ISP网络大型企业综合接入部署实例
适用范围和业务需求:
该实例案例适用于ISP网络大企业综合接入场景,适合各类企业高带宽、高可靠性的接入场景。
该实例案例业务需求特点分析:
大型企业一般接入ISP网络的骨干区域,ISP可以为大企业客户提供的接入服务通常有:
为内容服务提供商提供专线接入
为大型企业数据中心提供Internet接入
为企业园区用户提供Internet接入
该场景的特点:路由量大;路由策略灵活;接入大带宽;一般企业接入骨干区域的主要业务需求包括:
接入需求:
大型企业需要提供有线接入方式,接入IPv4/IPv6双栈业务;且需要能够提供高带宽接入,满足差异化的多速率接入,例如10G和1G。
路由控制需求:
能满足灵活的路由转发需求;通过路由策略控制路由的发布和引入;通过TE隧道显式路径控制流量路由走向。
可靠性需求:
多出口链路保障带宽;对于企业专线等重要业务,需要保证高度的可靠性,保证业务的持续稳定;
网络关键节点设备需要提供备份功能,保障数据业务的可靠传输;
遇到链路闪断、设备故障时,业务中断时间要尽可能短,保障用户体验。
安全性需求:防止非法设备、非法攻击入侵网络;满足安全合规要求;接入用户控制,保证网络的安全性。
大型企业综合接入场景在某项目中的组网方案:
设计方案组网图
网络设计分析
接入需求:交换机S12700E-8作为PE设备,配有X2H单板和X1E单板,上接核心P设备,下接三层设备(SW)。
PE为企业客户提供两种组网模型:
针对企业规模较小的场景,PE作为用户网关,S5735-L做二层汇聚,通过VRRP双归到S12700E-8,如图2-113的企业客户2。
针对企业规模较大的场景,汇聚设备S5735-L作为用户网关,和PE组建EBGP Peer。S12700E-8通过EBGP学习下游设备的路由,并且通告上游的路由给下游设备,如图2-113的企业客户1。
路由控制需求
PE、P与ISP出口路由器Router设备之间通过OSPF实现互通。RR1和RR2作为主备路由反射器,PE与主备RR建立IBGP,接收和转发路由。
PE与P、Router之间创建MPLS TE Tunnel,且部署显式路径,实现流量控制。
可靠性需求
核心区域Router、P、PE设备两两之间创建MPLS TE Tunnel配置主备Tunnel,每个Tunnel配置主备路径。
S12700E-8双上行到主备的两台P设备,做到设备级可靠性。
互连端口部署LACP模式的Eth-Trunk,保证链路级可靠性。
部署OSPF GR和BGP GR,避免流量中断和主备切换带来的路由震荡。
安全性需求
在使能OSPFv2的接口上开启HMAC-SHA256验证,在OSPFv3进程开启IPSec安全功能。
MPLS RSVP-TE建立部署了密码认证。
通过Loopback口建立IBGP,并使能密码认证。
涉及产品以及版本 : S12700E-8 V200R019C10SPC500+最新补丁 S5735-L V200R019C10SPC500+最新补丁
采用如下的思路进行配置部署:
配置各设备的接口、VLAN、IPv4和IPv6地址等。
PE、P、Router、RR设备之间配置OSPF路由。配置BGP路由,和RR建立IBGP Peer。
在使能OSPF的接口上开启HMAC-SHA256验证,配置BGP对等体在建立TCP连接时进行MD5认证。
PE、P、Router设备上使能MPLS和MPLS RSVP,配置PE设备与Router间TE隧道。
数据规划设计:
以下描述的是案例中涉及的VLAN、接口、IP地址、路由以及各业务的数据规划。
部署步骤
配置PE1
配置设备的VLAN和接口IP地址。
# 创建Eth-Trunk0,配置Eth-Trunk0的IPv4和IPv6地址,使能LACP,并将接口XGE1/0/0、XGE2/0/0加入Eth-Trunk0。
<PE1> system-view
[PE1] ipv6
[PE1] interface Eth-Trunk 0
[PE1-Eth-Trunk0] undo portswitch
[PE1-Eth-Trunk0] description To_P1
[PE1-Eth-Trunk0] ip address 1.1.1.2 255.255.255.252
[PE1-Eth-Trunk0] ipv6 enable
[PE1-Eth-Trunk0] ipv6 address 2001:0:0:4D9::2/64
[PE1-Eth-Trunk0] mode lacp
[PE1-Eth-Trunk0] quit
[PE1] interface XGigabitEthernet 1/0/0
[PE1-XGigabitEthernet1/0/0] eth-trunk 0
[PE1-XGigabitEthernet1/0/0] quit
[PE1] interface XGigabitEthernet 2/0/0
[PE1-XGigabitEthernet2/0/0] eth-trunk 0
[PE1-XGigabitEthernet2/0/0] quit
# 创建Eth-Trunk1,配置Eth-Trunk1的IPv4和IPv6地址,使能LACP,并将接口XGE1/0/1、XGE2/0/1加入Eth-Trunk1。
[PE1] interface Eth-Trunk 1
[PE1-Eth-Trunk1] undo portswitch
[PE1-Eth-Trunk1] description To_P2
[PE1-Eth-Trunk1] ip address 1.1.1.10 255.255.255.252
[PE1-Eth-Trunk1] ipv6 enable
[PE1-Eth-Trunk1] ipv6 address 2001:0:0:4DB::2/64
[PE1-Eth-Trunk1] mode lacp
[PE1-Eth-Trunk1] quit
[PE1] interface XGigabitEthernet 1/0/1
[PE1-XGigabitEthernet1/0/1] eth-trunk 1
[PE1-XGigabitEthernet1/0/1] quit
[PE1] interface XGigabitEthernet 2/0/1
[PE1-XGigabitEthernet2/0/1] eth-trunk 1
[PE1-XGigabitEthernet2/0/1] quit
# 创建Eth-Trunk2,配置Eth-Trunk2的IPv4,使能LACP,并将接口XGE3/0/0、XGE4/0/0加入Eth-Trunk2。
[PE1] interface Eth-Trunk 2
[PE1-Eth-Trunk2] undo portswitch
[PE1-Eth-Trunk2] description To_SW1
[PE1-Eth-Trunk2] ip address 2.2.2.205 255.255.255.252
[PE1-Eth-Trunk2] mode lacp
[PE1-Eth-Trunk2] quit
[PE1] interface XGigabitEthernet 3/0/0
[PE1-XGigabitEthernet3/0/0] eth-trunk 2
[PE1-XGigabitEthernet3/0/0] quit
[PE1] interface XGigabitEthernet 4/0/0
[PE1-XGigabitEthernet4/0/0] eth-trunk 2
[PE1-XGigabitEthernet4/0/0] quit
# 创建Eth-Trunk3,配置Eth-Trunk3的IPv4,使能LACP,并将接口XGE3/0/1、XGE4/0/1加入Eth-Trunk3。
[PE1] interface Eth-Trunk 3
[PE1-Eth-Trunk3] undo portswitch
[PE1-Eth-Trunk3] description To_SW2
[PE1-Eth-Trunk3] ip address 3.3.3.114 255.255.255.248
[PE1-Eth-Trunk3] mode lacp
[PE1-Eth-Trunk3] quit
[PE1] interface XGigabitEthernet 3/0/1
[PE1-XGigabitEthernet3/0/1] eth-trunk 3
[PE1-XGigabitEthernet3/0/1] quit
[PE1] interface XGigabitEthernet 4/0/1
[PE1-XGigabitEthernet4/0/1] eth-trunk 3
[PE1-XGigabitEthernet4/0/1] quit
# 创建Loopback0,配置Loopback0的IPv4和IPv6地址。
[PE1] interface LoopBack 0
[PE1-LoopBack0] ip address 4.4.4.143 255.255.255.255
[PE1-LoopBack0] ipv6 enable
[PE1-LoopBack0] ipv6 address 2001::149/128
[PE1-LoopBack0] quit
配置OSPFv2和OSPFv3。
# 创建OSPFv2进程1,并指定Router-id,创建Area 0,使能GR,配置密码认证。
[PE1] ospf 1 router-id 4.4.4.143
[PE1-ospf-1] silent-interface all
[PE1-ospf-1] undo silent-interface Eth-Trunk0
[PE1-ospf-1] undo silent-interface Eth-Trunk1
[PE1-ospf-1] preference 80
[PE1-ospf-1] opaque-capability enable
[PE1-ospf-1] graceful-restart
[PE1-ospf-1] bandwidth-reference 1000000
[PE1-ospf-1] enable traffic-adjustment
[PE1-ospf-1] area 0.0.0.0
[PE1-ospf-1-area-0.0.0.0] authentication-mode hmac-sha256 1 cipher YsHsjx_202206
[PE1-ospf-1-area-0.0.0.0] mpls-te enable
[PE1-ospf-1-area-0.0.0.0] quit
[PE1-ospf-1] quit
# 配置IPSec安全提议和安全联盟。
[PE1] ipsec proposal ah
[PE1-ipsec-proposal-ah] encapsulation-mode transport
[PE1-ipsec-proposal-ah] transform ah
[PE1-ipsec-proposal-ah] ah authentication-algorithm sha2-256
[PE1-ipsec-proposal-ah] quit
[PE1] ipsec sa ospfv3-sa
[PE1-ipsec-sa-ospfv3-sa] proposal ah
[PE1-ipsec-sa-ospfv3-sa] sa spi inbound ah 256
[PE1-ipsec-sa-ospfv3-sa] sa authentication-hex inbound ah cipher 112233445566778899aabbccddeeff00
[PE1-ipsec-sa-ospfv3-sa] sa spi outbound ah 256
[PE1-ipsec-sa-ospfv3-sa] sa authentication-hex outbound ah cipher aabbccddeeff001100aabbccddeeff00
[PE1-ipsec-sa-ospfv3-sa] quit
# 创建OSPFv3进程1,并指定Router-id,使能GR。
[PE1] ospfv3 1
[PE1-ospfv3-1] router-id 4.4.4.143
[PE1-ospfv3-1] bandwidth-reference 1000000
[PE1-ospfv3-1] graceful-restart
[PE1-ospfv3-1] quit
# 在Loopback0接口下使能OSPFv2和OSPFv3。
[PE1] interface LoopBack 0
[PE1-LoopBack0] ospf enable 1 area 0.0.0.0
[PE1-LoopBack0] ospfv3 1 area 0.0.0.0
