03 |
您所在的位置:网站首页 › ospf的router id用处 › 03 |
03
|
1 OSPF多实例典型配置举例
1.1 组网需求
核心网接入承载网组网中,需要通过OSPF多实例隔离不同业务的路由。 如图1所示,各设备承担的角色分别为: · Device A为网关设备,称为GW。 · Device B和Device C为核心网设备,称为CE。 · Device D和Device E为承载网设备,称为AR。 本举例中业务1接入VPN1,业务2接入VPN2。通过OSPF多实例隔离业务1和业务2的路由,需要做如下部署: · GW上创建两个VPN实例vpn1和vpn2。 · GW上创建两个OSPF进程OSPF 15和OSPF 115。将OSPF 15与vpn1绑定,OSPF 115与vpn2绑定。 · CE和AR上分别创建两个VPN实例vpn1和vpn2。 · CE和AR上分别创建两个OSPF进程OSPF 15和OSPF 115。将OSPF 15与vpn1绑定,OSPF 115与vpn2绑定。 · CE上将不同业务的路由分别汇总为静态黑洞路由,然后在OSPF中引入汇总后的静态黑洞路由,并通过路由策略控制引入的路由。这样可以避免CE将业务明细路由发布给AR,减少AR上的路由条目数量,降低路由震荡的风险。 CE 1和CE 2上的业务网段分别为(本例中使用LoopBack接口模拟不同的业务网段): ¡ CE 1上vpn1业务网段为19.0.0.0/24,vpn2业务网段为20.0.0.0/24。 ¡ CE 2上vpn1业务网段为21.0.0.0/24,vpn2业务网段为22.0.0.0/24。 图1 OSPF多实例配置组网图
设备 接口 IP地址 绑定的VPN实例 Device A Route-Aggregation 11.1 201.1.1.2/24 vpn1
Route-Aggregation 11.2 202.1.1.2/24 vpn2
Route-Aggregation 12.1 203.1.1.2/24 vpn1
Route-Aggregation 12.2 204.1.1.2/24 vpn2
LoopBack 1 1.1.1.9/32 vpn1
LoopBack 2 1.1.1.10/32 vpn2 Device B Route-Aggregation 1.1 11.1.1.2/24 vpn1
Route-Aggregation 1.2 12.1.1.2/24 vpn2
Route-Aggregation 2.1 172.168.1.1/24 vpn1
Route-Aggregation 2.2 192.168.1.1/24 vpn2
Route-Aggregation 11.1 201.1.1.1/24 vpn1
Route-Aggregation 11.2 202.1.1.1/24 vpn2
LoopBack 1 2.2.2.9/32 vpn1
LoopBack 2 2.2.2.10/32 vpn2
LoopBack 101 19.0.0.1/29 vpn1
LoopBack 102 20.0.0.1/29 vpn2
LoopBack 103 19.0.0.9/29 vpn1
LoopBack 104 20.0.0.9/29 vpn2
LoopBack 105 19.0.0.17/28 vpn1
LoopBack 106 20.0.0.17/28 vpn2
LoopBack 107 19.0.0.33/28 vpn1
LoopBack 108 20.0.0.33/28 vpn2 Device C Route-Aggregation 1.1 13.1.1.2/24 vpn1
Route-Aggregation 1.2 14.1.1.3/24 vpn2
Route-Aggregation 2.1 172.168.1.2/24 vpn1
Route-Aggregation 2.2 192.168.1.2/24 vpn2
Route-Aggregation 11.1 203.1.1.1/24 vpn1
Route-Aggregation 11.2 204.1.1.1/24 vpn2
LoopBack 1 3.3.3.9/32 vpn1
LoopBack 2 3.3.3.10/32 vpn2
LoopBack 101 21.0.0.1/29 vpn1
LoopBack 102 22.0.0.1/29 vpn2
LoopBack 103 21.0.0.9/29 vpn1
LoopBack 104 22.0.0.9/29 vpn2
LoopBack 105 21.0.0.17/28 vpn1
LoopBack 106 22.0.0.17/28 vpn2
LoopBack 107 21.0.0.33/28 vpn1
LoopBack 108 22.0.0.33/28 vpn2 Device D Route-Aggregation 1.1 11.1.1.1/24 vpn1
Route-Aggregation 1.2 12.1.1.1/24 vpn2
LoopBack 1 4.4.4.9/32 vpn1
LoopBack 2 4.4.4.10/32 vpn2 Device E Route-Aggregation 1.1 13.1.1.1/24 vpn1
Route-Aggregation 1.2 14.1.1.1/24 vpn2
LoopBack 1 5.5.5.9/32 vpn1
LoopBack 2 5.5.5.10/32 vpn2 1.2 配置步骤 1.2.1 配置Device A # 配置设备的名称为DeviceA。 system-view [Sysname] sysname DeviceA # 创建名称为vpn1和vpn2的VPN实例。 [DeviceA] ip vpn-instance vpn1 [DeviceA-vpn-instance-vpn1] quit [DeviceA] ip vpn-instance vpn2 [DeviceA-vpn-instance-vpn2] quit # 配置Device A与Device B的互联三层聚合口11。 [DeviceA] interface route-aggregation 11 [DeviceA-Route-Aggregation11] link-aggregation mode dynamic [DeviceA-Route-Aggregation11] quit # 将接口GigabitEthernet1/0/1加入聚合组11。 [DeviceA] interface gigabitethernet 1/0/1 [DeviceA-GigabitEthernet1/0/1] port link-mode route [DeviceA-GigabitEthernet1/0/1] port link-aggregation group 11 [DeviceA-GigabitEthernet1/0/1] quit # 配置三层聚合子接口11.1,将该接口与vpn1绑定。配置该子接口终结VLAN 10,并配置该接口的地址为201.1.1.2/24。 [DeviceA] interface route-aggregation 11.1 [DeviceA-Route-Aggregation11.1] ip binding vpn-instance vpn1 [DeviceA-Route-Aggregation11.1] vlan-type dot1q vid 10 [DeviceA-Route-Aggregation11.1] ip address 201.1.1.2 255.255.255.0 # 在三层聚合子接口11.1上设置OSPF的Hello定时器为1秒、Dead定时器为4秒。该接口的OSPF开销值为10,并采用MD5方式对报文进行验证。 [DeviceA-Route-Aggregation11.1] ospf timer hello 1 [DeviceA-Route-Aggregation11.1] ospf timer dead 4 [DeviceA-Route-Aggregation11.1] ospf cost 10 [DeviceA-Route-Aggregation11.1] ospf authentication-mode md5 1 plain 12345 [DeviceA-Route-Aggregation11.1] quit # 配置三层聚合子接口11.2,将该接口与vpn2绑定。配置该子接口终结VLAN 20,并配置该接口的地址为202.1.1.2/24。 [DeviceA] interface route-aggregation 11.2 [DeviceA-Route-Aggregation11.2] ip binding vpn-instance vpn2 [DeviceA-Route-Aggregation11.2] vlan-type dot1q vid 20 [DeviceA-Route-Aggregation11.2] ip address 202.1.1.2 255.255.255.0 # 在三层聚合子接口11.2上设置OSPF的Hello定时器为1秒、Dead定时器为4秒。该接口的OSPF开销值为10,并采用MD5方式对报文进行验证。 [DeviceA-Route-Aggregation11.2] ospf timer hello 1 [DeviceA-Route-Aggregation11.2] ospf timer dead 4 [DeviceA-Route-Aggregation11.2] ospf cost 10 [DeviceA-Route-Aggregation11.2] ospf authentication-mode md5 1 plain 12345 [DeviceA-Route-Aggregation11.2] quit # 配置Device A与Device C的互联三层聚合口12。 [DeviceA] interface route-aggregation 12 [DeviceA-Route-Aggregation12] link-aggregation mode dynamic [DeviceA-Route-Aggregation12] quit # 将接口GigabitEthernet1/0/2加入聚合组12。 [DeviceA] interface gigabitethernet 1/0/2 [DeviceA-GigabitEthernet1/0/2] port link-mode route [DeviceA-GigabitEthernet1/0/2] port link-aggregation group 12 [DeviceA-GigabitEthernet1/0/2] quit # 配置三层聚合子接口12.1,将该接口与vpn1绑定。配置该子接口终结VLAN 10,并配置该接口的地址为203.1.1.2/24。 [DeviceA] interface route-aggregation 12.1 [DeviceA-Route-Aggregation12.1] ip binding vpn-instance vpn1 [DeviceA-Route-Aggregation12.1] vlan-type dot1q vid 10 [DeviceA-Route-Aggregation12.1] ip address 203.1.1.2 255.255.255.0 # 在三层聚合子接口12.1上设置OSPF的Hello定时器为1秒、Dead定时器为4秒。该接口的OSPF开销值为10,并采用MD5方式对报文进行验证。 [DeviceA-Route-Aggregation12.1] ospf timer hello 1 [DeviceA-Route-Aggregation12.1] ospf timer dead 4 [DeviceA-Route-Aggregation12.1] ospf cost 10 [DeviceA-Route-Aggregation12.1] ospf authentication-mode md5 1 plain 12345 [DeviceA-Route-Aggregation12.1] quit # 配置三层聚合子接口12.2,将该接口与vpn2绑定。配置该子接口终结VLAN 20,并配置该接口的地址为202.1.1.2/24。 [DeviceA] interface route-aggregation 12.2 [DeviceA-Route-Aggregation12.2] ip binding vpn-instance vpn2 [DeviceA-Route-Aggregation12.2] vlan-type dot1q vid 20 [DeviceA-Route-Aggregation12.2] ip address 204.1.1.2 255.255.255.0 # 在三层聚合子接口12.2上设置OSPF的Hello定时器为1秒、Dead定时器为4秒。该接口的OSPF开销值为10,并采用MD5方式对报文进行验证。 [DeviceA-Route-Aggregation12.2] ospf timer hello 1 [DeviceA-Route-Aggregation12.2] ospf timer dead 4 [DeviceA-Route-Aggregation12.2] ospf cost 10 [DeviceA-Route-Aggregation12.2] ospf authentication-mode md5 1 plain 12345 [DeviceA-Route-Aggregation12.2] quit # 配置Loopback 1的地址为1.1.1.9/32,此地址作为OSPF进程15的Router ID。 [DeviceA] interface loopback 1 [DeviceA-LoopBack1] ip binding vpn-instance vpn1 [DeviceA-LoopBack1] ip address 1.1.1.9 32 [DeviceA-LoopBack1] quit # 配置Loopback 2的地址为1.1.1.10/32,此地址作为OSPF进程115的Router ID。 [DeviceB] interface loopback 2 [DeviceB-LoopBack2] ip binding vpn-instance vpn2 [DeviceB-LoopBack2] ip address 1.1.1.10 32 [DeviceB-LoopBack2] quit # 创建OSPF进程15,指定该进程的Router ID为1.1.1.9,并将该进程与vpn1绑定。 [DeviceA] ospf 15 router-id 1.1.1.9 vpn-instance vpn1 # 通告vpn1业务路由201.1.1.0/24和203.1.1.0/24。 [DeviceA-ospf-15] area 0.0.0.0 [DeviceA-ospf-15-area-0.0.0.0] network 201.1.1.0 0.0.0.255 [DeviceA-ospf-15-area-0.0.0.0] network 203.1.1.0 0.0.0.255 [DeviceA-ospf-15-area-0.0.0.0] quit [DeviceA-ospf-15] quit # 创建OSPF进程115,指定该进程的Router ID为1.1.1.10,并将该进程与vpn2绑定。 [DeviceA] ospf 115 router-id 1.1.1.10 vpn-instance vpn2 # 通告vpn1业务路由202.1.1.0/24和204.1.1.0/24。 [DeviceA-ospf-115] area 0.0.0.0 [DeviceA-ospf-115-area-0.0.0.0] network 202.1.1.0 0.0.0.255 [DeviceA-ospf-115-area-0.0.0.0] network 204.1.1.0 0.0.0.255 [DeviceA-ospf-115-area-0.0.0.0] quit [DeviceA-ospf-115] quit 1.2.2 配置Device B# 配置设备的名称为DeviceB。 system-view [Sysname] sysname DeviceB # 创建名称为vpn1和vpn2的VPN实例。 [DeviceB] ip vpn-instance vpn1 [DeviceB-vpn-instance-vpn1] quit [DeviceB] ip vpn-instance vpn2 [DeviceB-vpn-instance-vpn2] quit # 将接口LoopBack101、LoopBack103、LoopBack105、LoopBack107与名为vpn1的VPN实例关联,并配置上述接口的IP地址,使其处于19.0.0.0/24网段。 [DeviceB] interface loopback 101 [DeviceB-LoopBack101] ip binding vpn-instance vpn1 [DeviceB-LoopBack101] ip address 19.0.0.1 255.255.255.248 [DeviceB-LoopBack101] quit [DeviceB] interface loopback 103 [DeviceB-LoopBack103] ip binding vpn-instance vpn1 [DeviceB-LoopBack103] ip address 19.0.0.9 255.255.255.248 [DeviceB-LoopBack103] quit [DeviceB] interface loopback 105 [DeviceB-LoopBack105] ip binding vpn-instance vpn1 [DeviceB-LoopBack105] ip address 19.0.0.17 255.255.255.240 [DeviceB-LoopBack105] quit [DeviceB] interface loopback 107 [DeviceB-LoopBack107] ip binding vpn-instance vpn1 [DeviceB-LoopBack107] ip address 19.0.0.33 255.255.255.240 [DeviceB-LoopBack107] quit # 将接口LoopBack102、LoopBack104、LoopBack106、LoopBack108与名为vpn2的VPN实例关联,并配置上述接口的IP地址,使其处于20.0.0.0/24网段。 [DeviceB] interface loopback 102 [DeviceB-LoopBack102] ip binding vpn-instance vpn2 [DeviceB-LoopBack102] ip address 20.0.0.1 255.255.255.248 [DeviceB-LoopBack102] quit [DeviceB] interface loopback 104 [DeviceB-LoopBack104] ip binding vpn-instance vpn2 [DeviceB-LoopBack104] ip address 20.0.0.9 255.255.255.248 [DeviceB-LoopBack104] quit [DeviceB] interface loopback 106 [DeviceB-LoopBack106] ip binding vpn-instance vpn2 [DeviceB-LoopBack106] ip address 20.0.0.17 255.255.255.240 [DeviceB-LoopBack106] quit [DeviceB] interface loopback 108 [DeviceB-LoopBack108] ip binding vpn-instance vpn2 [DeviceB-LoopBack108] ip address 20.0.0.33 255.255.255.240 [DeviceB-LoopBack108] quit # 配置Device B与Device D的互联三层聚合口1。 [DeviceB] interface route-aggregation 1 [DeviceB-Route-Aggregation1] link-aggregation mode dynamic [DeviceB-Route-Aggregation1] quit # 将接口GigabitEthernet1/0/1加入聚合组1。 [DeviceB] interface gigabitethernet 1/0/1 [DeviceB-GigabitEthernet1/0/1] port link-mode route [DeviceB-GigabitEthernet1/0/1] port link-aggregation group 1 [DeviceB-GigabitEthernet1/0/1] quit # 配置三层聚合子接口1.1,将该接口与vpn1绑定。配置该子接口终结VLAN 10,并配置该接口的地址为11.1.1.2/24。 [DeviceB] interface route-aggregation 1.1 [DeviceB-Route-Aggregation1.1] ip binding vpn-instance vpn1 [DeviceB-Route-Aggregation1.1] vlan-type dot1q vid 10 [DeviceB-Route-Aggregation1.1] ip address 11.1.1.2 255.255.255.0 # 在三层聚合子接口1.1上设置OSPF的Hello定时器为1秒、Dead定时器为4秒。该接口的OSPF开销值为10,并采用MD5方式对报文进行验证。 [DeviceB-Route-Aggregation1.1] ospf timer hello 1 [DeviceB-Route-Aggregation1.1] ospf timer dead 4 [DeviceB-Route-Aggregation1.1] ospf cost 10 [DeviceB-Route-Aggregation1.1] ospf authentication-mode md5 1 plain 12345 [DeviceB-Route-Aggregation1.1] quit # 配置三层聚合子接口1.2,将该接口与vpn2绑定。配置该子接口终结VLAN 20,并配置该接口的地址为12.1.1.2/24。 [DeviceB] interface Route-Aggregation1.2 [DeviceB-Route-Aggregation1.1] ip binding vpn-instance vpn2 [DeviceB-Route-Aggregation1.1] vlan-type dot1q vid 20 [DeviceB-Route-Aggregation1.1] ip address 12.1.1.2 255.255.255.0 # 在三层聚合子接口1.2上设置OSPF的Hello定时器为1秒、Dead定时器为4秒。该接口的OSPF开销值为10,并采用MD5方式对报文进行验证。 [DeviceB-Route-Aggregation1.1] ospf timer hello 1 [DeviceB-Route-Aggregation1.1] ospf timer dead 4 [DeviceB-Route-Aggregation1.1] ospf cost 10 [DeviceB-Route-Aggregation1.1] ospf authentication-mode md5 1 plain 12345 [DeviceB-Route-Aggregation1.1] quit # 配置Device B与Device C的互联三层聚合口2。 [DeviceB] interface route-aggregation 2 [DeviceB-Route-Aggregation2] link-aggregation mode dynamic [DeviceB-Route-Aggregation2] quit # 将接口GigabitEthernet1/0/2加入聚合组2。 [DeviceB] interface gigabitethernet 1/0/2 [DeviceB-GigabitEthernet1/0/2] port link-mode route [DeviceB-GigabitEthernet1/0/2] port link-aggregation group 2 [DeviceB-GigabitEthernet1/0/2] quit # 配置三层聚合子接口2.1,将该接口与vpn1绑定。配置该子接口终结VLAN 10,并配置该接口的地址为172.168.1.1/24。 [DeviceB] interface route-aggregation 2.1 [DeviceB-Route-Aggregation2.1] ip binding vpn-instance vpn1 [DeviceB-Route-Aggregation2.1] vlan-type dot1q vid 10 [DeviceB-Route-Aggregation2.1] ip address 172.168.1.1 255.255.255.0 # 在三层聚合子接口2.1上设置OSPF的Hello定时器为1秒、Dead定时器为4秒。该接口的OSPF开销值为10,并采用MD5方式对报文进行验证。 [DeviceB-Route-Aggregation2.1] ospf timer hello 1 [DeviceB-Route-Aggregation2.1] ospf timer dead 4 [DeviceB-Route-Aggregation2.1] ospf cost 10 [DeviceB-Route-Aggregation2.1] ospf authentication-mode md5 1 plain 12345 [DeviceB-Route-Aggregation2.1] quit # 配置三层聚合子接口2.2,将该接口与vpn2绑定。配置该子接口终结VLAN 20,并配置该接口的地址为192.168.1.1/24。 [DeviceB] interface route-aggregation 2.2 [DeviceB-Route-Aggregation2.2] ip binding vpn-instance vpn2 [DeviceB-Route-Aggregation2.2] vlan-type dot1q vid 20 [DeviceB-Route-Aggregation2.2] ip address 192.168.1.1 255.255.255.0 # 在三层聚合子接口2.2上设置OSPF的Hello定时器为1秒、Dead定时器为4秒。该接口的OSPF开销值为10,并采用MD5方式对报文进行验证。 [DeviceB-Route-Aggregation2.2] ospf timer hello 1 [DeviceB-Route-Aggregation2.2] ospf timer dead 4 [DeviceB-Route-Aggregation2.2] ospf cost 10 [DeviceB-Route-Aggregation2.2] ospf authentication-mode md5 1 plain 12345 [DeviceB-Route-Aggregation2.2] quit # 配置Device B与Device A的互联聚合口11。 [DeviceB] interface route-aggregation 11 [DeviceB-Route-Aggregation11] link-aggregation mode dynamic [DeviceB-Route-Aggregation11] quit # 将接口GigabitEthernet1/0/3加入聚合组11。 [DeviceB] interface gigabitethernet 1/0/3 [DeviceB-GigabitEthernet1/0/3] port link-mode route [DeviceB-GigabitEthernet1/0/3] port link-aggregation group 11 [DeviceB-GigabitEthernet1/0/3] quit # 配置三层聚合子接口11.1,将该接口与vpn1绑定。配置该子接口终结VLAN 10,并配置该接口的地址为201.1.1.1/24。 [DeviceB] interface route-aggregation 11.1 [DeviceB-Route-Aggregation11.1] ip binding vpn-instance vpn1 [DeviceB-Route-Aggregation11.1] vlan-type dot1q vid 10 [DeviceB-Route-Aggregation11.1] ip address 201.1.1.1 255.255.255.0 # 在三层聚合子接口11.1上设置OSPF的Hello定时器为1秒、Dead定时器为4秒。该接口的OSPF开销值为10,并采用MD5方式对报文进行验证。 [DeviceB-Route-Aggregation11.1] ospf timer hello 1 [DeviceB-Route-Aggregation11.1] ospf timer dead 4 [DeviceB-Route-Aggregation11.1] ospf cost 10 [DeviceB-Route-Aggregation11.1] ospf authentication-mode md5 1 plain 12345 [DeviceB-Route-Aggregation11.1] quit # 配置三层聚合子接口11.2,将该接口与vpn2绑定。配置该子接口终结VLAN 20,并配置该接口的地址为202.1.1.1/24。 [DeviceB] interface route-aggregation 11.2 [DeviceB-Route-Aggregation11.2] ip binding vpn-instance vpn2 [DeviceB-Route-Aggregation11.2] vlan-type dot1q vid 20 [DeviceB-Route-Aggregation11.2] ip address 202.1.1.1 255.255.255.0 # 在三层聚合子接口11.2上设置OSPF的Hello定时器为1秒、Dead定时器为4秒。该接口的OSPF开销值为10,并采用MD5方式对报文进行验证。 [DeviceB-Route-Aggregation11.2] ospf timer hello 1 [DeviceB-Route-Aggregation11.2] ospf timer dead 4 [DeviceB-Route-Aggregation11.2] ospf cost 10 [DeviceB-Route-Aggregation11.2] ospf authentication-mode md5 1 plain 12345 [DeviceB-Route-Aggregation11.2] quit # 配置名称为list1的前缀列表,其中序号10的表项仅允许201.1.1.0/24网段通过过滤;序号20的表项仅允许19.0.0.0/24网段通过过滤。 [DeviceB] ip prefix-list list1 index 10 permit 201.1.1.0 24 [DeviceB] ip prefix-list list1 index 20 permit 19.0.0.0 24 # 配置名称为list2的前缀列表,其中序号10的表项仅允许202.1.1.0/24网段通过过滤;序号20的表项仅允许20.0.0.0/24网段通过过滤。 [DeviceB] ip prefix-list list2 index 10 permit 202.1.1.0 24 [DeviceB] ip prefix-list list2 index 20 permit 20.0.0.0 24 # 配置路由策略p1。 [DeviceB] route-policy p1 permit node 10 [DeviceB-route-policy-p1-10] if-match ip address prefix-list list1 [DeviceB-route-policy-p1-10] quit # 配置路由策略p2。 [DeviceB] route-policy p2 permit node 10 [DeviceB-route-policy-p2-10] if-match ip address prefix-list list2 [DeviceB-route-policy-p2-10] quit # 静态汇总vpn1的业务黑洞路由。 [DeviceB] ip route-static vpn-instance vpn1 19.0.0.0 24 null0 # 静态汇总vpn2的业务黑洞路由。 [DeviceB] ip route-static vpn-instance vpn2 20.0.0.0 24 null0 # 配置Loopback 1的地址为2.2.2.9/32,此地址作为OSPF进程15的Router ID。 [DeviceB] interface loopback 1 [DeviceB-LoopBack1] ip binding vpn-instance vpn1 [DeviceB-LoopBack1] ip address 2.2.2.9 32 [DeviceB-LoopBack1] quit # 配置Loopback 2的地址为2.2.2.10/32,此地址作为OSPF进程115的Router ID。 [DeviceB] interface loopback 2 [DeviceB-LoopBack2] ip binding vpn-instance vpn2 [DeviceB-LoopBack2] ip address 2.2.2.10 32 [DeviceB-LoopBack2] quit # 创建OSPF进程15,指定该进程的Router ID为2.2.2.9,并将该进程与vpn1绑定。 [DeviceB] ospf 15 router-id 2.2.2.9 vpn-instance vpn1 # 在OSPF进程15中通告vpn1业务路由11.1.1.0/24、172.168.1.0/24和201.1.1.0/24。 [DeviceB-ospf-15] area 0.0.0.0 [DeviceB-ospf-15-area-0.0.0.0] network 11.1.1.0 0.0.0.255 [DeviceB-ospf-15-area-0.0.0.0] network 172.168.1.0 0.0.0.255 [DeviceB-ospf-15-area-0.0.0.0] network 201.1.1.0 0.0.0.255 [DeviceB-ospf-15-area-0.0.0.0] quit # 在OSPF进程15中引入直连路由和静态汇总后的业务路由,并通过路由策略对引入的路由进行过滤,避免Device B将业务1的明细路由发布给Device D。 [DeviceB-ospf-15] import-route direct route-policy p1 [DeviceB-ospf-15] import-route static route-policy p1 [DeviceB-ospf-15] quit # 创建OSPF进程115,将该进程与vpn2绑定。并指定该进程的Router ID为2.2.2.10。 [DeviceB] ospf 115 router-id 2.2.2.10 vpn-instance vpn2 # 在OSPF进程115中通告vpn2业务路由12.1.1.0/24、192.168.1.0/24和202.1.1.0/24。 [DeviceB-ospf-115] area 0.0.0.0 [DeviceB-ospf-115-area-0.0.0.0] network 12.1.1.0 0.0.0.255 [DeviceB-ospf-115-area-0.0.0.0] network 192.168.1.0 0.0.0.255 [DeviceB-ospf-115-area-0.0.0.0] network 202.1.1.0 0.0.0.255 [DeviceB-ospf-115-area-0.0.0.0] quit # 在OSPF进程115中引入直连路由和静态汇总后的业务路由,并通过路由策略对引入的路由进行过滤,避免Device B将业务2的明细路由发布给Device D。 [DeviceB-ospf-115] import-route direct route-policy p2 [DeviceB-ospf-115] import-route static route-policy p2 [DeviceB-ospf-115] quit 1.2.3 配置Device C# 配置设备的名称为DeviceC。 system-view [Sysname] sysname DeviceC # 创建名称为vpn1和vpn2的VPN实例。 [DeviceC] ip vpn-instance vpn1 [DeviceC-vpn-instance-vpn1] quit [DeviceC] ip vpn-instance vpn2 [DeviceC-vpn-instance-vpn2] quit # 将接口LoopBack101、LoopBack103、LoopBack105、LoopBack107与名为vpn1的VPN实例关联,并配置上述接口的IP地址,使其处于21.0.0.0/24网段。 [DeviceC] interface loopback 101 [DeviceC-LoopBack101] ip binding vpn-instance vpn1 [DeviceC-LoopBack101] ip address 21.0.0.1 255.255.255.248 [DeviceC-LoopBack101] quit [DeviceC] interface loopback 103 [DeviceC-LoopBack103] ip binding vpn-instance vpn1 [DeviceC-LoopBack103] ip address 21.0.0.9 255.255.255.248 [DeviceC-LoopBack103] quit [DeviceC] interface loopback 105 [DeviceC-LoopBack105] ip binding vpn-instance vpn1 [DeviceC-LoopBack105] ip address 21.0.0.17 255.255.255.240 [DeviceC-LoopBack105] quit [DeviceC] interface loopback 107 [DeviceC-LoopBack107] ip binding vpn-instance vpn1 [DeviceC-LoopBack107] ip address 21.0.0.33 255.255.255.240 [DeviceC-LoopBack107] quit # 将接口LoopBack102、LoopBack104、LoopBack106、LoopBack108与名为vpn2的VPN实例关联,并配置上述接口的IP地址,使其处于22.0.0.0/24网段。 [DeviceC] interface loopback 102 [DeviceC-LoopBack102] ip binding vpn-instance vpn2 [DeviceC-LoopBack102] ip address 22.0.0.1 255.255.255.248 [DeviceC-LoopBack102] quit [DeviceC] interface loopback 104 [DeviceC-LoopBack104] ip binding vpn-instance vpn2 [DeviceC-LoopBack104] ip address 22.0.0.9 255.255.255.248 [DeviceC-LoopBack104] quit [DeviceC] interface loopback 106 [DeviceC-LoopBack106] ip binding vpn-instance vpn2 [DeviceC-LoopBack106] ip address 22.0.0.17 255.255.255.240 [DeviceC-LoopBack106] quit [DeviceC] interface loopback 108 [DeviceC-LoopBack108] ip binding vpn-instance vpn2 [DeviceC-LoopBack108] ip address 22.0.0.33 255.255.255.240 [DeviceC-LoopBack108] quit # 配置Device C与Device E的互联聚合口1。 [DeviceC] interface route-aggregation1 [DeviceC-Route-Aggregation1] link-aggregation mode dynamic [DeviceC-Route-Aggregation1] quit # 将接口GigabitEthernet1/0/1加入聚合组1。 [DeviceC] interface gigabitethernet 1/0/1 [DeviceC-GigabitEthernet1/0/1] port link-mode route [DeviceC-GigabitEthernet1/0/1] port link-aggregation group 1 [DeviceC-GigabitEthernet1/0/1] quit # 配置三层聚合子接口1.1,将该接口与vpn1绑定。配置该子接口终结VLAN 10,并配置该接口的地址为13.1.1.2/24。 [DeviceC] interface route-aggregation 1.1 [DeviceC-Route-Aggregation1.1] ip binding vpn-instance vpn1 [DeviceC-Route-Aggregation1.1] vlan-type dot1q vid 10 [DeviceC-Route-Aggregation1.1] ip address 13.1.1.2 255.255.255.0 # 在三层聚合子接口1.1上设置OSPF的Hello定时器为1秒、Dead定时器为4秒。该接口的OSPF开销值为10,并采用MD5方式对报文进行验证。 [DeviceC-Route-Aggregation1.1] ospf timer hello 1 [DeviceC-Route-Aggregation1.1] ospf timer dead 4 [DeviceC-Route-Aggregation1.1] ospf cost 10 [DeviceC-Route-Aggregation1.1] ospf authentication-mode md5 1 plain 12345 [DeviceC-Route-Aggregation1.1] quit # 配置三层聚合子接口1.2,将该接口与vpn2绑定。配置该子接口终结VLAN 20,并配置该接口的地址为14.1.1.2/24。 [DeviceC] interface route-aggregation 1.2 [DeviceC-Route-Aggregation1.2] ip binding vpn-instance vpn2 [DeviceC-Route-Aggregation1.2] vlan-type dot1q vid 20 [DeviceC-Route-Aggregation1.2] ip address 14.1.1.2 255.255.255.0 # 在三层聚合子接口1.2上设置OSPF的Hello定时器为1秒、Dead定时器为4秒。该接口的OSPF开销值为10,并采用MD5方式对报文进行验证。 [DeviceC-Route-Aggregation1.2] ospf timer hello 1 [DeviceC-Route-Aggregation1.2] ospf timer dead 4 [DeviceC-Route-Aggregation1.2] ospf cost 10 [DeviceC-Route-Aggregation1.2] ospf authentication-mode md5 1 plain 12345 [DeviceC-Route-Aggregation1.2] quit # 配置Device C与Device B的互联聚合口2。 [DeviceC] interface route-aggregation 2 [DeviceC-Route-Aggregation2] link-aggregation mode dynamic [DeviceC-Route-Aggregation2] quit # 将接口GigabitEthernet1/0/2加入聚合组2。 [DeviceC] interface gigabitethernet 1/0/2 [DeviceC-GigabitEthernet1/0/2] port link-mode route [DeviceC-GigabitEthernet1/0/2] port link-aggregation group 2 [DeviceC-GigabitEthernet1/0/2] quit # 配置三层聚合子接口2.1,将该接口与vpn1绑定。配置该子接口终结VLAN 10,并配置该接口的地址为172.168.1.2/24。 [DeviceC] interface route-aggregation 2.1 [DeviceC-Route-Aggregation2.1] ip binding vpn-instance vpn1 [DeviceC-Route-Aggregation2.1] vlan-type dot1q vid 10 [DeviceC-Route-Aggregation2.1] ip address 172.168.1.2 255.255.255.0 # 在三层聚合子接口2.1上设置OSPF的Hello定时器为1秒、Dead定时器为4秒。该接口的OSPF开销值为10,并采用MD5方式对报文进行验证。 [DeviceC-Route-Aggregation2.1] ospf timer hello 1 [DeviceC-Route-Aggregation2.1] ospf timer dead 4 [DeviceC-Route-Aggregation2.1] ospf cost 10 [DeviceC-Route-Aggregation2.1] ospf authentication-mode md5 1 plain 12345 [DeviceC-Route-Aggregation2.1] quit # 配置三层聚合子接口2.2,将该接口与vpn2绑定。配置该子接口终结VLAN 20,并配置该接口的地址为192.168.1.2/24。 [DeviceC] interface route-aggregation 2.2 [DeviceC-Route-Aggregation2.2] ip binding vpn-instance vpn2 [DeviceC-Route-Aggregation2.2] vlan-type dot1q vid 20 [DeviceC-Route-Aggregation2.2] ip address 192.168.1.2 255.255.255.0 # 在三层聚合子接口2.2上设置OSPF的Hello定时器为1秒、Dead定时器为4秒。该接口的OSPF开销值为10,并采用MD5方式对报文进行验证。 [DeviceC-Route-Aggregation2.2] ospf timer hello 1 [DeviceC-Route-Aggregation2.2] ospf timer dead 4 [DeviceC-Route-Aggregation2.2] ospf cost 10 [DeviceC-Route-Aggregation2.2] ospf authentication-mode md5 1 plain 12345 [DeviceC-Route-Aggregation2.2] quit # 配置Device C与Device A的互联聚合口11。 [DeviceC] interface route-aggregation 11 [DeviceC-Route-Aggregation11] link-aggregation mode dynamic [DeviceC-Route-Aggregation11] quit # 将接口GigabitEthernet1/0/3加入聚合组11。 [DeviceC] interface gigabitethernet 1/0/3 [DeviceC-GigabitEthernet1/0/3] port link-mode route [DeviceC-GigabitEthernet1/0/3] port link-aggregation group 11 [DeviceC-GigabitEthernet1/0/3] quit # 配置三层聚合子接口11.1,将该接口与vpn1绑定。配置该子接口终结VLAN 10,并配置该接口的地址为203.1.1.1/24。 [DeviceC] interface route-aggregation 11.1 [DeviceC-Route-Aggregation11.1] ip binding vpn-instance vpn1 [DeviceC-Route-Aggregation11.1] vlan-type dot1q vid 10 [DeviceC-Route-Aggregation11.1] ip address 203.1.1.1 255.255.255.0 # 在三层聚合子接口11.1上设置OSPF的Hello定时器为1秒、Dead定时器为4秒。该接口的OSPF开销值为10,并采用MD5方式对报文进行验证。 [DeviceC-Route-Aggregation11.1] ospf timer hello 1 [DeviceC-Route-Aggregation11.1] ospf timer dead 4 [DeviceC-Route-Aggregation11.1] ospf cost 10 [DeviceC-Route-Aggregation11.1] ospf authentication-mode md5 1 plain 12345 [DeviceC-Route-Aggregation11.1] quit # 配置三层聚合子接口11.2,将该接口与vpn2绑定。配置该子接口终结VLAN 20,并配置该接口的地址为204.1.1.1/24。 [DeviceC] interface route-aggregation 11.2 [DeviceC-Route-Aggregation11.2] ip binding vpn-instance vpn2 [DeviceC-Route-Aggregation11.2] vlan-type dot1q vid 20 [DeviceC-Route-Aggregation11.2] ip address 204.1.1.1 255.255.255.0 # 在三层聚合子接口11.2上设置OSPF的Hello定时器为1秒、Dead定时器为4秒。该接口的OSPF开销值为10,并采用MD5方式对报文进行验证。 [DeviceC-Route-Aggregation11.2] ospf timer hello 1 [DeviceC-Route-Aggregation11.2] ospf timer dead 4 [DeviceC-Route-Aggregation11.2] ospf cost 10 [DeviceC-Route-Aggregation11.2] ospf authentication-mode md5 1 plain 12345 [DeviceC-Route-Aggregation11.2] quit # 配置名称为list1的前缀列表,其中序号10的表项仅允许203.1.1.0/24网段通过过滤;序号20的表项仅允许21.0.0.0/24网段通过过滤。 [DeviceC] ip prefix-list list1 index 10 permit 203.1.1.0 24 [DeviceC] ip prefix-list list1 index 20 permit 21.0.0.0 24 # 配置名称为list2的前缀列表,其中序号10的表项仅允许204.1.1.0/24网段通过过滤;序号20的表项仅允许22.0.0.0/24网段通过过滤。 [DeviceC] ip prefix-list list2 index 10 permit 204.1.1.0 24 [DeviceC] ip prefix-list list2 index 20 permit 22.0.0.0 24 # 配置路由策略p1。 [DeviceC] route-policy p1 permit node 10 [DeviceC-route-policy-p1-10] if-match ip address prefix-list list1 [DeviceC-route-policy-p1-10] quit # 配置路由策略p2。 [DeviceC] route-policy p2 permit node 10 [DeviceC-route-policy-p2-10] if-match ip address prefix-list list2 [DeviceC-route-policy-p2-10] quit # 静态汇总vpn1的业务黑洞路由。 [DevicC] ip route-static vpn-instance vpn1 21.0.0.0 24 null0 # 静态汇总vpn2的业务黑洞路由。 [DeviceC] ip route-static vpn-instance vpn2 22.0.0.0 24 null0 # 配置Loopback 1的地址为3.3.3.9/32,此地址作为OSPF进程15的Router ID。 [DeviceC] interface loopback 1 [DeviceC-LoopBack1] ip binding vpn-instance vpn1 [DeviceC-LoopBack1] ip address 3.3.3.9 32 [DeviceC-LoopBack1] quit # 配置Loopback 2的地址为3.3.3.10/32,此地址作为OSPF进程115的Router ID。 [DeviceC] interface loopback 2 [DeviceC-LoopBack2] ip binding vpn-instance vpn2 [DeviceC-LoopBack2] ip address 3.3.3.10 32 [DeviceC-LoopBack2] quit # 创建OSPF进程15,指定该进程的Router ID为3.3.3.9,并将该进程与vpn1绑定。 [DeviceC] ospf 15 router-id 3.3.3.9 vpn-instance vpn1 # 通告vpn1业务路由13.1.1.0/24、172.168.1.0/24和203.1.1.0/24。 [DeviceC-ospf-15] area 0.0.0.0 [DeviceC-ospf-15-area-0.0.0.0] network 13.1.1.0 0.0.0.255 [DeviceC-ospf-15-area-0.0.0.0] network 172.168.1.0 0.0.0.255 [DeviceC-ospf-15-area-0.0.0.0] network 203.1.1.0 0.0.0.255 [DeviceC-ospf-15-area-0.0.0.0] quit # 在OSPF进程15中引入直连路由和静态汇总后的业务路由,通过路由策略对引入的路由进行过滤,避免Device C将业务1的明细路由发布给Device E。 [DeviceC-ospf-15] import-route direct route-policy p1 [DeviceC-ospf-15] import-route static route-policy p1 [DeviceC-ospf-15] quit # 创建OSPF进程115,指定该进程的Router ID为3.3.3.10,并将该进程与vpn2绑定。 [DeviceC] ospf 115 router-id 3.3.3.10 vpn-instance vpn2 # 通告vpn2业务路由14.1.1.0/24、192.168.1.0/24和204.1.1.0/24。 [DeviceC-ospf-115] area 0.0.0.0 [DeviceC-ospf-115-area-0.0.0.0] network 14.1.1.0 0.0.0.255 [DeviceC-ospf-115-area-0.0.0.0] network 192.168.1.0 0.0.0.255 [DeviceC-ospf-115-area-0.0.0.0] network 204.1.1.0 0.0.0.255 [DeviceC-ospf-115-area-0.0.0.0] quit # 在OSPF 115中引入直连路由和静态汇总后的业务路由,并通过路由策略对引入的路由进行过滤,避免Device C将业务2的明细路由发布给Device E。 [DeviceC-ospf-115] import-route direct route-policy p2 [DeviceC-ospf-115] import-route static route-policy p2 [DeviceC-ospf-115] quit 1.2.4 配置Device D# 配置设备的名称为DeviceD。 system-view [Sysname] sysname DeviceD # 创建名称为vpn1和vpn2的VPN实例。 [DeviceD] ip vpn-instance vpn1 [DeviceD-vpn-instance-vpn1] quit [DeviceD] ip vpn-instance vpn2 [DeviceD-vpn-instance-vpn2] quit # 配置Device D与Device B的互联三层聚合口1。 [DeviceD] interface route-aggregation1 [DeviceD-Route-Aggregation1] link-aggregation mode dynamic [DeviceD-Route-Aggregation1] quit # 将接口GigabitEthernet1/0/1加入聚合组1。 [DeviceD] interface gigabitethernet 1/0/1 [DeviceD-GigabitEthernet1/0/1] port link-mode route [DeviceD-GigabitEthernet1/0/1] port link-aggregation group 1 [DeviceD-GigabitEthernet1/0/1] quit # 配置三层聚合子接口1.1,将该接口与vpn1绑定。配置该子接口终结VLAN 10,并配置该接口的地址为11.1.1.1/24。 [DeviceD] interface route-aggregation 1.1 [DeviceD-Route-Aggregation1.1] ip binding vpn-instance vpn1 [DeviceD-Route-Aggregation1.1] vlan-type dot1q vid 10 [DeviceD-Route-Aggregation1.1] ip address 11.1.1.1 255.255.255.0 # 在三层聚合子接口1.1上设置OSPF的Hello定时器为1秒、Dead定时器为4秒。该接口的OSPF开销值为10,并采用MD5方式对报文进行验证。 [DeviceD-Route-Aggregation1.1] ospf timer hello 1 [DeviceD-Route-Aggregation1.1] ospf timer dead 4 [DeviceD-Route-Aggregation1.1] ospf cost 10 [DeviceD-Route-Aggregation1.1] ospf authentication-mode md5 1 plain 12345 [DeviceD-Route-Aggregation1.1] quit # 配置三层聚合子接口1.2,将该接口与vpn2绑定。配置该子接口终结VLAN 20,并配置该接口的地址为12.1.1.1/24。 [DeviceD] interface route-aggregation 1.2 [DeviceD-Route-Aggregation1.2] ip binding vpn-instance vpn2 [DeviceD-Route-Aggregation1.2] vlan-type dot1q vid 20 [DeviceD-Route-Aggregation1.2] ip address 12.1.1.1 255.255.255.0 # 在三层聚合子接口1.2上设置OSPF的Hello定时器为1秒、Dead定时器为4秒。该接口的OSPF开销值为10,并采用MD5方式对报文进行验证。 [DeviceD-Route-Aggregation1.2] ospf timer hello 1 [DeviceD-Route-Aggregation1.2] ospf timer dead 4 [DeviceD-Route-Aggregation1.2] ospf cost 10 [DeviceD-Route-Aggregation1.2] ospf authentication-mode md5 1 plain 12345 [DeviceD-Route-Aggregation1.2] quit # 配置Loopback 1的地址为4.4.4.9/32,此地址作为OSPF进程15的Router ID。 [DeviceD] interface loopback 1 [DeviceD-LoopBack1] ip binding vpn-instance vpn1 [DeviceD-LoopBack1] ip address 4.4.4.9 32 [DeviceD-LoopBack1] quit # 配置Loopback 2的地址为4.4.4.10/32,此地址作为OSPF进程115的Router ID。 [DeviceD] interface loopback 2 [DeviceD-LoopBack1] ip binding vpn-instance vpn2 [DeviceD-LoopBack1] ip address 4.4.4.10 32 [DeviceD-LoopBack1] quit # 创建OSPF进程15,指定该进程的Router ID为4.4.4.9,并将该进程与vpn1绑定。 [DeviceD] ospf 15 router-id 4.4.4.9 vpn-instance vpn1 # 通告vpn1网段路由11.1.1.0/24。 [DeviceD-ospf-15] area 0.0.0.0 [DeviceD-ospf-15-area-0.0.0.0] network 11.1.1.0 0.0.0.255 [DeviceD-ospf-15-area-0.0.0.0] quit [DeviceD-ospf-15] quit # 创建OSPF进程115,指定该进程的Router ID为4.4.4.10,并将该进程与vpn2绑定。 [DeviceD] ospf 115 router-id 4.4.4.10 vpn-instance vpn2 # 通告vpn2网段路由12.1.1.0/24。 [DeviceD-ospf-115] area 0.0.0.0 [DeviceD-ospf-115-area-0.0.0.0] network 12.1.1.0 0.0.0.255 [DeviceD-ospf-115-area-0.0.0.0] quit 1.2.5 配置Device E# 配置设备的名称为DeviceE。 system-view [Sysname] sysname DeviceE # 创建名称为vpn1和vpn2的实例。 [DeviceE] ip vpn-instance vpn1 [DeviceE-vpn-instance-vpn1] quit [DeviceE] ip vpn-instance vpn2 [DeviceE-vpn-instance-vpn2] quit # 配置Device D与Device C的互联三层聚合口1。 [DeviceE] interface route-aggregation 1 [DeviceE-Route-Aggregation1] link-aggregation mode dynamic [DeviceE-Route-Aggregation1] quit # 将接口GigabitEthernet1/0/1加入聚合组1。 [DeviceE] interface gigabitethernet 1/0/1 [DeviceE-GigabitEthernet1/0/1] port link-mode route [DeviceE-GigabitEthernet1/0/1] port link-aggregation group 1 [DeviceE-GigabitEthernet1/0/1] quit # 配置三层聚合子接口1.1,将该接口与vpn1绑定。配置该子接口终结VLAN 10,并配置该接口的地址为13.1.1.1/24。 [DeviceE] interface route-aggregation 1.1 [DeviceE-Route-Aggregation1.1] ip binding vpn-instance vpn1 [DeviceE-Route-Aggregation1.1] vlan-type dot1q vid 10 [DeviceE-Route-Aggregation1.1] ip address 13.1.1.1 255.255.255.0 # 在三层聚合子接口1.1上设置OSPF的Hello定时器为1秒、Dead定时器为4秒。该接口的OSPF开销值为10,并采用MD5方式对报文进行验证。 [DeviceE-Route-Aggregation1.1] ospf timer hello 1 [DeviceE-Route-Aggregation1.1] ospf timer dead 4 [DeviceE-Route-Aggregation1.1] ospf cost 10 [DeviceE-Route-Aggregation1.1] ospf authentication-mode md5 1 plain 12345 [DeviceE-Route-Aggregation1.1] quit # 配置三层聚合子接口1.2,将该接口与vpn2绑定。配置该子接口终结VLAN 20,并配置该接口的地址为14.1.1.1/24。 [DeviceE] interface route-aggregation 1.2 [DeviceE-Route-Aggregation1.2] ip binding vpn-instance vpn2 [DeviceE-Route-Aggregation1.2] vlan-type dot1q vid 20 [DeviceE-Route-Aggregation1.2] ip address 14.1.1.1 255.255.255.0 # 在三层聚合子接口1.2上设置OSPF的Hello定时器为1秒、Dead定时器为4秒。该接口的OSPF开销值为10,并采用MD5方式对报文进行验证。 [DeviceE-Route-Aggregation1.2] ospf timer hello 1 [DeviceE-Route-Aggregation1.2] ospf timer dead 4 [DeviceE-Route-Aggregation1.2] ospf cost 10 [DeviceE-Route-Aggregation1.2] ospf authentication-mode md5 1 plain 12345 [DeviceE-Route-Aggregation1.2] quit # 配置Loopback 1的地址为5.5.5.9/32,此地址作为OSPF进程15的Router ID。 [DeviceE] interface loopback 1 [DeviceE-LoopBack1] ip binding vpn-instance vpn1 [DeviceE-LoopBack1] ip address 5.5.5.9 32 [DeviceE-LoopBack1] quit # 配置Loopback 2的地址为5.5.5.10/32,此地址作为OSPF进程115的Router ID。 [DeviceE] interface loopback 2 [DeviceE-LoopBack2] ip binding vpn-instance vpn2 [DeviceE-LoopBack2] ip address 5.5.5.10 32 [DeviceE-LoopBack2] quit # 创建OSPF进程15,指定该进程的Router ID为5.5.5.9,并将该进程与vpn1的实例绑定。 [DeviceE] ospf 15 router-id 5.5.5.9 vpn-instance vpn1 # 通告vpn1网段路由13.1.1.0/24。 [DeviceE-ospf-15] area 0.0.0.0 [DeviceE-ospf-15-area-0.0.0.0] network 13.1.1.0 0.0.0.255 [DeviceE-ospf-15-area-0.0.0.0] quit [DeviceE-ospf-15] quit # 创建OSPF进程115,指定该进程的Router ID为5.5.5.10,并将该进程与vpn2的实例绑定。 [DeviceE] ospf 115 router-id 5.5.5.10 vpn-instance vpn2 # 通告vpn2网段路由14.1.1.0/24。 [DeviceE-ospf-115] area 0.0.0.0 [DeviceE-ospf-115-area-0.0.0.0] network 14.1.1.0 0.0.0.255 [DeviceE-ospf-115-area-0.0.0.0] quit [DeviceE-ospf-115] quit 1.3 验证配置# 在Device B上执行display ip routing-table vpn-instance命令,查看路由表信息,业务1和业务2的路由相互隔离。同时,Device B上拥有19.0.0.0/24和20.0.0.0/24网段的明细路由。 [DeviceB] display ip routing-table vpn-instance vpn1
Destinations : 36 Routes : 37
Destination/Mask Proto Pre Cost NextHop Interface 0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0 2.2.2.9/32 Direct 0 0 127.0.0.1 InLoop0 11.1.1.0/24 Direct 0 0 11.1.1.2 RAGG1.1 11.1.1.0/32 Direct 0 0 11.1.1.2 RAGG1.1 11.1.1.2/32 Direct 0 0 127.0.0.1 InLoop0 11.1.1.255/32 Direct 0 0 11.1.1.2 RAGG1.1 13.1.1.0/24 O_INTRA 10 20 172.168.1.2 RAGG2.1 19.0.0.0/24 Static 60 0 0.0.0.0 NULL0 19.0.0.0/29 Direct 0 0 19.0.0.1 Loop101 19.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0 19.0.0.7/32 Direct 0 0 19.0.0.1 Loop101 19.0.0.8/29 Direct 0 0 19.0.0.9 Loop103 19.0.0.8/32 Direct 0 0 19.0.0.9 Loop103 19.0.0.9/32 Direct 0 0 127.0.0.1 InLoop0 19.0.0.15/32 Direct 0 0 19.0.0.9 Loop103 19.0.0.16/28 Direct 0 0 19.0.0.17 Loop105 19.0.0.16/32 Direct 0 0 19.0.0.17 Loop105 19.0.0.17/32 Direct 0 0 127.0.0.1 InLoop0 19.0.0.31/32 Direct 0 0 19.0.0.17 Loop105 19.0.0.32/28 Direct 0 0 19.0.0.33 Loop107 19.0.0.32/32 Direct 0 0 19.0.0.33 Loop107 19.0.0.33/32 Direct 0 0 127.0.0.1 InLoop0 19.0.0.47/32 Direct 0 0 19.0.0.33 Loop107 21.0.0.0/24 O_ASE2 150 1 172.168.1.2 RAGG2.1 127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0 172.168.1.0/24 Direct 0 0 172.168.1.1 RAGG2.1 172.168.1.0/32 Direct 0 0 172.168.1.1 RAGG2.1 172.168.1.1/32 Direct 0 0 127.0.0.1 InLoop0 172.168.1.255/32 Direct 0 0 172.168.1.1 RAGG2.1 201.1.1.0/24 Direct 0 0 201.1.1.1 RAGG11.1 201.1.1.0/32 Direct 0 0 201.1.1.1 RAGG11.1 201.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0 201.1.1.255/32 Direct 0 0 201.1.1.1 RAGG11.1 203.1.1.0/24 O_INTRA 10 20 172.168.1.2 RAGG2.1 O_INTRA 10 20 201.1.1.2 RAGG11.1 255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0 [DeviceB] display ip routing-table vpn-instance vpn2
Destinations : 36 Routes : 37
Destination/Mask Proto Pre Cost NextHop Interface 0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0 2.2.2.10/32 Direct 0 0 127.0.0.1 InLoop0 12.1.1.0/24 Direct 0 0 12.1.1.2 RAGG1.2 12.1.1.0/32 Direct 0 0 12.1.1.2 RAGG1.2 12.1.1.2/32 Direct 0 0 127.0.0.1 InLoop0 12.1.1.255/32 Direct 0 0 12.1.1.2 RAGG1.2 14.1.1.0/24 O_INTRA 10 20 192.168.1.2 RAGG2.2 20.0.0.0/24 Static 60 0 0.0.0.0 NULL0 20.0.0.0/29 Direct 0 0 20.0.0.1 Loop102 20.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0 20.0.0.7/32 Direct 0 0 20.0.0.1 Loop102 20.0.0.8/29 Direct 0 0 20.0.0.9 Loop104 20.0.0.8/32 Direct 0 0 20.0.0.9 Loop104 20.0.0.9/32 Direct 0 0 127.0.0.1 InLoop0 20.0.0.15/32 Direct 0 0 20.0.0.9 Loop104 20.0.0.16/28 Direct 0 0 20.0.0.17 Loop106 20.0.0.16/32 Direct 0 0 20.0.0.17 Loop106 20.0.0.17/32 Direct 0 0 127.0.0.1 InLoop0 20.0.0.31/32 Direct 0 0 20.0.0.17 Loop106 20.0.0.32/28 Direct 0 0 20.0.0.33 Loop108 20.0.0.32/32 Direct 0 0 20.0.0.33 Loop108 20.0.0.33/32 Direct 0 0 127.0.0.1 InLoop0 20.0.0.47/32 Direct 0 0 20.0.0.33 Loop108 22.0.0.0/24 O_ASE2 150 1 192.168.1.2 RAGG2.2 127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0 192.168.1.0/24 Direct 0 0 192.168.1.1 RAGG2.2 192.168.1.0/32 Direct 0 0 192.168.1.1 RAGG2.2 192.168.1.1/32 Direct 0 0 127.0.0.1 InLoop0 192.168.1.255/32 Direct 0 0 192.168.1.1 RAGG2.2 202.1.1.0/24 Direct 0 0 202.1.1.1 RAGG11.2 202.1.1.0/32 Direct 0 0 202.1.1.1 RAGG11.2 202.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0 202.1.1.255/32 Direct 0 0 202.1.1.1 RAGG11.2 204.1.1.0/24 O_INTRA 10 20 192.168.1.2 RAGG2.2 O_INTRA 10 20 202.1.1.2 RAGG11.2 255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0 # 在Device C上执行display ip routing-table vpn-instance命令,查看路由表信息,业务1和业务2的路由相互隔离。同时,Device C上拥有21.0.0.0/24和22.0.0.0/24网段的明细路由。 [DeviceC] display ip routing-table vpn-instance vpn1
