bgp-af-vpnv4] quit # 配置Spoke-PE2。 [Spoke-PE2] bgp 100

[Spoke-PE2-bgp] peer 2.2.2.9 as-number 100

[Spoke-PE2-bgp] peer 2.2.2.9 connect-interface loopback 1 [Spoke-PE2-bgp] ipv4-family vpnv4

[Spoke-PE2-bgp-af-vpnv4] peer 2.2.2.9 enable [Spoke-PE2-bgp-af-vpnv4] quit# 配置Hub-PE。 [Hub-PE] bgp 100

[Hub-PE-bgp] peer 1.1.1.9 as-number 100

[Hub-PE-bgp] peer 1.1.1.9 connect-interface loopback 1 [Hub-PE-bgp] peer 3.3.3.9 as-number 100

[Hub-PE-bgp] peer 3.3.3.9 connect-interface loopback 1 [Hub-PE-bgp] ipv4-family vpnv4

[Hub-PE-bgp-af-vpnv4] peer 1.1.1.9 enable [Hub-PE-bgp-af-vpnv4] peer 3.3.3.9 enable [Hub-PE-bgp-af-vpnv4] quit

配置完成后，在各PE路由器上执行display bgp peer或display bgp vpnv4 all peer命令，可以看到PE之间的BGP对等体关系已建立，并达到Established状态。验证结果 完成上述配置后，Spoke-CE之间可以相互Ping通，使用Tracert可以看到Spoke-CE之间的流量经过Hub-CE转发，也可以通过Ping结果中的TTL值推算Spoke-CE之间经过的转发设备数目。 以Spoke-CE1的显示为例：

[Spoke-CE1] ping 120.1.1.1 PING 120.1.1.1: 56 data bytes, press CTRL_C to break Reply from 120.1.1.1: bytes=56 Sequence=1 ttl=250 time=80 ms Reply from 120.1.1.1: bytes=56 Sequence=2 ttl=250 time=129 ms Reply from 120.1.1.1: bytes=56 Sequence=3 ttl=250 time=132 ms Reply from 120.1.1.1: bytes=56 Sequence=4 ttl=250 time=92 ms Reply from 120.1.1.1: bytes=56 Sequence=5 ttl=250 time=126 ms --- 120.1.1.1 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 80/111/132 ms

[Spoke-CE1] tracert 120.1.1.1traceroute to 120.1.1.1(120.1.1.1) 30 hops max,40 bytes packet1 100.1.1.2 24 ms 19 ms 11 ms2 110.2.1.2 87 ms 60 ms 58 ms3 110.2.1.1 59 ms 27 ms 53 ms4 110.1.1.2 41 ms 34 ms 56 ms5 120.1.1.2 90 ms 66 ms 75 ms6 120.1.1.1 143 ms 96 ms 90 ms

在Spoke-CE上执行display bgp routing-table命令，可以看到去往对端Spoke-CE的BGP路由的AS路径中存在重复的AS号。 以Spoke-CE1的显示为例：

[Spoke-CE1] display bgp routing-tableTotal Number of Routes: 6BGP Local router ID is 100.1.1.1Status codes: * - valid, > - best, d - damped, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete Network NextHop MED LocPrf PrefVal Path/Ogn*> 100.1.1.0/24 0.0.0.0 0 0 ?* 100.1.1.2 0 0 100?*> 100.1.1.1/32 0.0.0.0 0 0 ?*> 110.1.1.0/24 100.1.1.2 0 100 65430?*> 110.2.1.0/24 100.1.1.2 0 100?*> 120.1.1.0/24 100.1.1.2 0 100 65430 100?