[PE1-LoopBack0] quit
# 在Eth-Trunk0接口下使能OSPFv2和OSPFv3,类型为P2P。
[PE1] interface Eth-Trunk 0
[PE1-Eth-Trunk0] ospf enable 1 area 0.0.0.0
[PE1-Eth-Trunk0] ospf network-type p2p
[PE1-Eth-Trunk0] ospfv3 1 area 0.0.0.0
[PE1-Eth-Trunk0] ospfv3 network-type p2p
[PE1-Eth-Trunk0] ospfv3 ipsec sa ospfv3-sa
[PE1-Eth-Trunk0] quit
# 在Eth-Trunk1接口下使能OSPFv2和OSPFv3,类型为P2P。
[PE1] interface Eth-Trunk 1
[PE1-Eth-Trunk1] ospf enable 1 area 0.0.0.0
[PE1-Eth-Trunk1] ospf network-type p2p
[PE1-Eth-Trunk1] ospfv3 1 area 0.0.0.0
[PE1-Eth-Trunk1] ospfv3 network-type p2p
[PE1-Eth-Trunk1] ospfv3 ipsec sa ospfv3-sa
[PE1-Eth-Trunk1] quit
# 在Eth-Trunk2接口下使能OSPFv2,类型为P2P。
[PE1] interface Eth-Trunk 2
[PE1-Eth-Trunk2] ospf enable 1 area 0.0.0.0
[PE1-Eth-Trunk2] ospf network-type p2p
[PE1-Eth-Trunk2] quit
# 在Eth-Trunk3接口下使能OSPFv2。
[PE1] interface Eth-Trunk 3
[PE1-Eth-Trunk3] ospf enable 1 area 0.0.0.0
[PE1-Eth-Trunk3] quit
在全局配置MPLS和RSVP-TE,并且在各个三层接口使能。
# 配置MPLS RSVP-TE,使能全局MPLS。
[PE1] mpls lsr-id 4.4.4.143
[PE1] mpls
[PE1-mpls] mpls te
[PE1-mpls] mpls rsvp-te
[PE1-mpls] mpls rsvp-te hello
[PE1-mpls] mpls rsvp-te srefresh
[PE1-mpls] quit
# 建立RSVP邻居节点,且使能MD5验证。
[PE1] mpls rsvp-te peer 1.1.1.1
[PE1-mpls-rsvp-te-peer-1.1.1.1] mpls rsvp-te authentication cipher YsHsjx_202206
[PE1-mpls-rsvp-te-peer-1.1.1.1] quit
[PE1] mpls rsvp-te peer 1.1.1.9
[PE1-mpls-rsvp-te-peer-1.1.1.9] mpls rsvp-te authentication cipher YsHsjx_202206
[PE1-mpls-rsvp-te-peer-1.1.1.9] quit
# 在连接P设备的三层口下使能MPLS和RSVP-TE。
[PE1] interface Eth-Trunk 0
[PE1-Eth-Trunk0] mpls
[PE1-Eth-Trunk0] mpls te
[PE1-Eth-Trunk0] mpls rsvp-te
[PE1-Eth-Trunk0] mpls rsvp-te hello
[PE1-Eth-Trunk0] quit
[PE1] interface Eth-Trunk 1
[PE1-Eth-Trunk1] mpls
[PE1-Eth-Trunk1] mpls te
[PE1-Eth-Trunk1] mpls rsvp-te
[PE1-Eth-Trunk1] mpls rsvp-te hello
[PE1-Eth-Trunk1] quit
配置TE隧道的显式路径和TE隧道。
# 配置TE隧道的显式路径。
[PE1] explicit-path TO-P1-1
[PE1-explicit-path-TO-P1-1] next hop 1.1.1.1
[PE1-explicit-path-TO-P1-1] quit
[PE1] explicit-path TO-P1-2
[PE1-explicit-path-TO-P1-2] next hop 1.1.1.9
[PE1-explicit-path-TO-P1-2] next hop 1.1.2.9
[PE1-explicit-path-TO-P1-2] quit
[PE1] explicit-path TO-P2-1
[PE1-explicit-path-TO-P2-1] next hop 1.1.1.9
[PE1-explicit-path-TO-P2-1] quit
[PE1] explicit-path TO-P2-2
[PE1-explicit-path-TO-P2-2] next hop 1.1.1.1
[PE1-explicit-path-TO-P2-2] next hop 1.1.2.10
[PE1-explicit-path-TO-P2-2] quit
[PE1] explicit-path TO-PE2-1
[PE1-explicit-path-TO-PE2-1] next hop 1.1.1.1
[PE1-explicit-path-TO-PE2-1] next hop 1.1.1.6
[PE1-explicit-path-TO-PE2-1] quit
[PE1] explicit-path TO-PE2-2
[PE1-explicit-path-TO-PE2-2] next hop 1.1.1.9
[PE1-explicit-path-TO-PE2-2] next hop 1.1.1.14
[PE1-explicit-path-TO-PE2-2] quit
[PE1] explicit-path TO-ROUTER-1
[PE1-explicit-path-TO-ROUTER-1] next hop 1.1.1.1
[PE1-explicit-path-TO-ROUTER-1] next hop 1.1.2.226
[PE1-explicit-path-TO-ROUTER-1] quit
[PE1] explicit-path TO-ROUTER-2
[PE1-explicit-path-TO-ROUTER-2] next hop 1.1.1.9
[PE1-explicit-path-TO-ROUTER-2] next hop 1.1.2.230
[PE1-explicit-path-TO-ROUTER-2] quit
# 配置TE隧道
[PE1] interface Tunnel1
[PE1-Tunnel1] ip address unnumbered interface LoopBack0
[PE1-Tunnel1] tunnel-protocol mpls te
[PE1-Tunnel1] destination 4.4.4.1
[PE1-Tunnel1] mpls te tunnel-id 1
[PE1-Tunnel1] mpls te signalled tunnel-name pe1->P1-1
[PE1-Tunnel1] mpls te record-route label
[PE1-Tunnel1] mpls te path explicit-path TO-P1-1
[PE1-Tunnel1] mpls te path explicit-path TO-P1-2 secondary
[PE1-Tunnel1] mpls te backup hot-standby
[PE1-Tunnel1] mpls te igp shortcut ospf
[PE1-Tunnel1] mpls te igp metric absolute 10
[PE1-Tunnel1] mpls te reserved-for-binding
[PE1-Tunnel1] ospf enable 1 area 0.0.0.0
[PE1-Tunnel1] mpls
[PE1-Tunnel1] mpls te commit
[PE1-Tunnel1] quit
[PE1] interface Tunnel2
[PE1-Tunnel2] ip address unnumbered interface LoopBack0
[PE1-Tunnel2] tunnel-protocol mpls te
[PE1-Tunnel2] destination 4.4.4.2
[PE1-Tunnel2] mpls te tunnel-id 2
[PE1-Tunnel2] mpls te signalled tunnel-name pe1->P2-1
[PE1-Tunnel2] mpls te record-route label
[PE1-Tunnel2] mpls te path explicit-path TO-P2-1
[PE1-Tunnel2] mpls te path explicit-path TO-P2-2 secondary
[PE1-Tunnel2] mpls te backup hot-standby
[PE1-Tunnel2] mpls te igp shortcut ospf
[PE1-Tunnel2] mpls te igp metric absolute 10
[PE1-Tunnel2] mpls te reserved-for-binding
[PE1-Tunnel2] ospf enable 1 area 0.0.0.0
[PE1-Tunnel2] mpls
[PE1-Tunnel2] mpls te commit
[PE1-Tunnel2] quit
[PE1] interface Tunnel3
[PE1-Tunnel3] ip address unnumbered interface LoopBack0
[PE1-Tunnel3] tunnel-protocol mpls te
[PE1-Tunnel3] destination 4.4.4.39
[PE1-Tunnel3] mpls te tunnel-id 19
[PE1-Tunnel3] mpls te signalled tunnel-name pe1->router-1
[PE1-Tunnel3] mpls te record-route label
[PE1-Tunnel3] mpls te path explicit-path TO-ROUTER-1
[PE1-Tunnel3] mpls te path explicit-path TO-ROUTER-2 secondary
[PE1-Tunnel3] mpls te backup hot-standby
[PE1-Tunnel3] mpls te igp shortcut ospf
[PE1-Tunnel3] mpls te igp metric absolute 10
[PE1-Tunnel3] mpls te reserved-for-binding
[PE1-Tunnel3] ospf enable 1 area 0.0.0.0
[PE1-Tunnel3] mpls
[PE1-Tunnel3] mpls te commit
[PE1-Tunnel3] quit
[PE1] interface Tunnel4
[PE1-Tunnel4] ip address unnumbered interface LoopBack0
[PE1-Tunnel4] tunnel-protocol mpls te
[PE1-Tunnel4] destination 4.4.4.39
[PE1-Tunnel4] mpls te tunnel-id 20
[PE1-Tunnel4] mpls te signalled tunnel-name pe1->router-2
[PE1-Tunnel4] mpls te record-route label
[PE1-Tunnel4] mpls te path explicit-path TO-ROUTER-2
[PE1-Tunnel4] mpls te path explicit-path TO-ROUTER-1 secondary
[PE1-Tunnel4] mpls te backup hot-standby