Destinations : 32 Routes : 33
Destination/Mask Proto Pre Cost NextHop Interface 0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0 3.3.3.9/32 Direct 0 0 127.0.0.1 InLoop0 11.1.1.0/24 O_INTRA 10 20 172.168.1.1 RAGG2.1 13.1.1.0/24 Direct 0 0 13.1.1.2 RAGG1.1 13.1.1.0/32 Direct 0 0 13.1.1.2 RAGG1.1 13.1.1.2/32 Direct 0 0 127.0.0.1 InLoop0 13.1.1.255/32 Direct 0 0 13.1.1.2 RAGG1.1 19.0.0.0/24 O_ASE2 150 1 172.168.1.1 RAGG2.1 21.0.0.0/24 Static 60 0 0.0.0.0 NULL0 21.0.0.0/29 Direct 0 0 21.0.0.1 Loop101 21.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0 21.0.0.7/32 Direct 0 0 21.0.0.1 Loop101 21.0.0.8/29 Direct 0 0 21.0.0.9 Loop103 21.0.0.8/32 Direct 0 0 21.0.0.9 Loop103 21.0.0.9/32 Direct 0 0 127.0.0.1 InLoop0 21.0.0.15/32 Direct 0 0 21.0.0.9 Loop103 21.0.0.32/28 Direct 0 0 21.0.0.33 Loop107 21.0.0.32/32 Direct 0 0 21.0.0.33 Loop107 21.0.0.33/32 Direct 0 0 127.0.0.1 InLoop0 21.0.0.47/32 Direct 0 0 21.0.0.33 Loop107 127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0 172.168.1.0/24 Direct 0 0 172.168.1.2 RAGG2.1 172.168.1.0/32 Direct 0 0 172.168.1.2 RAGG2.1 172.168.1.2/32 Direct 0 0 127.0.0.1 InLoop0 172.168.1.255/32 Direct 0 0 172.168.1.2 RAGG2.1 201.1.1.0/24 O_INTRA 10 20 172.168.1.1 RAGG2.1 O_INTRA 10 20 203.1.1.2 RAGG11.1 203.1.1.0/24 Direct 0 0 203.1.1.1 RAGG11.1 203.1.1.0/32 Direct 0 0 203.1.1.1 RAGG11.1 203.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0 203.1.1.255/32 Direct 0 0 203.1.1.1 RAGG11.1 255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0 [DeviceC] display ip routing-table vpn-instance vpn2
Destinations : 32 Routes : 33
Destination/Mask Proto Pre Cost NextHop Interface 0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0 3.3.3.10/32 Direct 0 0 127.0.0.1 InLoop0 12.1.1.0/24 O_INTRA 10 20 192.168.1.1 RAGG2.2 14.1.1.0/24 Direct 0 0 14.1.1.2 RAGG1.2 14.1.1.0/32 Direct 0 0 14.1.1.2 RAGG1.2 14.1.1.2/32 Direct 0 0 127.0.0.1 InLoop0 14.1.1.255/32 Direct 0 0 14.1.1.2 RAGG1.2 20.0.0.0/24 O_ASE2 150 1 192.168.1.1 RAGG2.2 22.0.0.0/24 Static 60 0 0.0.0.0 NULL0 22.0.0.0/29 Direct 0 0 22.0.0.1 Loop102 22.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0 22.0.0.7/32 Direct 0 0 22.0.0.1 Loop102 22.0.0.8/29 Direct 0 0 22.0.0.9 Loop104 22.0.0.8/32 Direct 0 0 22.0.0.9 Loop104 22.0.0.9/32 Direct 0 0 127.0.0.1 InLoop0 22.0.0.15/32 Direct 0 0 22.0.0.9 Loop104 22.0.0.16/28 Direct 0 0 22.0.0.17 Loop106 22.0.0.16/32 Direct 0 0 22.0.0.17 Loop106 22.0.0.17/32 Direct 0 0 127.0.0.1 InLoop0 22.0.0.31/32 Direct 0 0 22.0.0.17 Loop106 127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0 192.168.1.0/24 Direct 0 0 192.168.1.2 RAGG2.2 192.168.1.0/32 Direct 0 0 192.168.1.2 RAGG2.2 192.168.1.2/32 Direct 0 0 127.0.0.1 InLoop0 192.168.1.255/32 Direct 0 0 192.168.1.2 RAGG2.2 202.1.1.0/24 O_INTRA 10 20 192.168.1.1 RAGG2.2 O_INTRA 10 20 204.1.1.2 RAGG11.2 204.1.1.0/24 Direct 0 0 204.1.1.1 RAGG11.2 204.1.1.0/32 Direct 0 0 204.1.1.1 RAGG11.2 204.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0 204.1.1.255/32 Direct 0 0 204.1.1.1 RAGG11.2 255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0 # 在Device D上执行display ip routing-table vpn-instance命令,查看路由表信息。业务1和业务2的路由相互隔离。同时,Device D上仅有vpn1的业务网段19.0.0.0/24和21.0.0.0/24、vpn2的业务网段20.0.0.0/24和22.0.0.0/24的聚合路由,不存在上述网段的明细路由。 [DeviceD] display ip routing-table vpn-instance vpn1
Destinations : 14 Routes : 14
Destination/Mask Proto Pre Cost NextHop Interface 0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0 4.4.4.9/32 Direct 0 0 127.0.0.1 InLoop0 11.1.1.0/24 Direct 0 0 11.1.1.1 RAGG1.1 11.1.1.0/32 Direct 0 0 11.1.1.1 RAGG1.1 11.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0 11.1.1.255/32 Direct 0 0 11.1.1.1 RAGG1.1 13.1.1.0/24 O_INTRA 10 30 11.1.1.2 RAGG1.1 19.0.0.0/24 O_ASE2 150 1 11.1.1.2 RAGG1.1 21.0.0.0/24 O_ASE2 150 1 11.1.1.2 RAGG1.1 127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0 172.168.1.0/24 O_INTRA 10 20 11.1.1.2 RAGG1.1 201.1.1.0/24 O_INTRA 10 20 11.1.1.2 RAGG1.1 203.1.1.0/24 O_INTRA 10 30 11.1.1.2 RAGG1.1 255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0 [DeviceD] display ip routing-table vpn-instance vpn2
Destinations : 14 Routes : 14
Destination/Mask Proto Pre Cost NextHop Interface 0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0 4.4.4.10/32 Direct 0 0 127.0.0.1 InLoop0 12.1.1.0/24 Direct 0 0 12.1.1.1 RAGG1.2 12.1.1.0/32 Direct 0 0 12.1.1.1 RAGG1.2 12.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0 12.1.1.255/32 Direct 0 0 12.1.1.1 RAGG1.2 14.1.1.0/24 O_INTRA 10 30 12.1.1.2 RAGG1.2 20.0.0.0/24 O_ASE2 150 1 12.1.1.2 RAGG1.2 22.0.0.0/24 O_ASE2 150 1 12.1.1.2 RAGG1.2 127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0 192.168.1.0/24 O_INTRA 10 20 12.1.1.2 RAGG1.2 202.1.1.0/24 O_INTRA 10 20 12.1.1.2 RAGG1.2 204.1.1.0/24 O_INTRA 10 30 12.1.1.2 RAGG1.2 255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0 # 在Device E上执行display ip routing-table vpn-instance命令,查看路由表信息。可以看到业务1和业务2的路由相互隔离。同时,Device E上仅有vpn1的业务网段19.0.0.0/24和21.0.0.0/24、vpn2的业务网段20.0.0.0/24和22.0.0.0/24的聚合路由,不存在上述网段的明细路由。 [DeviceE] display ip routing-table vpn-instance vpn1
Destinations : 14 Routes : 14
Destination/Mask Proto Pre Cost NextHop Interface 0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0 5.5.5.9/32 Direct 0 0 127.0.0.1 InLoop0 11.1.1.0/24 O_INTRA 10 30 13.1.1.2 RAGG1.1 13.1.1.0/24 Direct 0 0 13.1.1.1 RAGG1.1 13.1.1.0/32 Direct 0 0 13.1.1.1 RAGG1.1 13.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0 13.1.1.255/32 Direct 0 0 13.1.1.1 RAGG1.1 19.0.0.0/24 O_ASE2 150 1 13.1.1.2 RAGG1.1 21.0.0.0/24 O_ASE2 150 1 13.1.1.2 RAGG1.1 127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0 172.168.1.0/24 O_INTRA 10 20 13.1.1.2 RAGG1.1 201.1.1.0/24 O_INTRA 10 30 13.1.1.2 RAGG1.1 203.1.1.0/24 O_INTRA 10 20 13.1.1.2 RAGG1.1 255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0 [DeviceE] display ip routing-table vpn-instance vpn2
Destinations : 14 Routes : 14