配置文件 Hub-CE的配置文件#sysname Hub-CE#interface GigabitEthernet1/0/0ip address 110.1.1.1 255.255.255.0#interface GigabitEthernet2/0/0ip address 110.2.1.1 255.255.255.0#bgp 65430peer 110.1.1.2 as-number 100peer 110.2.1.2 as-number 100#ipv4-family unicast undo synchronization import-route direct peer 110.2.1.2 enable peer 110.1.1.2 enable#return

Hub-PE的配置文件#sysname Hub-PE#ip vpn-instance vpn_inroute-distinguisher 100:21vpn-target 100:1 import-extcommunity#ip vpn-instance vpn_outroute-distinguisher 100:22vpn-target 200:1 export-extcommunity#mpls lsr-id 2.2.2.9mpls lsp-trigger all#mpls ldp#interface GigabitEthernet3/0/0ip binding vpn-instance vpn_inip address 110.1.1.2 255.255.255.0#interface

GigabitEthernet4/0/0ip binding vpn-instance vpn_outip address 110.2.1.2 255.255.255.0#interface Pos1/0/0link-protocol pppip address 10.1.1.2

255.255.255.0mplsmpls ldp#interface Pos2/0/0link-protocol pppip address 11.1.1.2 255.255.255.0mplsmpls ldp#interface LoopBack1ip address 2.2.2.9

255.255.255.255#bgp 100peer 1.1.1.9 as-number 100peer 3.3.3.9 as-number 100peer 1.1.1.9 connect-interface LoopBack1peer 3.3.3.9 connect-interface

LoopBack1#ipv4-family unicast undo synchronization peer 1.1.1.9 enable peer 3.3.3.9 enable#ipv4-family vpnv4 policy vpn-target peer 1.1.1.9 enable peer 3.3.3.9 enable#ipv4-family vpn-instance vpn_in peer 110.1.1.1 as-number 65430 import-route direct#ipv4-family vpn-instance vpn_out peer 110.2.1.1 as-number 65430 peer 110.2.1.1 allow-as-loop import-route direct#ospf 1area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 10.1.1.0 0.0.0.255 network 11.1.1.0 0.0.0.255#return

Spoke-CE1的配置文件#sysname Spoke-CE1#interface GigabitEthernet1/0/0ip address 100.1.1.1 255.255.255.0#interface NULL0#bgp 65410peer 100.1.1.2 as-number 100#ipv4-family unicast undo synchronization import-route direct peer 100.1.1.2 enable#return

Spoke-PE1的配置文件#sysname Spoke-PE1#ip vpn-instance vpnaroute-distinguisher 100:1vpn-target 100:1 export-extcommunityvpn-target 200:1

import-extcommunity#mpls lsr-id 1.1.1.9mpls lsp-trigger all#mpls ldp#interface GigabitEthernet1/0/0ip binding vpn-instance vpnaip address 100.1.1.2 255.255.255.0#interface Pos2/0/0link-protocol pppip address 10.1.1.1 255.255.255.0mplsmpls ldp#interface LoopBack1ip address 1.1.1.9

255.255.255.255#bgp 100peer 2.2.2.9 as-number 100peer 2.2.2.9 connect-interface LoopBack1#ipv4-family unicast undo synchronization peer 2.2.2.9 enable#ipv4-family vpnv4 policy vpn-target peer 2.2.2.9 enable#ipv4-family vpn-instance vpna peer 100.1.1.1 as-number 65410 import-route direct#ospf 1area 0.0.0.0 network 10.1.1.0 0.0.0.255 network 1.1.1.9 0.0.0.0#return

Spoke-PE2的配置文件#sysname Spoke-PE2#ip vpn-instance vpnaroute-distinguisher 100:3vpn-target 100:1 export-extcommunityvpn-target 200:1

import-extcommunity#mpls lsr-id 3.3.3.9mpls lsp-trigger all#mpls ldp#interface GigabitEthernet1/0/0ip binding vpn-instance vpnaip address 120.1.1.2 255.255.255.0#interface Pos2/0/0link-protocol pppip address 11.1.1.1