[PE1-Tunnel4] mpls te igp shortcut ospf
[PE1-Tunnel4] mpls te igp metric absolute 10
[PE1-Tunnel4] mpls te reserved-for-binding
[PE1-Tunnel4] ospf enable 1 area 0.0.0.0
[PE1-Tunnel4] mpls
[PE1-Tunnel4] mpls te commit
[PE1-Tunnel4] quit
[PE1] interface Tunnel5
[PE1-Tunnel5] ip address unnumbered interface LoopBack0
[PE1-Tunnel5] tunnel-protocol mpls te
[PE1-Tunnel5] destination 4.4.4.144
[PE1-Tunnel5] mpls te tunnel-id 69
[PE1-Tunnel5] mpls te signalled tunnel-name pe1->pe2-1
[PE1-Tunnel5] mpls te record-route label
[PE1-Tunnel5] mpls te path explicit-path TO-PE2-1
[PE1-Tunnel5] mpls te path explicit-path TO-PE2-2 secondary
[PE1-Tunnel5] mpls te backup hot-standby
[PE1-Tunnel5] mpls te igp shortcut ospf
[PE1-Tunnel5] mpls te igp metric absolute 10
[PE1-Tunnel5] mpls te reserved-for-binding
[PE1-Tunnel5] ospf enable 1 area 0.0.0.0
[PE1-Tunnel5] mpls
[PE1-Tunnel5] mpls te commit
[PE1-Tunnel5] quit
[PE1] interface Tunnel6
[PE1-Tunnel6] ip address unnumbered interface LoopBack0
[PE1-Tunnel6] tunnel-protocol mpls te
[PE1-Tunnel6] destination 4.4.4.144
[PE1-Tunnel6] mpls te tunnel-id 70
[PE1-Tunnel6] mpls te signalled tunnel-name pe1->pe2-2
[PE1-Tunnel6] mpls te record-route label
[PE1-Tunnel6] mpls te path explicit-path TO-PE2-2
[PE1-Tunnel6] mpls te path explicit-path TO-PE2-1 secondary
[PE1-Tunnel6] mpls te backup hot-standby
[PE1-Tunnel6] mpls te igp shortcut ospf
[PE1-Tunnel6] mpls te igp metric absolute 10
[PE1-Tunnel6] mpls te reserved-for-binding
[PE1-Tunnel6] ospf enable 1 area 0.0.0.0
[PE1-Tunnel6] mpls
[PE1-Tunnel6] mpls te commit
[PE1-Tunnel6] quit
配置BGP和BGP4+,与RR1以及RR2建立IBGP peer,与SW1建立EBGP peer。
# 启动BGP进程,配置BGP对等体。
[PE1] bgp 2519
[PE1-bgp] router-id 4.4.4.143
[PE1-bgp] graceful-restart
[PE1-bgp] group IPv6-PRIVATEAS_CUSTOMER external
[PE1-bgp] group PRIVATEAS_CUSTOMER external
[PE1-bgp] peer 2.2.2.206 as-number 64901
[PE1-bgp] peer 2.2.2.206 group PRIVATEAS_CUSTOMER
[PE1-bgp] peer 2.2.2.206 password cipher YsHsjx_202206
[PE1-bgp] group iBGP internal
[PE1-bgp] peer iBGP connect-interface LoopBack0
[PE1-bgp] peer 4.4.4.27 as-number 2519
[PE1-bgp] peer 4.4.4.27 group iBGP
[PE1-bgp] peer 4.4.4.27 password cipher YsHsjx_202206
[PE1-bgp] peer 4.4.4.28 as-number 2519
[PE1-bgp] peer 4.4.4.28 group iBGP
[PE1-bgp] peer 4.4.4.28 password cipher YsHsjx_202206
[PE1-bgp] peer 2001::15 as-number 2519
[PE1-bgp] peer 2001::15 group iBGP
[PE1-bgp] peer 2001::15 password cipher YsHsjx_202206
[PE1-bgp] peer 2001::16 as-number 2519
[PE1-bgp] peer 2001::16 group iBGP
[PE1-bgp] peer 2001::16 password cipher YsHsjx_202206
[PE1-bgp] ipv4-family unicast
[PE1-bgp-af-ipv4] undo synchronization
[PE1-bgp-af-ipv4] preference 170 170 130
[PE1-bgp-af-ipv4] peer PRIVATEAS_CUSTOMER advertise-community
[PE1-bgp-af-ipv4] peer iBGP next-hop-local
[PE1-bgp-af-ipv4] peer iBGP advertise-community
[PE1-bgp-af-ipv4] quit
# 配置BGP4+对等体。
[PE1-bgp] ipv6-family unicast
[PE1-bgp-af-ipv6] undo synchronization
[PE1-bgp-af-ipv6] preference 170 170 130
[PE1-bgp-af-ipv6] peer IPv6-PRIVATEAS_CUSTOMER enable
[PE1-bgp-af-ipv6] peer IPv6-PRIVATEAS_CUSTOMER advertise-community
[PE1-bgp-af-ipv6] peer iBGP enable
[PE1-bgp-af-ipv6] peer iBGP next-hop-local
[PE1-bgp-af-ipv6] peer iBGP advertise-community
[PE1-bgp-af-ipv6] peer 2001::15 enable
[PE1-bgp-af-ipv6] peer 2001::15 group iBGP
[PE1-bgp-af-ipv6] peer 2001::16 enable
[PE1-bgp-af-ipv6] peer 2001::16 group iBGP
[PE1-bgp-af-ipv6] quit
[PE1-bgp] quit
# 配置BGP路由策略,仅向企业用户发布缺省路由,其他路由不发布。将静态路由引入到BGP中。
[PE1] ip ip-prefix DEFAULT-ROUTE index 5 permit 0.0.0.0 0
[PE1] route-policy PRIVATEAS_CUSTOMER-DEFAULT-OUT permit node 100
[PE1-route-policy] if-match ip-prefix DEFAULT-ROUTE
[PE1-route-policy] apply community no-export
[PE1-route-policy] quit
[PE1] route-policy PRIVATEAS_CUSTOMER-DEFAULT-OUT deny node 200
[PE1-route-policy] quit
[PE1] route-policy DENY-ANY_ROUTE-OUT deny node 100
[PE1-route-policy] quit
[PE1] route-policy STATIC-to-BGP permit node 200
[PE1-route-policy] if-match tag 2519
[PE1-route-policy] apply local-preference 10000
[PE1-route-policy] apply origin igp
[PE1-route-policy] apply community 2519:1
[PE1-route-policy] quit
# 应用BGP路由策略。
[PE1] bgp 2519
[PE1-bgp] ipv4-family unicast
[PE1-bgp-af-ipv4] import-route static route-policy STATIC-to-BGP
[PE1-bgp-af-ipv4] peer 2.2.2.206 route-policy DENY-ANY_ROUTE-OUT export
[PE1-bgp-af-ipv4] peer 2.2.2.206 default-route-advertise route-policy PRIVATEAS_CUSTOMER-DEFAULT-OUT conditional-route-match-any 0.0.0.0 0.0.0.0
[PE1-bgp-af-ipv4] quit
[PE1-bgp] ipv6-family unicast
[PE1-bgp-af-ipv6] import-route static route-policy STATIC-to-BGP
[PE1-bgp-af-ipv6] quit
[PE1-bgp] quit
配置VRRP和静态路由,供SW2接入
# 在与SW2互联的接口配置VRRP。
[PE1] interface Eth-Trunk3
[PE1-Eth-Trunk3] vrrp vrid 1 virtual-ip 3.3.3.113
[PE1-Eth-Trunk3] vrrp vrid 1 priority 150
[PE1-Eth-Trunk3] vrrp vrid 1 preempt-mode timer delay 120
[PE1-Eth-Trunk3] vrrp vrid 1 track interface Eth-Trunk0 reduced 30
[PE1-Eth-Trunk3] vrrp vrid 1 track interface Eth-Trunk1 reduced 30
[PE1-Eth-Trunk3] vrrp vrid 1 authentication-mode md5 ***
[PE1-Eth-Trunk3] ospf cost 10000
[PE1-Eth-Trunk3] ospf enable 1 area 0.0.0.0
[PE1-Eth-Trunk3] quit
# 配置静态路由实现与SW2互通。
[PE1] ip route-static 6.6.6.0 255.255.255.0 Eth-Trunk 3 3.3.3.116 tag 2519
配置PE2
配置连接各个设备的接口。
# 创建Eth-Trunk0,配置Eth-Trunk0的IPv4和IPv6地址,使能LACP,并将接口XGE1/0/0、XGE2/0/0加入Eth-Trunk0。
<PE2> system-view
[PE2] ipv6
[PE2] interface Eth-Trunk 0
[PE2-Eth-Trunk0] undo portswitch
[PE2-Eth-Trunk0] description To_P1
[PE2-Eth-Trunk0] ip address 1.1.1.6 255.255.255.252
[PE2-Eth-Trunk0] ipv6 enable