Destination/Mask Proto Pre Cost NextHop Interface 0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0 5.5.5.10/32 Direct 0 0 127.0.0.1 InLoop0 12.1.1.0/24 O_INTRA 10 30 14.1.1.2 RAGG1.2 14.1.1.0/24 Direct 0 0 14.1.1.1 RAGG1.2 14.1.1.0/32 Direct 0 0 14.1.1.1 RAGG1.2 14.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0 14.1.1.255/32 Direct 0 0 14.1.1.1 RAGG1.2 20.0.0.0/24 O_ASE2 150 1 14.1.1.2 RAGG1.2 22.0.0.0/24 O_ASE2 150 1 14.1.1.2 RAGG1.2 127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0 192.168.1.0/24 O_INTRA 10 20 14.1.1.2 RAGG1.2 202.1.1.0/24 O_INTRA 10 30 14.1.1.2 RAGG1.2 204.1.1.0/24 O_INTRA 10 20 14.1.1.2 RAGG1.2 255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0 # 在Device A上执行ping命令,可以与Device D的vpn1网段、vpn2网段互通,也可以与Device E的vpn1网段、vpn2网段互通。 · Device A能ping通Device D的vpn1网段IP 11.1.1.1。 ping -vpn-instance vpn1 11.1.1.1 Ping 11.1.1.1 (11.1.1.1): 56 data bytes, press CTRL+C to break 56 bytes from 11.1.1.1: icmp_seq=0 ttl=254 time=2.000 ms 56 bytes from 11.1.1.1: icmp_seq=1 ttl=254 time=2.000 ms 56 bytes from 11.1.1.1: icmp_seq=2 ttl=254 time=2.000 ms 56 bytes from 11.1.1.1: icmp_seq=3 ttl=254 time=2.000 ms 56 bytes from 11.1.1.1: icmp_seq=4 ttl=254 time=1.000 ms
--- Ping statistics for 11.1.1.1 in VPN instance vpn1 --- 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss round-trip min/avg/max/std-dev = 1.000/1.800/2.000/0.400 ms · Device A能ping通Device D的vpn2网段IP 12.1.1.1。 ping -vpn-instance vpn2 12.1.1.1 Ping 12.1.1.1 (12.1.1.1): 56 data bytes, press CTRL+C to break 56 bytes from 12.1.1.1: icmp_seq=0 ttl=254 time=2.000 ms 56 bytes from 12.1.1.1: icmp_seq=1 ttl=254 time=1.000 ms 56 bytes from 12.1.1.1: icmp_seq=2 ttl=254 time=1.000 ms 56 bytes from 12.1.1.1: icmp_seq=3 ttl=254 time=1.000 ms 56 bytes from 12.1.1.1: icmp_seq=4 ttl=254 time=2.000 ms
--- Ping statistics for 12.1.1.1 in VPN instance vpn2 --- 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss round-trip min/avg/max/std-dev = 1.000/1.400/2.000/0.490 ms · Device A能ping通Device E的vpn1网段IP 13.1.1.1。 ping -vpn-instance vpn1 13.1.1.1 Ping 13.1.1.1 (13.1.1.1): 56 data bytes, press CTRL+C to break 56 bytes from 13.1.1.1: icmp_seq=0 ttl=254 time=2.000 ms 56 bytes from 13.1.1.1: icmp_seq=1 ttl=254 time=2.000 ms 56 bytes from 13.1.1.1: icmp_seq=2 ttl=254 time=2.000 ms 56 bytes from 13.1.1.1: icmp_seq=3 ttl=254 time=2.000 ms 56 bytes from 13.1.1.1: icmp_seq=4 ttl=254 time=1.000 ms
--- Ping statistics for 13.1.1.1 in VPN instance vpn1 --- 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss round-trip min/avg/max/std-dev = 1.000/1.800/2.000/0.400 ms · Device A能ping通Device E的vpn2网段IP 14.1.1.1。 ping -vpn-instance vpn2 14.1.1.1 Ping 14.1.1.1 (14.1.1.1): 56 data bytes, press CTRL+C to break 56 bytes from 14.1.1.1: icmp_seq=0 ttl=254 time=2.000 ms 56 bytes from 14.1.1.1: icmp_seq=1 ttl=254 time=1.000 ms 56 bytes from 14.1.1.1: icmp_seq=2 ttl=254 time=1.000 ms 56 bytes from 14.1.1.1: icmp_seq=3 ttl=254 time=1.000 ms 56 bytes from 14.1.1.1: icmp_seq=4 ttl=254 time=2.000 ms
--- Ping statistics for 14.1.1.1 in VPN instance vpn2 --- 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss round-trip min/avg/max/std-dev = 1.000/1.400/2.000/0.490 ms 1.4 配置文件· Device A: # sysname DeviceA # ip vpn-instance vpn1 # ip vpn-instance vpn2 # ospf 15 router-id 1.1.1.9 vpn-instance vpn1 area 0.0.0.0 network 201.1.1.0 0.0.0.255 network 203.1.1.0 0.0.0.255 # ospf 115 router-id 1.1.1.10 vpn-instance vpn2 area 0.0.0.0 network 202.1.1.0 0.0.0.255 network 204.1.1.0 0.0.0.255 # interface Route-Aggregation11 link-aggregation mode dynamic # interface Route-Aggregation11.1 ip binding vpn-instance vpn1 ip address 201.1.1.2 255.255.255.0 ospf cost 10 ospf timer hello 1 ospf timer dead 4 ospf authentication-mode md5 1 plain 12345 vlan-type dot1q vid 10 # interface Route-Aggregation11.2 ip binding vpn-instance vpn2 ip address 202.1.1.2 255.255.255.0 ospf cost 10 ospf timer hello 1 ospf timer dead 4 ospf authentication-mode md5 1 plain 12345 vlan-type dot1q vid 20 # interface Route-Aggregation12 link-aggregation mode dynamic # interface Route-Aggregation12.1 ip binding vpn-instance vpn1 ip address 203.1.1.2 255.255.255.0 ospf cost 10 ospf timer hello 1 ospf timer dead 4 ospf authentication-mode md5 1 plain 12345 vlan-type dot1q vid 10 # interface Route-Aggregation12.2 ip binding vpn-instance vpn2 ip address 204.1.1.2 255.255.255.0 ospf cost 10 ospf timer hello 1 ospf timer dead 4 ospf authentication-mode md5 1 plain 12345 vlan-type dot1q vid 20 # interface LoopBack1 ip binding vpn-instance vpn1 ip address 1.1.1.9 255.255.255.255 # interface LoopBack2 ip binding vpn-instance vpn2 ip address 1.1.1.10 255.255.255.255 # interface GigabitEthernet1/0/1 port link-mode route port link-aggregation group 11 # interface GigabitEthernet1/0/2 port link-mode route port link-aggregation group 12 # · Device B: # sysname DeviceB # ip vpn-instance vpn1 # ip vpn-instance vpn2 # ospf 15 router-id 2.2.2.9 vpn-instance vpn1 import-route direct route-policy p1 import-route static route-policy p1 area 0.0.0.0 network 11.1.1.0 0.0.0.255 network 172.168.1.0 0.0.0.255 network 201.1.1.0 0.0.0.255 # ospf 115 router-id 2.2.2.10 vpn-instance vpn2 import-route direct route-policy p2 import-route static route-policy p2 area 0.0.0.0 network 12.1.1.0 0.0.0.255 network 192.168.1.0 0.0.0.255 network 202.1.1.0 0.0.0.255 # interface Route-Aggregation1 link-aggregation mode dynamic # interface Route-Aggregation1.1 ip binding vpn-instance vpn1 ip address 11.1.1.2 255.255.255.0 ospf cost 10 ospf timer hello 1 ospf timer dead 4 ospf authentication-mode md5 1 plain 12345 vlan-type dot1q vid 10 # interface Route-Aggregation1.2 ip binding vpn-instance vpn2 ip address 12.1.1.2 255.255.255.0 ospf cost 10 ospf timer hello 1 ospf timer dead 4 ospf authentication-mode md5 1 plain 12345 vlan-type dot1q vid 20 # interface Route-Aggregation2 link-aggregation mode dynamic # interface Route-Aggregation2.1 ip binding vpn-instance vpn1 ip address 172.168.1.1 255.255.255.0 ospf cost 10 ospf timer hello 1 ospf timer dead 4 ospf authentication-mode md5 1 plain 12345 ospf network-type p2p vlan-type dot1q vid 10 # interface Route-Aggregation2.2 ip binding vpn-instance vpn2 ip address 192.168.1.1 255.255.255.0 ospf cost 10 ospf timer hello 1 ospf timer dead 4 ospf authentication-mode md5 1 plain 12345 vlan-type dot1q vid 20 # interface Route-Aggregation11 link-aggregation mode dynamic # interface Route-Aggregation11.1 ip binding vpn-instance vpn1 ip address 201.1.1.1 255.255.255.0 ospf cost 10 ospf timer hello 1 ospf timer dead 4 ospf authentication-mode md5 1 plain 12345 vlan-type dot1q vid 10 # interface Route-Aggregation11.2 ip binding vpn-instance vpn2 ip address 202.1.1.1 255.255.255.0 ospf cost 10 ospf timer hello 1 ospf timer dead 4 ospf authentication-mode md5 1 plain 12345 vlan-type dot1q vid 20 # interface LoopBack1 ip binding vpn-instance vpn1 ip address 2.2.2.9 255.255.255.255 # interface LoopBack2 ip binding vpn-instance vpn2 ip address 2.2.2.10 255.255.255.255 # interface LoopBack101 ip binding vpn-instance vpn1 ip address 19.0.0.1 255.255.255.248 # interface LoopBack102 ip binding vpn-instance vpn2 ip address 20.0.0.1 255.255.255.248 # interface LoopBack103 ip binding vpn-instance vpn1 ip address 19.0.0.9 255.255.255.248 # interface LoopBack104 ip binding vpn-instance vpn2 ip address 20.0.0.9 255.255.255.248 # interface LoopBack105 ip binding vpn-instance vpn1 ip address 19.0.0.17 255.255.255.240 # interface LoopBack106 ip binding vpn-instance vpn2 ip address 20.0.0.17 255.255.255.240 # interface LoopBack107 ip binding vpn-instance vpn1 ip address 19.0.0.33 255.255.255.240 # interface GigabitEthernet1/0/1 port link-mode route port link-aggregation group 1 # interface GigabitEthernet1/0/2 port link-mode route port link-aggregation group 2 # interface GigabitEthernet1/0/3 port link-mode route port link-aggregation group 11 # route-policy p1 permit node 10 if-match ip address prefix-list list1 # route-policy p2 permit node 10 if-match ip address prefix-list list2 # ip prefix-list list1 index 10 permit 19.0.0.0 24 ip prefix-list list1 index 20 permit 201.1.1.0 24 ip prefix-list list2 index 10 permit 20.0.0.0 24 ip prefix-list list2 index 20 permit 202.1.1.0 24 # ip route-static vpn-instance vpn1 19.0.0.0 24 NULL0 ip route-static vpn-instance vpn2 20.0.0.0 24 NULL0 # · Device C: # sysname DeviceC # ip vpn-instance vpn1 # ip vpn-instance vpn2 # ospf 15 router-id 3.3.3.9 vpn-instance vpn1 import-route direct route-policy p1 import-route static route-policy p1 area 0.0.0.0 network 13.1.1.0 0.0.0.255 network 172.168.1.0 0.0.0.255 network 203.1.1.0 0.0.0.255 # ospf 115 router-id 3.3.3.10 vpn-instance vpn2 import-route direct route-policy p2 import-route static route-policy p2 area 0.0.0.0 network 14.1.1.0 0.0.0.255 network 192.168.1.0 0.0.0.255 network 204.1.1.0 0.0.0.255 # interface Route-Aggregation1.1 ip binding vpn-instance vpn1 ip address 13.1.1.2 255.255.255.0 ospf cost 10 ospf timer hello 1 ospf timer dead 4 ospf authentication-mode md5 1 plain 12345 vlan-type dot1q vid 10 # interface Route-Aggregation1.2 ip binding vpn-instance vpn2 ip address 14.1.1.2 255.255.255.0 ospf cost 10 ospf timer hello 1 ospf timer dead 4 ospf authentication-mode md5 1 plain 12345 vlan-type dot1q vid 20 # interface Route-Aggregation2 link-aggregation mode dynamic # interface Route-Aggregation2.1 ip binding vpn-instance vpn1 ip address 172.168.1.2 255.255.255.0 ospf cost 10 ospf timer hello 1 ospf timer dead 4 ospf authentication-mode md5 1 plain 12345 vlan-type dot1q vid 10 # interface Route-Aggregation2.2 ip binding vpn-instance vpn2 ip address 192.168.1.2 255.255.255.0 ospf cost 10 ospf timer hello 1 ospf timer dead 4 ospf authentication-mode md5 1 plain 12345 vlan-type dot1q vid 20 # interface Route-Aggregation11 link-aggregation mode dynamic # interface Route-Aggregation11.1 ip binding vpn-instance vpn1 ip address 203.1.1.1 255.255.255.0 ospf cost 10 ospf timer hello 1 ospf timer dead 4 ospf authentication-mode md5 1 plain 12345 vlan-type dot1q vid 10 # interface Route-Aggregation11.2 ip binding vpn-instance vpn2 ip address 204.1.1.1 255.255.255.0 ospf cost 10 ospf timer hello 1 ospf timer dead 4 ospf authentication-mode md5 1 plain 12345 vlan-type dot1q vid 20 # interface LoopBack1 ip binding vpn-instance vpn1 ip address 3.3.3.9 255.255.255.255 # interface LoopBack2 ip binding vpn-instance vpn2 ip address 3.3.3.10 255.255.255.255 # interface LoopBack101 ip binding vpn-instance vpn1 ip address 21.0.0.1 255.255.255.248 # interface LoopBack102 ip binding vpn-instance vpn2 ip address 22.0.0.1 255.255.255.248 # interface LoopBack103 ip binding vpn-instance vpn1 ip address 21.0.0.17 255.255.255.240 # interface LoopBack104 ip binding vpn-instance vpn2 ip address 22.0.0.9 255.255.255.248 # interface LoopBack105 ip address 21.0.0.33 255.255.255.240 # interface LoopBack106 ip binding vpn-instance vpn2 ip address 22.0.0.17 255.255.255.0 # interface LoopBack107 ip binding vpn-instance vpn1 ip address 21.0.0.9 255.255.255.0 # interface LoopBack108 ip address 22.0.0.33 255.255.255.0 # interface GigabitEthernet1/0/1 port link-mode route port link-aggregation group 1 # interface GigabitEthernet1/0/2 port link-mode route port link-aggregation group 2 # interface GigabitEthernet1/0/3 port link-mode route port link-aggregation group 11 # route-policy p1 permit node 10 if-match ip address prefix-list list1 # route-policy p2 permit node 10 if-match ip address prefix-list list2 # ip prefix-list list1 index 10 permit 21.0.0.0 24 ip prefix-list list1 index 20 permit 203.1.1.0 24 ip prefix-list list2 index 10 permit 22.0.0.0 24 ip prefix-list list2 index 20 permit 204.1.1.0 24 # ip route-static vpn-instance vpn1 21.0.0.0 24 NULL0 ip route-static vpn-instance vpn2 22.0.0.0 24 NULL0 # · Device D: # sysname DeviceD # ip vpn-instance vpn1 # ip vpn-instance vpn2 # ospf 15 router-id 4.4.4.9 vpn-instance vpn1 area 0.0.0.0 network 11.1.1.0 0.0.0.255 # ospf 115 router-id 4.4.4.10 vpn-instance vpn2 area 0.0.0.0 network 11.1.1.0 0.0.0.255 network 12.1.1.0 0.0.0.255 # interface Route-Aggregation1 link-aggregation mode dynamic # interface Route-Aggregation1.1 ip binding vpn-instance vpn1 ip address 11.1.1.1 255.255.255.0 ospf cost 10 ospf timer hello 1 ospf timer dead 4 ospf authentication-mode md5 1 plain 12345 vlan-type dot1q vid 10 # interface Route-Aggregation1.2 ip binding vpn-instance vpn2 ip address 12.1.1.1 255.255.255.0 ospf cost 10 ospf timer hello 1 ospf timer dead 4 ospf authentication-mode md5 1 plain12345 vlan-type dot1q vid 20 # interface LoopBack1 ip binding vpn-instance vpn1 ip address 4.4.4.9 255.255.255.255 # interface LoopBack2 ip binding vpn-instance vpn2 ip address 4.4.4.10 255.255.255.255 # interface GigabitEthernet1/0/1 port link-mode route port link-aggregation group 1 # · Device E: # sysname DeviceE # ip vpn-instance vpn1 # ip vpn-instance vpn2 # ospf 15 router-id 5.5.5.9 vpn-instance vpn1 area 0.0.0.0 network 13.1.1.0 0.0.0.255 # ospf 115 router-id 5.5.5.10 vpn-instance vpn2 area 0.0.0.0 network 14.1.1.0 0.0.0.255 # interface Route-Aggregation1 link-aggregation mode dynamic # interface Route-Aggregation1.1 ip binding vpn-instance vpn1 ip address 13.1.1.1 255.255.255.0 ospf cost 10 ospf timer hello 1 ospf timer dead 4 ospf authentication-mode md5 1 plain 12345 vlan-type dot1q vid 10 # interface Route-Aggregation1.2 ip binding vpn-instance vpn2 ip address 14.1.1.1 255.255.255.0 ospf cost 10 ospf timer hello 1 ospf timer dead 4 ospf authentication-mode md5 1 plain 12345 vlan-type dot1q vid 20 # interface LoopBack1 ip binding vpn-instance vpn1 ip address 5.5.5.9 255.255.255.255 # interface LoopBack2 ip binding vpn-instance vpn2 ip address 5.5.5.10 255.255.255.255 # interface GigabitEthernet1/0/1 port link-mode route port link-aggregation group 1 # |
【本文地址】
今日新闻 |
推荐新闻 |