255.255.255.0mplsmpls ldp#interface LoopBack1ip address 3.3.3.9

255.255.255.255#bgp 100peer 2.2.2.9 as-number 100peer 2.2.2.9 connect-interface LoopBack1#ipv4-family unicast undo synchronization peer 2.2.2.9 enable#ipv4-family vpnv4 policy vpn-target peer 2.2.2.9 enable#ipv4-family vpn-instance vpna peer

120.1.1.1 as-number 65420 import-route direct#ospf 1area 0.0.0.0 network 3.3.3.9 0.0.0.0 network 11.1.1.0 0.0.0.255#return

Spoke-CE2的配置文件#sysname Spoke-CE2#interface GigabitEthernet1/0/0ip address 120.1.1.1 255.255.255.0#bgp 65420peer 120.1.1.2 as-number 100#ipv4-family unicast undo synchronization import-route direct peer 120.1.1.2 enable#Return

配置实例二 组网需求 如上例中的图，Spoke-CE之间的通信通过中心站点Hub-CE控制，即Spoke-CE之间的流量经过Hub-CE转发，而不是只经过Hub-PE转发。要求Hub-CE与Hub-PE之间使用默认路由，Spoke-PE与Spoke-CE之间使用EBGP交换路由信息。适用产品和版本 CE设备使用NE05、NE08E或NE16E；PE设备使用NE20、NE40N、E40E或NE80E。配置步骤 步骤 1 在骨干网上配置IGP协议，实现骨干网Hub-PE和Spoke-PE的互通本例中采用OSPF，具体配置过程略。配置完成后，PE之间应能建立OSPF邻居关系，执行display ospf peer命令可以看到邻居状态为Full。执行display ip routing-table命令可以看到PE之间学习到对方的Loopback路由。步骤 2 在骨干网上配置MPLS基本能力和MPLS LDP，建立LDP LSP具体配置过程略。配置完成后，Hub-PE和Spoke-PE之间应该建立起LDP对等体关系，在各路由器上执行display mpls ldp session命令可以看到显示结果中Session State项为“Operational”。步骤 3 在各PE路由器上配置VPN实例，将CE接入PE说明注意Hub-PE与Spoke-PE上的VPN Target属性设置。Hub-PE的两个VPN实例的VPN-target分别为两个Spoke-PE发布的VPN-target，且发布的VPN-target与接收的VPN-target不同。Spoke-PE的VPN实例引入的VPN-target为Hub-PE发布的VPN-target。

# 配置Spoke-PE1。

[Spoke-PE1] ip vpn-instance vpna

[Spoke-PE1-vpn-instance-vpna] route-distinguisher 100:1

[Spoke-PE1-vpn-instance-vpna] vpn-target 100:1 export-extcommunity [Spoke-PE1-vpn-instance-vpna] vpn-target 200:1 import-extcommunity [Spoke-PE1-vpn-instance-vpna] quit

[Spoke-PE1] interface gigabitethernet 1/0/0

[Spoke-PE1-GigabitEthernet1/0/0] ip binding vpn-instance vpna [Spoke-PE1-GigabitEthernet1/0/0] ip address 100.1.1.2 24 [Spoke-PE1-GigabitEthernet1/0/0] quit # 配置Spoke-PE2。

[Spoke-PE2] ip vpn-instance vpna

[Spoke-PE2-vpn-instance-vpna] route-distinguisher 100:3

[Spoke-PE2-vpn-instance-vpna] vpn-target 100:1 export-extcommunity [Spoke-PE2-vpn-instance-vpna] vpn-target 200:1 import-extcommunity [Spoke-PE2-vpn-instance-vpna] quit

[Spoke-PE2] interface gigabitethernet 1/0/0

[Spoke-PE2-GigabitEthernet1/0/0] ip binding vpn-instance vpna [Spoke-PE2-GigabitEthernet1/0/0] ip address 120.1.1.2 24

