HUB Spoke实验(HCIE必考题)
HCIE必考的一个lab题,可以添加小老虎微信 领取实验压缩包和实验图。(微信号:Tiger_Erik)
多的不说了,直接上图和配置文件。
太真实了,自己敲过才知道,会错在什么地方。
BGP中:
Ipv4单播邻居跑公网路由
Vpnv4 跑穿透路由
Vpnv4 instance 和客户CE建立邻居传递私网路由。
Vpn-IPv4地址结构
RD(route distinguisher):64bits,用于区分使用相同地址空间的IPv4前缀,增加了RD的IPv4地址称为Vpn-IPv4地址(即Vpnv4地址)。PE从CE接收到IPv4路由后,转换为全局唯一的Vpn-IPv4路,并在公网上发布。
RD的两个功能:
1) 与 32bits 的 Ipv4 前缀一起构成 96bits 的 Vpnv4 前缀;
2) 如果不同的 Vpn 客户,存在相同的 IPv4 地址空间,那么可以通过设置不同的 RD 值从而保证前缀的唯一性。
• 每一个VRF有一个全局唯一的RD。
• 同一个Vpn的不同站点可以配置相同的RD,不同Vpn的RD必须唯一。
RT(Route Target):用来区分Vpn customer ,是BGP community 的扩展属性,在VRF 中进行配置。它跟在Vpnv4 前缀后面被一起传递。一条路由可以附加多个RT 值。
有两类Vpn Target属性:
• Export Target:本地PE从直接相连Site学到IPv4路由后,转换为Vpn-IPv4路由,并为这些路由设置Export Target属性。Export Target属性作为BGP的扩展团体属性随路由发布。
• Import Target:PE收到其它PE发布的Vpn-IPv4路由时,检查其Export Target属性。当此属性与PE上某个Vpn实例的Import Target匹配时,PE就把路由加入到该Vpn实例中。
在BGP/MPLS IP Vpn网络中,通过Vpn Target属性来控制Vpn路由信息在各Site之间的发布和接收。Vpn Export Target和Import Target的设置相互独立,并且都可以设置多个值,能够实现灵活的Vpn访问控制,从而实现多种Vpn组网方案。
配置文档
R1
[V200R003C00]
#
sysname R1
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-StandaRD-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
set cpu-usage threshold 80 restore 75
#
ip Vpn-instance A
ipv4-family
route-distinguisher 10:10
Vpn-target 10:10 export-extcommunity
#
ip Vpn-instance B
ipv4-family
route-distinguisher 11:11
Vpn-target 20:20 30:30 import-extcommunity
#
mpls lsr-id 1.1.1.1
mpls
#
mpls ldp
#
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin passwoRD cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 13.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/1.10
dot1q termination vid 10
ip binding Vpn-instance A
ip address 12.1.1.10 255.255.255.0
arp broadcast enable
#
interface GigabitEthernet0/0/1.20
dot1q termination vid 11
ip binding Vpn-instance B
ip address 12.1.2.20 255.255.255.0
arp broadcast enable
#
interface GigabitEthernet0/0/2
ip address 14.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface NULL0
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
#
bgp 10
router-id 1.1.1.1
undo default ipv4-unicast
peer 3.3.3.3 as-number 10
peer 3.3.3.3 connect-interface LoopBack0
peer 4.4.4.4 as-number 10
peer 4.4.4.4 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
undo peer 3.3.3.3 enable
undo peer 4.4.4.4 enable
#
ipv4-family Vpnv4
policy Vpn-target
peer 3.3.3.3 enable
peer 3.3.3.3 reflect-client
peer 4.4.4.4 enable
peer 4.4.4.4 reflect-client
#
ipv4-family Vpn-instance A
peer 12.1.1.11 as-number 65000
#
ipv4-family Vpn-instance B
peer 12.1.2.21 as-number 65000
#
ospf 10 router-id 1.1.1.1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 13.1.1.1 0.0.0.0
network 14.1.1.1 0.0.0.0
#
user-interface con 0
authentication-mode passwoRD
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
Return
R2
[V200R003C00]
#
sysname R2
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-StandaRD-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin passwoRD cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
#
interface GigabitEthernet0/0/0.10
dot1q termination vid 10
ip address 12.1.1.11 255.255.255.0
arp broadcast enable
#
interface GigabitEthernet0/0/0.20
dot1q termination vid 11
ip address 12.1.2.21 255.255.255.0
arp broadcast enable
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/1.20
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 2.2.2.2 255.255.255.0
#
bgp 65000
router-id 2.2.2.2
peer 12.1.1.10 as-number 10
peer 12.1.2.20 as-number 10
#
ipv4-family unicast
undo synchronization
aggregate 10.0.0.0 255.0.0.0 detail-suppressed
import-route direct
peer 12.1.1.10 enable
peer 12.1.2.20 enable
peer 12.1.2.20 allow-as-loop
#
user-interface con 0
authentication-mode passwoRD
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
Return
R3
[V200R003C00]