[PE2-Eth-Trunk0] ipv6 address 2001:0:0:4DA::2/64
[PE2-Eth-Trunk0] mode lacp
[PE2-Eth-Trunk0] quit
[PE2] interface XGigabitEthernet 1/0/0
[PE2-XGigabitEthernet1/0/0] eth-trunk 0
[PE2-XGigabitEthernet1/0/0] quit
[PE2] interface XGigabitEthernet 2/0/0
[PE2-XGigabitEthernet2/0/0] eth-trunk 0
[PE2-XGigabitEthernet2/0/0] quit
# 创建Eth-Trunk1,配置Eth-Trunk1的IPv4和IPv6地址,使能LACP,并将接口XGE1/0/1、XGE2/0/1加入Eth-Trunk1。
[PE2] interface Eth-Trunk 1
[PE2-Eth-Trunk1] undo portswitch
[PE2-Eth-Trunk1] description To_P2
[PE2-Eth-Trunk1] ip address 1.1.1.14 255.255.255.252
[PE2-Eth-Trunk1] ipv6 enable
[PE2-Eth-Trunk1] ipv6 address 2001:0:0:4DC::2/64
[PE2-Eth-Trunk1] mode lacp
[PE2-Eth-Trunk1] quit
[PE2] interface XGigabitEthernet 1/0/1
[PE2-XGigabitEthernet1/0/1] eth-trunk 1
[PE2-XGigabitEthernet1/0/1] quit
[PE2] interface XGigabitEthernet 2/0/1
[PE2-XGigabitEthernet2/0/1] eth-trunk 1
[PE2-XGigabitEthernet2/0/1] quit
# 创建Eth-Trunk2,配置Eth-Trunk2的IPv4,使能LACP,并将接口XGE3/0/0、XGE4/0/0加入Eth-Trunk2。
[PE2] interface Eth-Trunk 2
[PE2-Eth-Trunk2] undo portswitch
[PE2-Eth-Trunk2] description To_SW1
[PE2-Eth-Trunk2] ip address 2.2.2.253 255.255.255.252
[PE2-Eth-Trunk2] mode lacp
[PE2-Eth-Trunk2] quit
[PE2] interface XGigabitEthernet 3/0/0
[PE2-XGigabitEthernet3/0/0] eth-trunk 2
[PE2-XGigabitEthernet3/0/0] quit
[PE2] interface XGigabitEthernet 4/0/0
[PE2-XGigabitEthernet4/0/0] eth-trunk 2
[PE2-XGigabitEthernet4/0/0] quit
# 创建Eth-Trunk3,配置Eth-Trunk3的IPv4,使能LACP,并将接口XGE3/0/1、XGE4/0/1加入Eth-Trunk3。
[PE2] interface Eth-Trunk 3
[PE2-Eth-Trunk3] undo portswitch
[PE2-Eth-Trunk3] description To_SW2
[PE2-Eth-Trunk3] ip address 3.3.3.115 255.255.255.248
[PE2-Eth-Trunk3] mode lacp
[PE2-Eth-Trunk3] quit
[PE2] interface XGigabitEthernet 3/0/1
[PE2-XGigabitEthernet3/0/1] eth-trunk 3
[PE2-XGigabitEthernet3/0/1] quit
[PE2] interface XGigabitEthernet 4/0/1
[PE2-XGigabitEthernet4/0/1] eth-trunk 3
[PE2-XGigabitEthernet4/0/1] quit
# 创建Loopback0,配置Loopback0的IPv4和IPv6地址。
[PE2] interface LoopBack 0
[PE2-LoopBack0] ip address 4.4.4.144 255.255.255.255
[PE2-LoopBack0] ipv6 enable
[PE2-LoopBack0] ipv6 address 2001::14A/128
[PE2-LoopBack0] quit
配置OSPFv2和OSPFv3。
# 创建OSPFv2进程1,并指定Router-id,创建Area 0,使能GR,配置密码认证。
[PE2] ospf 1 router-id 4.4.4.144
[PE2-ospf-1] silent-interface all
[PE2-ospf-1] undo silent-interface Eth-Trunk0
[PE2-ospf-1] undo silent-interface Eth-Trunk1
[PE2-ospf-1] preference 80
[PE2-ospf-1] opaque-capability enable
[PE2-ospf-1] graceful-restart
[PE2-ospf-1] bandwidth-reference 1000000
[PE2-ospf-1] enable traffic-adjustment
[PE2-ospf-1] area 0.0.0.0
[PE2-ospf-1-area-0.0.0.0] authentication-mode hmac-sha256 1 cipher YsHsjx_202206
[PE2-ospf-1-area-0.0.0.0] mpls-te enable
[PE2-ospf-1-area-0.0.0.0] quit
[PE2-ospf-1] quit
# 配置IPSec安全提议和安全联盟。
[PE2] ipsec proposal ah
[PE2-ipsec-proposal-ah] encapsulation-mode transport
[PE2-ipsec-proposal-ah] transform ah
[PE2-ipsec-proposal-ah] ah authentication-algorithm sha2-256
[PE2-ipsec-proposal-ah] quit
[PE2] ipsec sa ospfv3-sa
[PE2-ipsec-sa-ospfv3-sa] proposal ah
[PE2-ipsec-sa-ospfv3-sa] sa spi inbound ah 256
[PE2-ipsec-sa-ospfv3-sa] sa authentication-hex inbound ah cipher 112233445566778899aabbccddeeff00
[PE2-ipsec-sa-ospfv3-sa] sa spi outbound ah 256
[PE2-ipsec-sa-ospfv3-sa] sa authentication-hex outbound ah cipher aabbccddeeff001100aabbccddeeff00
[PE2-ipsec-sa-ospfv3-sa] quit
# 创建OSPFv3进程1,并指定Router-id,使能GR。
[PE2] ospfv3 1
[PE2-ospfv3-1] router-id 4.4.4.144
[PE2-ospfv3-1] bandwidth-reference 1000000
[PE2-ospfv3-1] graceful-restart
[PE2-ospfv3-1] quit
# 在Loopback0接口下使能OSPFv2和OSPFv3。
[PE2] interface LoopBack 0
[PE2-LoopBack0] ospf enable 1 area 0.0.0.0
[PE2-LoopBack0] ospfv3 1 area 0.0.0.0
[PE2-LoopBack0] quit
# 在Eth-Trunk0接口下使能OSPFv2和OSPFv3,类型为P2P。
[PE2] interface Eth-Trunk 0
[PE2-Eth-Trunk0] ospf enable 1 area 0.0.0.0
[PE2-Eth-Trunk0] ospf network-type p2p
[PE2-Eth-Trunk0] ospfv3 1 area 0.0.0.0
[PE2-Eth-Trunk0] ospfv3 network-type p2p
[PE2-Eth-Trunk0] ospfv3 ipsec sa ospfv3-sa
[PE2-Eth-Trunk0] quit
# 在Eth-Trunk1接口下使能OSPFv2和OSPFv3,类型为P2P。
[PE2] interface Eth-Trunk 1
[PE2-Eth-Trunk1] ospf enable 1 area 0.0.0.0
[PE2-Eth-Trunk1] ospf network-type p2p
[PE2-Eth-Trunk1] ospfv3 1 area 0.0.0.0
[PE2-Eth-Trunk1] ospfv3 network-type p2p
[PE2-Eth-Trunk1] ospfv3 ipsec sa ospfv3-sa
[PE2-Eth-Trunk1] quit
# 在Eth-Trunk2接口下使能OSPFv2,类型为P2P。
[PE2] interface Eth-Trunk 2
[PE2-Eth-Trunk2] ospf enable 1 area 0.0.0.0
[PE2-Eth-Trunk2] ospf network-type p2p
[PE2-Eth-Trunk2] quit
# 在Eth-Trunk3接口下使能OSPFv2。
[PE2] interface Eth-Trunk 3
[PE2-Eth-Trunk3] ospf enable 1 area 0.0.0.0
[PE2-Eth-Trunk3] quit
在全局配置MPLS和RSVP-TE,并且在各个三层接口使能。
# 配置MPLS RSVP-TE,使能全局MPLS。
[PE2] mpls lsr-id 4.4.4.144
[PE2] mpls
[PE2-mpls] mpls te
[PE2-mpls] mpls rsvp-te
[PE2-mpls] mpls rsvp-te hello
[PE2-mpls] mpls rsvp-te srefresh
[PE2-mpls] quit
# 建立RSVP邻居节点,且使能MD5验证。
[PE2] mpls rsvp-te peer 1.1.1.5
[PE2-mpls-rsvp-te-peer-1.1.1.5] mpls rsvp-te authentication cipher YsHsjx_202206
[PE2-mpls-rsvp-te-peer-1.1.1.5] quit
[PE2] mpls rsvp-te peer 1.1.1.13
[PE2-mpls-rsvp-te-peer-1.1.1.13] mpls rsvp-te authentication cipher YsHsjx_202206
[PE2-mpls-rsvp-te-peer-1.1.1.13] quit
# 在连接P设备的三层口下使能MPLS和RSVP-TE。
[PE2] interface Eth-Trunk 0
[PE2-Eth-Trunk0] mpls
[PE2-Eth-Trunk0] mpls te
[PE2-Eth-Trunk0] mpls rsvp-te
[PE2-Eth-Trunk0] mpls rsvp-te hello
[PE2-Eth-Trunk0] quit
[PE2] interface Eth-Trunk 1
[PE2-Eth-Trunk1] mpls
[PE2-Eth-Trunk1] mpls te
[PE2-Eth-Trunk1] mpls rsvp-te
[PE2-Eth-Trunk1] mpls rsvp-te hello
[PE2-Eth-Trunk1] quit
配置TE隧道的显式路径和TE隧道。