[Spoke-PE2-GigabitEthernet1/0/0] quit# 配置Hub-PE。[Hub-PE] ip vpn-instance vpn_in

[Hub-PE-vpn-instance-vpn_in] route-distinguisher 100:21

[Hub-PE-vpn-instance-vpn_in] vpn-target 100:1 import-extcommunity [Hub-PE-vpn-instance-vpn_in] quit [Hub-PE] ip vpn-instance vpn_out

[Hub-PE-vpn-instance-vpn_out] route-distinguisher 100:22

[Hub-PE-vpn-instance-vpn_out] vpn-target 200:1 export-extcommunity [Hub-PE-vpn-instance-vpn_out] quit [Hub-PE] interface gigabitethernet 3/0/0

[Hub-PE-GigabitEthernet3/0/0] ip binding vpn-instance vpn_in [Hub-PE-GigabitEthernet3/0/0] ip address 110.1.1.2 24 [Hub-PE-GigabitEthernet3/0/0] quit [Hub-PE] interface gigabitethernet 4/0/0

[Hub-PE-GigabitEthernet4/0/0] ip binding vpn-instance vpn_out [Hub-PE-GigabitEthernet4/0/0] ip address 110.2.1.2 24

[Hub-PE-GigabitEthernet4/0/0] quit#

按上图配置各CE的接口IP地址，配置过程略。配置完成后，在PE路由器上执行display ip vpn-instance verbose命令可以看到VPN实例的配置情况。各PE能用命令ping -vpn-instance vpn-name ip-address ping通自己接入的CE。说明当PE上有多个绑定了同一个VPN的接口，则使用ping -vpn-instance 命令ping对端PE接入的CE时，要指定源IP地址，即要指定ping -vpn-instance vpn-instance-name -a source-ip-address dest-ip-address命令中的参数-a source-ip-address，否则可能ping不通。步骤 4 在PE之间建立MP-IBGP对等体关系说明Spoke-PE上不需要配置允许AS号重复一次，因为路由器接收IBGP对等体发布的路由时并不检查其中的AS-PATH属性。

# 配置Spoke-PE1。 [Spoke-PE1] bgp 100

[Spoke-PE1-bgp] peer 2.2.2.9 as-number 100

[Spoke-PE1-bgp] peer 2.2.2.9 connect-interface loopback 1 [Spoke-PE1-bgp] ipv4-family vpnv4

[Spoke-PE1-bgp-af-vpnv4] peer 2.2.2.9 enable [Spoke-PE1-bgp-af-vpnv4] quit # 配置Spoke-PE2。 [Spoke-PE2] bgp 100

[Spoke-PE2-bgp] peer 2.2.2.9 as-number 100

[Spoke-PE2-bgp] peer 2.2.2.9 connect-interface loopback 1 [Spoke-PE2-bgp] ipv4-family vpnv4

[Spoke-PE2-bgp-af-vpnv4] peer 2.2.2.9 enable [Spoke-PE2-bgp-af-vpnv4] quit # 配置Hub-PE。 Hub-PE] bgp 100

[Hub-PE-bgp] peer 1.1.1.9 as-number 100

[Hub-PE-bgp] peer 1.1.1.9 connect-interface loopback 1 [Hub-PE-bgp] peer 3.3.3.9 as-number 100

[Hub-PE-bgp] peer 3.3.3.9 connect-interface loopback 1 [Hub-PE-bgp] ipv4-family vpnv4

[Hub-PE-bgp-af-vpnv4] peer 1.1.1.9 enable [Hub-PE-bgp-af-vpnv4] peer 3.3.3.9 enable [Hub-PE-bgp-af-vpnv4] quit

配置完成后，在各PE路由器上执行display bgp peer或display bgp vpnv4 all peer命令，可以看到PE之间的BGP对等体关系已建立，并达到Established状态。步骤 5 在Spoke-PE与Spoke-CE之间建立EBGP对等体关系，引入VPN路由