#
sysname R3
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-StandaRD-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
set cpu-usage threshold 80 restore 75
#
ip Vpn-instance A
ipv4-family
route-distinguisher 20:20
Vpn-target 20:20 export-extcommunity
Vpn-target 10:10 import-extcommunity
#
mpls lsr-id 3.3.3.3
mpls
#
mpls ldp
#
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin passwoRD cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 13.1.1.3 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
ip binding Vpn-instance A
ip address 35.1.1.3 255.255.255.0
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 3.3.3.3 255.255.255.255
#
bgp 10
router-id 3.3.3.3
undo default ipv4-unicast
peer 1.1.1.1 as-number 10
peer 1.1.1.1 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
undo peer 1.1.1.1 enable
#
ipv4-family Vpnv4
policy Vpn-target
peer 1.1.1.1 enable
#
ipv4-family Vpn-instance A
peer 35.1.1.5 as-number 65000
#
ospf 10 router-id 3.3.3.3
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 13.1.1.3 0.0.0.0
#
user-interface con 0
authentication-mode passwoRD
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
Return
R4
[V200R003C00]
#
sysname R4
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-StandaRD-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
set cpu-usage threshold 80 restore 75
#
ip Vpn-instance B
ipv4-family
route-distinguisher 30:30
Vpn-target 10:10 30:30 export-extcommunity
Vpn-target 30:30 10:10 import-extcommunity
#
mpls lsr-id 4.4.4.4
mpls
#
mpls ldp
#
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin passwoRD cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 14.1.1.4 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1
ip binding Vpn-instance B
ip address 46.1.1.4 255.255.255.0
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 4.4.4.4 255.255.255.255
#
bgp 10
router-id 4.4.4.4
undo default ipv4-unicast
peer 1.1.1.1 as-number 10
peer 1.1.1.1 connect-interface LoopBack0
#
ipv4-family unicast
undo synchronization
undo peer 1.1.1.1 enable
#
ipv4-family Vpnv4
policy Vpn-target
peer 1.1.1.1 enable
#
ipv4-family Vpn-instance B
peer 46.1.1.6 as-number 65000
#
ospf 10 router-id 4.4.4.4
area 0.0.0.0
network 4.4.4.4 0.0.0.0
network 14.1.1.4 0.0.0.0
#
user-interface con 0
authentication-mode passwoRD
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
Return
R5
[V200R003C00]
#
sysname R5
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-StandaRD-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin passwoRD cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 35.1.1.5 255.255.255.0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 5.5.5.5 255.255.255.255
#
interface LoopBack1
ip address 10.5.5.5 255.255.255.255
#
bgp 65000
router-id 5.5.5.5
peer 35.1.1.3 as-number 10
#
ipv4-family unicast
undo synchronization
import-route direct
peer 35.1.1.3 enable
peer 35.1.1.3 allow-as-loop
#
user-interface con 0
authentication-mode passwoRD
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
R6
[V200R003C00]
#
sysname R6
#
snmp-agent local-engineid 800007DB03000000000000
snmp-agent
#
clock timezone China-StandaRD-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
drop illegal-mac alarm
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin passwoRD cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 46.1.1.6 255.255.255.0
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
interface LoopBack0
ip address 6.6.6.6 255.255.255.255
#
bgp 65000
router-id 6.6.6.6
peer 46.1.1.4 as-number 10
#
ipv4-family unicast
undo synchronization
import-route direct
peer 46.1.1.4 enable
peer 46.1.1.4 allow-as-loop
#
user-interface con 0
authentication-mode passwoRD
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