# 配置TE隧道的显式路径。
[PE2] explicit-path TO-P1-1
[PE2-explicit-path-TO-P1-1] next hop 1.1.1.5
[PE2-explicit-path-TO-P1-1] quit
[PE2] explicit-path TO-P1-2
[PE2-explicit-path-TO-P1-2] next hop 1.1.1.13
[PE2-explicit-path-TO-P1-2] next hop 1.1.2.9
[PE2-explicit-path-TO-P1-2] quit
[PE2] explicit-path TO-P2-1
[PE2-explicit-path-TO-P2-1] next hop 1.1.1.13
[PE2-explicit-path-TO-P2-1] quit
[PE2] explicit-path TO-P2-2
[PE2-explicit-path-TO-P2-2] next hop 1.1.1.5
[PE2-explicit-path-TO-P2-2] next hop 1.1.2.10
[PE2-explicit-path-TO-P2-2] quit
[PE2] explicit-path TO-PE1-1
[PE2-explicit-path-TO-PE1-1] next hop 1.1.1.5
[PE2-explicit-path-TO-PE1-1] next hop 1.1.1.2
[PE2-explicit-path-TO-PE1-1] quit
[PE2] explicit-path TO-PE1-2
[PE2-explicit-path-TO-PE1-2] next hop 1.1.1.13
[PE2-explicit-path-TO-PE1-2] next hop 1.1.1.10
[PE2-explicit-path-TO-PE1-2] quit
[PE2] explicit-path TO-ROUTER-1
[PE2-explicit-path-TO-ROUTER-1] next hop 1.1.1.5
[PE2-explicit-path-TO-ROUTER-1] next hop 1.1.2.226
[PE2-explicit-path-TO-ROUTER-1] quit
[PE2] explicit-path TO-ROUTER-2
[PE2-explicit-path-TO-ROUTER-2] next hop 1.1.1.13
[PE2-explicit-path-TO-ROUTER-2] next hop 1.1.2.230
[PE2-explicit-path-TO-ROUTER-2] quit
# 配置TE隧道。
[PE2] interface Tunnel1
[PE2-Tunnel1] ip address unnumbered interface LoopBack0
[PE2-Tunnel1] tunnel-protocol mpls te
[PE2-Tunnel1] destination 4.4.4.1
[PE2-Tunnel1] mpls te tunnel-id 1
[PE2-Tunnel1] mpls te signalled tunnel-name pe2->P1-1
[PE2-Tunnel1] mpls te record-route label
[PE2-Tunnel1] mpls te path explicit-path TO-P1-1
[PE2-Tunnel1] mpls te path explicit-path TO-P1-2 secondary
[PE2-Tunnel1] mpls te backup hot-standby
[PE2-Tunnel1] mpls te igp shortcut ospf
[PE2-Tunnel1] mpls te igp metric absolute 10
[PE2-Tunnel1] mpls te reserved-for-binding
[PE2-Tunnel1] ospf enable 1 area 0.0.0.0
[PE2-Tunnel1] mpls
[PE2-Tunnel1] mpls te commit
[PE2-Tunnel1] quit
[PE2] interface Tunnel2
[PE2-Tunnel2] ip address unnumbered interface LoopBack0
[PE2-Tunnel2] tunnel-protocol mpls te
[PE2-Tunnel2] destination 4.4.4.2
[PE2-Tunnel2] mpls te tunnel-id 2
[PE2-Tunnel2] mpls te signalled tunnel-name pe2->P2-1
[PE2-Tunnel2] mpls te record-route label
[PE2-Tunnel2] mpls te path explicit-path TO-P2-1
[PE2-Tunnel2] mpls te path explicit-path TO-P2-2 secondary
[PE2-Tunnel2] mpls te backup hot-standby
[PE2-Tunnel2] mpls te igp shortcut ospf
[PE2-Tunnel2] mpls te igp metric absolute 10
[PE2-Tunnel2] mpls te reserved-for-binding
[PE2-Tunnel2] ospf enable 1 area 0.0.0.0
[PE2-Tunnel2] mpls
[PE2-Tunnel2] mpls te commit
[PE2-Tunnel2] quit
[PE2] interface Tunnel3
[PE2-Tunnel3] ip address unnumbered interface LoopBack0
[PE2-Tunnel3] tunnel-protocol mpls te
[PE2-Tunnel3] destination 4.4.4.39
[PE2-Tunnel3] mpls te tunnel-id 3
[PE2-Tunnel3] mpls te signalled tunnel-name pe2->router-1
[PE2-Tunnel3] mpls te record-route label
[PE2-Tunnel3] mpls te path explicit-path TO-ROUTER-1
[PE2-Tunnel3] mpls te path explicit-path TO-ROUTER-2 secondary
[PE2-Tunnel3] mpls te backup hot-standby
[PE2-Tunnel3] mpls te igp shortcut ospf
[PE2-Tunnel3] mpls te igp metric absolute 10
[PE2-Tunnel3] mpls te reserved-for-binding
[PE2-Tunnel3] ospf enable 1 area 0.0.0.0
[PE2-Tunnel3] mpls
[PE2-Tunnel3] mpls te commit
[PE2-Tunnel3] quit
[PE2] interface Tunnel4
[PE2-Tunnel4] ip address unnumbered interface LoopBack0
[PE2-Tunnel4] tunnel-protocol mpls te
[PE2-Tunnel4] destination 4.4.4.39
[PE2-Tunnel4] mpls te tunnel-id 4
[PE2-Tunnel4] mpls te signalled tunnel-name pe2->router-2
[PE2-Tunnel4] mpls te record-route label
[PE2-Tunnel4] mpls te path explicit-path TO-ROUTER-2
[PE2-Tunnel4] mpls te path explicit-path TO-ROUTER-1 secondary
[PE2-Tunnel4] mpls te backup hot-standby
[PE2-Tunnel4] mpls te igp shortcut ospf
[PE2-Tunnel4] mpls te igp metric absolute 10
[PE2-Tunnel4] mpls te reserved-for-binding
[PE2-Tunnel4] ospf enable 1 area 0.0.0.0
[PE2-Tunnel4] mpls
[PE2-Tunnel4] mpls te commit
[PE2-Tunnel4] quit
[PE2] interface Tunnel5
[PE2-Tunnel5] ip address unnumbered interface LoopBack0
[PE2-Tunnel5] tunnel-protocol mpls te
[PE2-Tunnel5] destination 4.4.4.143
[PE2-Tunnel5] mpls te tunnel-id 5
[PE2-Tunnel5] mpls te signalled tunnel-name pe2->pe1-1
[PE2-Tunnel5] mpls te record-route label
[PE2-Tunnel5] mpls te path explicit-path TO-PE1-1
[PE2-Tunnel5] mpls te path explicit-path TO-PE1-2 secondary
[PE2-Tunnel5] mpls te backup hot-standby
[PE2-Tunnel5] mpls te igp shortcut ospf
[PE2-Tunnel5] mpls te igp metric absolute 10
[PE2-Tunnel5] mpls te reserved-for-binding
[PE2-Tunnel5] ospf enable 1 area 0.0.0.0
[PE2-Tunnel5] mpls
[PE2-Tunnel5] mpls te commit
[PE2-Tunnel5] quit
[PE2] interface Tunnel6
[PE2-Tunnel6] ip address unnumbered interface LoopBack0
[PE2-Tunnel6] tunnel-protocol mpls te
[PE2-Tunnel6] destination 4.4.4.143
[PE2-Tunnel6] mpls te tunnel-id 6
[PE2-Tunnel6] mpls te signalled tunnel-name pe2->pe1-2
[PE2-Tunnel6] mpls te record-route label
[PE2-Tunnel6] mpls te path explicit-path TO-PE1-2
[PE2-Tunnel6] mpls te path explicit-path TO-PE1-1 secondary
[PE2-Tunnel6] mpls te backup hot-standby
[PE2-Tunnel6] mpls te igp shortcut ospf
[PE2-Tunnel6] mpls te igp metric absolute 10
[PE2-Tunnel6] mpls te reserved-for-binding
[PE2-Tunnel6] ospf enable 1 area 0.0.0.0
[PE2-Tunnel6] mpls
[PE2-Tunnel6] mpls te commit
[PE2-Tunnel6] quit
配置BGP和BGP4+,与RR1以及RR2建立IBGP peer,与SW1建立EBGP peer。
# 启动BGP进程,配置BGP对等体。
[PE2] bgp 2519
[PE2-bgp] router-id 4.4.4.144
[PE2-bgp] graceful-restart
[PE2-bgp] group IPv6-PRIVATEAS_CUSTOMER external
[PE2-bgp] group PRIVATEAS_CUSTOMER external
[PE2-bgp] peer 2.2.2.254 as-number 64901