# 配置Spoke-CE1。 [Spoke-CE1] bgp 65410

[Spoke-CE1-bgp] peer 100.1.1.2 as-number 100 [Spoke-CE1-bgp] import-route direct [Spoke-CE1-bgp] quit # 配置Spoke-PE1。 [Spoke-PE1] bgp 100

[Spoke-PE1-bgp] ipv4-family vpn-instance vpna [Spoke-PE1-bgp-vpna] peer 100.1.1.1 as-number 65410 [Spoke-PE1-bgp-vpna] import-route direct [Spoke-PE1-bgp-vpna] quit[Spoke-PE1-bgp] quit # 配置Spoke-CE2。 [Spoke-CE2] bgp 65420

[Spoke-CE2-bgp] peer 120.1.1.2 as-number 100

[Spoke-CE2-bgp] import-route direct [Spoke-CE2-bgp] quit # 配置Spoke-PE2。 [Spoke-PE2] bgp 100

[Spoke-PE2-bgp] ipv4-family vpn-instance vpna [Spoke-PE2-bgp-vpna] peer 120.1.1.1 as-number 65420 [Spoke-PE2-bgp-vpna] import-route direct [Spoke-PE2-bgp-vpna] quit [Spoke-PE2-bgp] quit

配置完成后，在各Spoke-PE路由器上执行display bgp vpnv4 all peer命令，可以看到Spoke-PE与其接入的Spoke-CE之间的EBGP对等体关系已建立，并达到Established状态。

步骤 6 在Hub-PE与Hub-CE上配置默认路由

# 配置Hub-CE。

[Hub-CE] ip route-static 0.0.0.0 0 110.2.1.2 # 配置Hub-PE。

# 为vpn_out配置默认路由，下一跳为Hub-CE。

[Hub-PE] ip route-static vpn-instance vpn_out 0.0.0.0 0 110.2.1.1 # 通过MP-IBGP发布该默认路由。 [Hub-PE] bgp 100

[Hub-PE-bgp] ipv4-family vpn-instance vpn_out [Hub-PE-bgp-vpn_out] network 0.0.0.0 0 # 通过MP-IBGP发布直连路由。

[Hub-PE-bgp-vpn_out] import-route direct [Hub-PE-bgp-vpn_out] quit

[Hub-PE-bgp] quit

验证结果 完成上述配置后，在Spoke-PE上执行命令display bgp vpnv4 all routing-table查看BGP VPN-IPv4路由，可以发现Hub-PE上vpn_out的默认路由已发布给各Spoke-PE。Spoke-CE之间可以相互Ping通，使用Tracert可以看到Spoke-CE之间的流量经过Hub-CE转发，也可以通过Ping结果中的TTL值推算Spoke-CE之间经过的转发设备数目。在Spoke-CE上执行display bgp ip routing-table命令，可以看到对端Spoke-PE通过BGP发布过来的默认路由。执行display ip routing-table命令，可看到有默认路由，下一跳为对端Spoke-PE。

配置文件 Hub-CE的配置文件

#sysname Hub-CE

#interface GigabitEthernet1/0/0ip address 110.1.1.1 255.255.255.0

#interface GigabitEthernet2/0/0ip address 110.2.1.1 255.255.255.0#ip route-static 0.0.0.0 0 110.2.1.2 #return

Hub-PE的配置文件 #sysname Hub-PE

#ip vpn-instance vpn_inroute-distinguisher 100:21vpn-target 100:1 import-extcommunity

#ip vpn-instance vpn_outroute-distinguisher 100:22vpn-target 200:1 export-extcommunity

#mpls lsr-id 2.2.2.9mpls lsp-trigger all #mpls ldp

#interface GigabitEthernet3/0/0ip binding vpn-instance vpn_inip address 110.1.1.2 255.255.255.0#interface GigabitEthernet4/0/0ip binding vpn-instance vpn_outip address 110.2.1.2 255.255.255.0