[PE2-bgp] peer 2.2.2.254 group PRIVATEAS_CUSTOMER
[PE2-bgp] peer 2.2.2.254 password cipher ***
[PE2-bgp] group iBGP internal
[PE2-bgp] peer iBGP connect-interface LoopBack0
[PE2-bgp] peer 4.4.4.27 as-number 2519
[PE2-bgp] peer 4.4.4.27 group iBGP
[PE2-bgp] peer 4.4.4.27 password cipher YsHsjx_202206
[PE2-bgp] peer 4.4.4.28 as-number 2519
[PE2-bgp] peer 4.4.4.28 group iBGP
[PE2-bgp] peer 4.4.4.28 password cipher YsHsjx_202206
[PE2-bgp] peer 2001::15 as-number 2519
[PE2-bgp] peer 2001::15 group iBGP
[PE2-bgp] peer 2001::15 password cipher YsHsjx_202206
[PE2-bgp] peer 2001::16 as-number 2519
[PE2-bgp] peer 2001::16 group iBGP
[PE2-bgp] peer 2001::16 password cipher YsHsjx_202206
[PE2-bgp] ipv4-family unicast
[PE2-bgp-af-ipv4] undo synchronization
[PE2-bgp-af-ipv4] preference 170 170 130
[PE2-bgp-af-ipv4] peer PRIVATEAS_CUSTOMER advertise-community
[PE2-bgp-af-ipv4] peer iBGP next-hop-local
[PE2-bgp-af-ipv4] peer iBGP advertise-community
[PE2-bgp-af-ipv4] quit
# 配置BGP4+对等体。
[PE2-bgp] ipv6-family unicast
[PE2-bgp-af-ipv6] undo synchronization
[PE2-bgp-af-ipv6] preference 170 170 130
[PE2-bgp-af-ipv6] peer IPv6-PRIVATEAS_CUSTOMER enable
[PE2-bgp-af-ipv6] peer IPv6-PRIVATEAS_CUSTOMER advertise-community
[PE2-bgp-af-ipv6] peer iBGP enable
[PE2-bgp-af-ipv6] peer iBGP next-hop-local
[PE2-bgp-af-ipv6] peer iBGP advertise-community
[PE2-bgp-af-ipv6] peer 2001::15 enable
[PE2-bgp-af-ipv6] peer 2001::15 group iBGP
[PE2-bgp-af-ipv6] peer 2001::16 enable
[PE2-bgp-af-ipv6] peer 2001::16 group iBGP
[PE2-bgp-af-ipv6] quit
[PE2-bgp] quit
# 配置BGP路由策略。
[PE2] ip ip-prefix DEFAULT-ROUTE index 5 permit 0.0.0.0 0
[PE2] route-policy PRIVATEAS_CUSTOMER-DEFAULT-OUT permit node 100
[PE2-route-policy] if-match ip-prefix DEFAULT-ROUTE
[PE2-route-policy] apply community no-export
[PE2-route-policy] quit
[PE2] route-policy PRIVATEAS_CUSTOMER-DEFAULT-OUT deny node 200
[PE2-route-policy] quit
[PE2] route-policy DENY-ANY_ROUTE-OUT deny node 100
[PE2-route-policy] quit
[PE2] route-policy STATIC-to-BGP permit node 200
[PE2-route-policy] if-match tag 2519
[PE2-route-policy] apply local-preference 9000
[PE2-route-policy] apply origin igp
[PE2-route-policy] apply community 2519:1
[PE2-route-policy] quit
# 应用BGP路由策略,仅向企业用户发布缺省路由,其他路由不发布。将静态路由引入到BGP中。
[PE2] bgp 2519
[PE2-bgp] ipv4-family unicast
[PE2-bgp-af-ipv4] import-route static route-policy STATIC-to-BGP
[PE2-bgp-af-ipv4] peer 2.2.2.254 route-policy DENY-ANY_ROUTE-OUT export
[PE2-bgp-af-ipv4] peer 2.2.2.254 default-route-advertise route-policy PRIVATEAS_CUSTOMER-DEFAULT-OUT conditional-route-match-any 0.0.0.0 0.0.0.0
[PE2-bgp-af-ipv4] quit
[PE2-bgp] ipv6-family unicast
[PE2-bgp-af-ipv6] import-route static route-policy STATIC-to-BGP
[PE2-bgp-af-ipv6] quit
[PE2-bgp] quit
配置VRRP和静态路由,供SW2接入。
# 在与SW2互联的接口配置VRRP。
[PE2] interface Eth-Trunk3
[PE2-Eth-Trunk3] vrrp vrid 1 virtual-ip 3.3.3.113
[PE2-Eth-Trunk3] vrrp vrid 1 track interface Eth-Trunk0 reduced 30
[PE2-Eth-Trunk3] vrrp vrid 1 track interface Eth-Trunk1 reduced 30
[PE2-Eth-Trunk3] vrrp vrid 1 authentication-mode md5 YsHsjx_202206
[PE2-Eth-Trunk3] ospf cost 20000
[PE2-Eth-Trunk3] ospf enable 1 area 0.0.0.0
[PE2-Eth-Trunk3] quit
# 配置静态路由实现与SW2互通。
[PE2] ip route-static 6.6.6.0 255.255.255.0 Eth-Trunk 3 3.3.3.116 tag 2519
配置P
以下配置以P1为例,P2的配置与此类似,此处不再赘述。
配置连接各个设备的接口。
# 创建Eth-Trunk0,配置Eth-Trunk0的IPv4和IPv6地址,使能LACP,并将接口XGE1/0/0、XGE2/0/0加入Eth-Trunk0。
<P1> system-view
[P1] ipv6
[P1] interface Eth-Trunk 0
[P1-Eth-Trunk0] undo portswitch
[P1-Eth-Trunk0] description To_PE1
[P1-Eth-Trunk0] ip address 1.1.1.1 255.255.255.252
[P1-Eth-Trunk0] ipv6 enable
[P1-Eth-Trunk0] ipv6 address 2001:0:0:4D9::1/64
[P1-Eth-Trunk0] mode lacp
[P1-Eth-Trunk0] quit
[P1] interface XGigabitEthernet 1/0/0
[P1-XGigabitEthernet1/0/0] eth-trunk 0
[P1-XGigabitEthernet1/0/0] quit
[P1] interface XGigabitEthernet 2/0/0
[P1-XGigabitEthernet2/0/0] eth-trunk 0
[P1-XGigabitEthernet2/0/0] quit
# 创建Eth-Trunk1,配置Eth-Trunk1的IPv4和IPv6地址,使能LACP,并将接口XGE1/0/1、XGE2/0/1加入Eth-Trunk1。
[P1] interface Eth-Trunk 1
[P1-Eth-Trunk1] undo portswitch
[P1-Eth-Trunk1] description To_PE2
[P1-Eth-Trunk1] ip address 1.1.1.5 255.255.255.252
[P1-Eth-Trunk1] ipv6 enable
[P1-Eth-Trunk1] ipv6 address 2001:0:0:4DA::1/64
[P1-Eth-Trunk1] mode lacp
[P1-Eth-Trunk1] quit
[P1] interface XGigabitEthernet 1/0/1
[P1-XGigabitEthernet1/0/1] eth-trunk 1
[P1-XGigabitEthernet1/0/1] quit
[P1] interface XGigabitEthernet 2/0/1
[P1-XGigabitEthernet2/0/1] eth-trunk 1
[P1-XGigabitEthernet2/0/1] quit
# 创建Eth-Trunk2,配置Eth-Trunk2的IPv4和IPv6地址,使能LACP,并将接口XGE3/0/0、XGE4/0/0加入Eth-Trunk2。
[P1] interface Eth-Trunk 2
[P1-Eth-Trunk2] undo portswitch
[P1-Eth-Trunk2] description To_P2
[P1-Eth-Trunk2] ip address 1.1.2.9 255.255.255.252
[P1-Eth-Trunk2] ipv6 enable
[P1-Eth-Trunk2] ipv6 address 2001:0:0:4D8::1/64
[P1-Eth-Trunk2] mode lacp
[P1-Eth-Trunk2] quit
[P1] interface XGigabitEthernet 3/0/0
[P1-XGigabitEthernet3/0/0] eth-trunk 2
[P1-XGigabitEthernet3/0/0] quit
[P1] interface XGigabitEthernet 4/0/0
[P1-XGigabitEthernet4/0/0] eth-trunk 2
[P1-XGigabitEthernet4/0/0] quit
# 创建Eth-Trunk3,配置Eth-Trunk3的IPv4和IPv6地址,使能LACP,并将接口XGE3/0/1、XGE4/0/1加入Eth-Trunk3。
[P1] interface Eth-Trunk 3
[P1-Eth-Trunk3] undo portswitch
[P1-Eth-Trunk3] description To_RR1
[P1-Eth-Trunk3] ip address 1.1.2.233 255.255.255.252
[P1-Eth-Trunk3] ipv6 enable
[P1-Eth-Trunk3] ipv6 address 2001:0:0:4D7::1/64
[P1-Eth-Trunk3] mode lacp
[P1-Eth-Trunk3] quit
[P1] interface XGigabitEthernet 3/0/1
[P1-XGigabitEthernet3/0/1] eth-trunk 3
[P1-XGigabitEthernet3/0/1] quit
[P1] interface XGigabitEthernet 4/0/1
[P1-XGigabitEthernet4/0/1] eth-trunk 3
[P1-XGigabitEthernet4/0/1] quit
# 创建Eth-Trunk4,配置Eth-Trunk4的IPv4和IPv6地址,使能LACP,并将接口XGE3/0/2、XGE4/0/2加入Eth-Trunk4。
[P1] interface Eth-Trunk 4
[P1-Eth-Trunk4] undo portswitch
[P1-Eth-Trunk4] description To_RR2
[P1-Eth-Trunk4] ip address 1.1.2.189 255.255.255.252
[P1-Eth-Trunk4] ipv6 enable
[P1-Eth-Trunk4] ipv6 address 2001:0:0:4E2::1/64
[P1-Eth-Trunk4] mode lacp
[P1-Eth-Trunk4] quit
[P1] interface XGigabitEthernet 3/0/2
[P1-XGigabitEthernet3/0/2] eth-trunk 4
[P1-XGigabitEthernet3/0/2] quit
[P1] interface XGigabitEthernet 4/0/2
[P1-XGigabitEthernet4/0/2] eth-trunk 4
[P1-XGigabitEthernet4/0/2] quit
# 创建Eth-Trunk5,配置Eth-Trunk5的IPv4和IPv6地址,使能LACP,并将接口XGE3/0/3、XGE4/0/3加入Eth-Trunk5。
[P1] interface Eth-Trunk 5
[P1-Eth-Trunk5] undo portswitch
[P1-Eth-Trunk5] description To_Router
[P1-Eth-Trunk5] ip address 1.1.2.225 255.255.255.252
[P1-Eth-Trunk5] ipv6 enable
[P1-Eth-Trunk5] ipv6 address 2001:0:0:4D5::1/64
[P1-Eth-Trunk5] mode lacp
[P1-Eth-Trunk5] quit
[P1] interface XGigabitEthernet 3/0/3
[P1-XGigabitEthernet3/0/3] eth-trunk 5
[P1-XGigabitEthernet3/0/3] quit
[P1] interface XGigabitEthernet 4/0/3
[P1-XGigabitEthernet4/0/3] eth-trunk 5
[P1-XGigabitEthernet4/0/3] quit
# 创建Loopback0,配置Loopback0的IPv4和IPv6地址。
[P1] interface LoopBack 0
[P1-LoopBack0] ip address 4.4.4.1 255.255.255.255
[P1-LoopBack0] ipv6 enable
[P1-LoopBack0] ipv6 address 2001::21/128
[P1-LoopBack0] quit
配置OSPFv2和OSPFv3。
# 创建OSPFv2进程1,并指定Router-id,创建Area 0,使能GR,配置密码认证。
[P1] ospf 1 router-id 4.4.4.1
[P1-ospf-1] silent-interface all
[P1-ospf-1] undo silent-interface Eth-Trunk0
[P1-ospf-1] undo silent-interface Eth-Trunk1
[P1-ospf-1] undo silent-interface Eth-Trunk2
[P1-ospf-1] undo silent-interface Eth-Trunk3
[P1-ospf-1] undo silent-interface Eth-Trunk4
[P1-ospf-1] undo silent-interface Eth-Trunk5
[P1-ospf-1] preference 80
[P1-ospf-1] opaque-capability enable
[P1-ospf-1] graceful-restart
[P1-ospf-1] bandwidth-reference 1000000
[P1-ospf-1] enable traffic-adjustment
[P1-ospf-1] area 0.0.0.0
[P1-ospf-1-area-0.0.0.0] authentication-mode hmac-sha256 1 cipher YsHsjx_202206
[P1-ospf-1-area-0.0.0.0] mpls-te enable
[P1-ospf-1-area-0.0.0.0] quit
[P1-ospf-1] quit
# 配置IPSec安全提议和安全联盟。
[P1] ipsec proposal ah
[P1-ipsec-proposal-ah] encapsulation-mode transport
[P1-ipsec-proposal-ah] transform ah
[P1-ipsec-proposal-ah] ah authentication-algorithm sha2-256
[P1-ipsec-proposal-ah] quit
[P1] ipsec sa ospfv3-sa
[P1-ipsec-sa-ospfv3-sa] proposal ah
[P1-ipsec-sa-ospfv3-sa] sa spi inbound ah 256
[P1-ipsec-sa-ospfv3-sa] sa authentication-hex inbound ah cipher 112233445566778899aabbccddeeff00
[P1-ipsec-sa-ospfv3-sa] sa spi outbound ah 256
[P1-ipsec-sa-ospfv3-sa] sa authentication-hex outbound ah cipher aabbccddeeff001100aabbccddeeff00
[P1-ipsec-sa-ospfv3-sa] quit
# 创建OSPFv3进程1,并指定Router-id,使能GR。
[P1] ospfv3 1
[P1-ospfv3-1] router-id 4.4.4.1
[P1-ospfv3-1] bandwidth-reference 1000000
[P1-ospfv3-1] graceful-restart
[P1-ospfv3-1] quit
# 在Loopback0接口下使能OSPFv2和OSPFv3。
[P1] interface LoopBack 0
[P1-LoopBack0] ospf enable 1 area 0.0.0.0
[P1-LoopBack0] ospfv3 1 area 0.0.0.0
[P1-LoopBack0] quit
# 在Eth-Trunk0接口下使能OSPFv2和OSPFv3,类型为P2P。
[P1] interface Eth-Trunk 0
[P1-Eth-Trunk0] ospf enable 1 area 0.0.0.0
[P1-Eth-Trunk0] ospf network-type p2p
[P1-Eth-Trunk0] ospfv3 1 area 0.0.0.0
[P1-Eth-Trunk0] ospfv3 network-type p2p
[P1-Eth-Trunk0] ospfv3 ipsec sa ospfv3-sa
[P1-Eth-Trunk0] quit
# 在Eth-Trunk1接口下使能OSPFv2和OSPFv3,类型为P2P。
[P1] interface Eth-Trunk 1
[P1-Eth-Trunk1] ospf enable 1 area 0.0.0.0
[P1-Eth-Trunk1] ospf network-type p2p
[P1-Eth-Trunk1] ospfv3 1 area 0.0.0.0
[P1-Eth-Trunk1] ospfv3 network-type p2p
[P1-Eth-Trunk1] ospfv3 ipsec sa ospfv3-sa
[P1-Eth-Trunk1] quit
# 在Eth-Trunk2接口下使能OSPFv2和OSPFv3,类型为P2P。
[P1] interface Eth-Trunk 2
[P1-Eth-Trunk2] ospf enable 1 area 0.0.0.0
[P1-Eth-Trunk2] ospf network-type p2p
[P1-Eth-Trunk2] ospfv3 1 area 0.0.0.0
[P1-Eth-Trunk2] ospfv3 network-type p2p
[P1-Eth-Trunk2] ospfv3 ipsec sa ospfv3-sa
[P1-Eth-Trunk2] quit
# 在Eth-Trunk3接口下使能OSPFv2和OSPFv3,类型为P2P。
[P1] interface Eth-Trunk 3
[P1-Eth-Trunk3] ospf enable 1 area 0.0.0.0
[P1-Eth-Trunk3] ospf network-type p2p
[P1-Eth-Trunk3] ospfv3 1 area 0.0.0.0
[P1-Eth-Trunk3] ospfv3 network-type p2p
[P1-Eth-Trunk3] ospfv3 ipsec sa ospfv3-sa
[P1-Eth-Trunk3] quit
# 在Eth-Trunk4接口下使能OSPFv2和OSPFv3,类型为P2P,并且配置相应的OSPF COST值。
[P1] interface Eth-Trunk 4
[P1-Eth-Trunk4] ospf enable 1 area 0.0.0.0
[P1-Eth-Trunk4] ospf network-type p2p
[P1-Eth-Trunk4] ospfv3 1 area 0.0.0.0
[P1-Eth-Trunk4] ospfv3 network-type p2p
[P1-Eth-Trunk4] ospfv3 ipsec sa ospfv3-sa
[P1-Eth-Trunk4] quit
# 在Eth-Trunk5接口下使能OSPFv2和OSPFv3,类型为P2P,并且配置相应的OSPF COST值。
[P1] interface Eth-Trunk 5
[P1-Eth-Trunk5] ospf enable 1 area 0.0.0.0
[P1-Eth-Trunk5] ospf network-type p2p
[P1-Eth-Trunk5] ospfv3 1 area 0.0.0.0
[P1-Eth-Trunk5] ospfv3 network-type p2p
[P1-Eth-Trunk5] ospfv3 ipsec sa ospfv3-sa
[P1-Eth-Trunk5] quit
在全局配置MPLS和RSVP-TE,并且在各个三层接口使能。
# 配置MPLS RSVP-TE,使能全局MPLS。
[P1] mpls lsr-id 4.4.4.1
[P1] mpls
[P1-mpls] mpls te
[P1-mpls] mpls rsvp-te
[P1-mpls] mpls rsvp-te hello
[P1-mpls] mpls rsvp-te srefresh
[P1-mpls] quit
# 建立RSVP邻居节点,且使能MD5验证。
[P1] mpls rsvp-te peer 1.1.1.2
[P1-mpls-rsvp-te-peer-1.1.1.2] mpls rsvp-te authentication cipher YsHsjx_202206
[P1-mpls-rsvp-te-peer-1.1.1.2] quit
[P1] mpls rsvp-te peer 1.1.1.6
[P1-mpls-rsvp-te-peer-1.1.1.6] mpls rsvp-te authentication cipher YsHsjx_202206
[P1-mpls-rsvp-te-peer-1.1.1.6] quit
[P1] mpls rsvp-te peer 1.1.2.10