#interface Pos1/0/0link-protocol pppip address 10.1.1.2 255.255.255.0mplsmpls ldp #interface Pos2/0/0link-protocol pppip address 11.1.1.2 255.255.255.0mplsmpls ldp#interface LoopBack1ip address 2.2.2.9 255.255.255.255

#bgp 100peer 1.1.1.9 as-number 100peer 3.3.3.9 as-number 100peer 1.1.1.9 connect-interface LoopBack1peer 3.3.3.9 connect-interface LoopBack1

#ipv4-family unicast undo synchronization peer 1.1.1.9 enable peer 3.3.3.9 enable #ipv4-family vpnv4 policy vpn-target peer 1.1.1.9 enable peer 3.3.3.9 enable #ipv4-family vpn-instance vpn_out network 0.0.0.0 0 import-route direct #ospf 1area 0.0.0.0 network 2.2.2.9 0.0.0.0 network 10.1.1.0 0.0.0.255 network 11.1.1.0 0.0.0.255

#ip route-static vpn-instance vpn_out 0.0.0.0 0 110.2.1.1 #return

Spoke-CE1的配置文件 #sysname Spoke-CE1

#interface GigabitEthernet1/0/0ip address 100.1.1.1 255.255.255.0 #interface NULL0

#bgp 65410peer 100.1.1.2 as-number 100

#ipv4-family unicast undo synchronization import-route direct peer 100.1.1.2 enable #return

Spoke-PE1的配置文件 #sysname Spoke-PE1

#ip vpn-instance vpnaroute-distinguisher 100:1vpn-target 100:1 export-extcommunityvpn-target 200:1 import-extcommunity #mpls lsr-id 1.1.1.9mpls lsp-trigger all

#mpls ldp#interface GigabitEthernet1/0/0ip binding vpn-instance vpnaip address 100.1.1.2 255.255.255.0#interface Pos2/0/0link-protocol pppip address 10.1.1.1 255.255.255.0mplsmpls ldp

#interface LoopBack1ip address 1.1.1.9 255.255.255.255#bgp 100peer 2.2.2.9 as-number 100peer 2.2.2.9 connect-interface LoopBack1

#ipv4-family unicast undo synchronization peer 2.2.2.9 enable #ipv4-family vpnv4 policy vpn-target peer 2.2.2.9 enable

#ipv4-family vpn-instance vpna peer 100.1.1.1 as-number 65410 import-route direct #ospf 1area 0.0.0.0 network 10.1.1.0 0.0.0.255 network 1.1.1.9 0.0.0.0 #return

Spoke-PE2的配置文件 #sysname Spoke-PE2

#ip vpn-instance vpnaroute-distinguisher 100:3vpn-target 100:1 export-extcommunityvpn-target 200:1 import-extcommunity #mpls lsr-id 3.3.3.9mpls lsp-trigger all #mpls ldp

#interface GigabitEthernet1/0/0ip binding vpn-instance vpnaip address 120.1.1.2 255.255.255.0#interface Pos2/0/0link-protocol pppip address 11.1.1.1 255.255.255.0mplsmpls ldp

#interface LoopBack1ip address 3.3.3.9 255.255.255.255

#bgp 100peer 2.2.2.9 as-number 100peer 2.2.2.9 connect-interface LoopBack1 #ipv4-family unicast undo synchronization peer 2.2.2.9 enable #ipv4-family vpnv4 policy vpn-target peer 2.2.2.9 enable

#ipv4-family vpn-instance vpna peer 120.1.1.1 as-number 65420 import-route direct #ospf 1area 0.0.0.0 network 3.3.3.9 0.0.0.0 network 11.1.1.0 0.0.0.255 #return

Spoke-CE2的配置文件 #sysname Spoke-CE2

#interface GigabitEthernet1/0/0ip address 120.1.1.1 255.255.255.0 #bgp 65420peer 120.1.1.2 as-number 100

#ipv4-family unicast undo synchronization import-route direct peer 120.1.1.2 enable #return