[P1-mpls-rsvp-te-peer-1.1.2.10] mpls rsvp-te authentication cipher YsHsjx_202206
[P1-mpls-rsvp-te-peer-1.1.2.10] quit
[P1] mpls rsvp-te peer 1.1.2.226
[P1-mpls-rsvp-te-peer-1.1.2.226] mpls rsvp-te authentication cipher YsHsjx_202206
[P1-mpls-rsvp-te-peer-1.1.2.226] quit
# 在连接其他P设备的三层口下使能MPLS和RSVP-TE。
[P1] interface Eth-Trunk 0
[P1-Eth-Trunk0] mpls
[P1-Eth-Trunk0] mpls te
[P1-Eth-Trunk0] mpls rsvp-te
[P1-Eth-Trunk0] mpls rsvp-te hello
[P1-Eth-Trunk0] quit
[P1] interface Eth-Trunk 1
[P1-Eth-Trunk1] mpls
[P1-Eth-Trunk1] mpls te
[P1-Eth-Trunk1] mpls rsvp-te
[P1-Eth-Trunk1] mpls rsvp-te hello
[P1-Eth-Trunk1] quit
[P1] interface Eth-Trunk 2
[P1-Eth-Trunk2] mpls
[P1-Eth-Trunk2] mpls te
[P1-Eth-Trunk2] mpls rsvp-te
[P1-Eth-Trunk2] mpls rsvp-te hello
[P1-Eth-Trunk2] quit
[P1] interface Eth-Trunk 5
[P1-Eth-Trunk5] mpls
[P1-Eth-Trunk5] mpls te
[P1-Eth-Trunk5] mpls rsvp-te
[P1-Eth-Trunk5] mpls rsvp-te hello
[P1-Eth-Trunk5] quit
配置TE隧道的显式路径和TE隧道。
# 配置TE隧道的显式路径。
[P1] explicit-path TO-PE1-1
[P1-explicit-path-TO-PE1-1] next hop 1.1.1.2
[P1-explicit-path-TO-PE1-1] quit
[P1] explicit-path TO-PE1-2
[P1-explicit-path-TO-PE1-2] next hop 1.1.2.10
[P1-explicit-path-TO-PE1-2] next hop 1.1.1.10
[P1-explicit-path-TO-PE1-2] quit
[P1] explicit-path TO-PE2-1
[P1-explicit-path-TO-PE2-1] next hop 1.1.1.6
[P1-explicit-path-TO-PE2-1] quit
[P1] explicit-path TO-PE2-2
[P1-explicit-path-TO-PE2-2] next hop 1.1.2.10
[P1-explicit-path-TO-PE2-2] next hop 1.1.1.14
[P1-explicit-path-TO-PE2-2] quit
# 配置TE隧道。
[P1] interface Tunnel1
[P1-Tunnel1] ip address unnumbered interface LoopBack0
[P1-Tunnel1] tunnel-protocol mpls te
[P1-Tunnel1] destination 4.4.4.143
[P1-Tunnel1] mpls te tunnel-id 1
[P1-Tunnel1] mpls te signalled tunnel-name P1->pe1-1
[P1-Tunnel1] mpls te record-route label
[P1-Tunnel1] mpls te path explicit-path TO-PE1-1
[P1-Tunnel1] mpls te path explicit-path TO-PE1-2 secondary
[P1-Tunnel1] mpls te backup hot-standby
[P1-Tunnel1] mpls te igp shortcut ospf
[P1-Tunnel1] mpls te igp metric absolute 10
[P1-Tunnel1] mpls te reserved-for-binding
[P1-Tunnel1] ospf enable 1 area 0.0.0.0
[P1-Tunnel1] mpls
[P1-Tunnel1] mpls te commit
[P1-Tunnel1] quit
[P1] interface Tunnel2
[P1-Tunnel2] ip address unnumbered interface LoopBack0
[P1-Tunnel2] tunnel-protocol mpls te
[P1-Tunnel2] destination 4.4.4.144
[P1-Tunnel2] mpls te tunnel-id 2
[P1-Tunnel2] mpls te signalled tunnel-name P1->pe2-1
[P1-Tunnel2] mpls te record-route label
[P1-Tunnel2] mpls te path explicit-path TO-PE2-1
[P1-Tunnel2] mpls te path explicit-path TO-PE2-2 secondary
[P1-Tunnel2] mpls te backup hot-standby
[P1-Tunnel2] mpls te igp shortcut ospf
[P1-Tunnel2] mpls te igp metric absolute 10
[P1-Tunnel2] mpls te reserved-for-binding
[P1-Tunnel2] ospf enable 1 area 0.0.0.0
[P1-Tunnel2] mpls
[P1-Tunnel2] mpls te commit
[P1-Tunnel2] quit
配置BGP和BGP4+,与RR1以及RR2建立IBGP peer。
# 启动BGP进程,配置BGP对等体。
[P1] bgp 2519
[P1-bgp] router-id 4.4.4.1
[P1-bgp] graceful-restart
[P1-bgp] group iBGP internal
[P1-bgp] peer iBGP connect-interface LoopBack0
[P1-bgp] peer 4.4.4.27 as-number 2519
[P1-bgp] peer 4.4.4.27 group iBGP
[P1-bgp] peer 4.4.4.27 password cipher YsHsjx_202206
[P1-bgp] peer 4.4.4.28 as-number 2519
[P1-bgp] peer 4.4.4.28 group iBGP
[P1-bgp] peer 4.4.4.28 password cipher YsHsjx_202206
[P1-bgp] peer 2001::15 as-number 2519
[P1-bgp] peer 2001::15 group iBGP
[P1-bgp] peer 2001::15 password cipher YsHsjx_202206
[P1-bgp] peer 2001::16 as-number 2519
[P1-bgp] peer 2001::16 group iBGP
[P1-bgp] peer 2001::16 password cipher YsHsjx_202206
[P1-bgp] ipv4-family unicast
[P1-bgp-af-ipv4] undo synchronization
[P1-bgp-af-ipv4] preference 170 170 130
[P1-bgp-af-ipv4] peer iBGP next-hop-local
[P1-bgp-af-ipv4] peer iBGP advertise-community
[P1-bgp-af-ipv4] quit
# 配置BGP4+对等体。
[P1-bgp] ipv6-family unicast
[P1-bgp-af-ipv6] undo synchronization
[P1-bgp-af-ipv6] preference 170 170 130
[P1-bgp-af-ipv6] peer iBGP enable
[P1-bgp-af-ipv6] peer iBGP next-hop-local
[P1-bgp-af-ipv6] peer iBGP advertise-community
[P1-bgp-af-ipv6] peer 2001::15 enable
[P1-bgp-af-ipv6] peer 2001::15 group iBGP
[P1-bgp-af-ipv6] peer 2001::16 enable
[P1-bgp-af-ipv6] peer 2001::16 group iBGP
[P1-bgp-af-ipv6] quit
[P1-bgp] quit
配置RR1
以下配置以RR1进行举例,RR2的配置与此类似,此处不再赘述。
配置连接各个设备的接口。
# 创建Eth-Trunk0,配置Eth-Trunk0的IPv4和IPv6地址,使能LACP,并将接口XGE1/0/0、XGE2/0/0加入Eth-Trunk0。
<RR1> system-view
[RR1] ipv6
[RR1] interface Eth-Trunk 0
[RR1-Eth-Trunk0] undo portswitch
[RR1-Eth-Trunk0] description To_P1
[RR1-Eth-Trunk0] ip address 1.1.2.234 255.255.255.252
[RR1-Eth-Trunk0] ipv6 enable
[RR1-Eth-Trunk0] ipv6 address 2001:0:0:4D7::2/64
[RR1-Eth-Trunk0] mode lacp
[RR1-Eth-Trunk0] quit
[RR1] interface XGigabitEthernet 1/0/0
[RR1-XGigabitEthernet1/0/0] eth-trunk 0
[RR1-XGigabitEthernet1/0/0] quit
[RR1] interface XGigabitEthernet 2/0/0
[RR1-XGigabitEthernet2/0/0] eth-trunk 0
[RR1-XGigabitEthernet2/0/0] quit
# 创建Eth-Trunk1,配置Eth-Trunk1的IPv4和IPv6地址,使能LACP,并将接口XGE1/0/1、XGE2/0/1加入Eth-Trunk1。
[RR1] interface Eth-Trunk 1
[RR1-Eth-Trunk1] undo portswitch
[RR1-Eth-Trunk1] description To_P2
[RR1-Eth-Trunk1] ip address 1.1.2.238 255.255.255.252
[RR1-Eth-Trunk1] ipv6 enable
[RR1-Eth-Trunk1] ipv6 address 2001:0:0:4D6::2/64
[RR1-Eth-Trunk1] mode lacp
[RR1-Eth-Trunk1] quit
[RR1] interface XGigabitEthernet 1/0/1
[RR1-XGigabitEthernet1/0/1] eth-trunk 1
[RR1-XGigabitEthernet1/0/1] quit
[RR1] interface XGigabitEthernet 2/0/1
[RR1-XGigabitEthernet2/0/1] eth-trunk 1
[RR1-XGigabitEthernet2/0/1] quit
# 创建Loopback0,配置Loopback0的IPv4和IPv6地址。
[RR1] interface LoopBack 0
[RR1-LoopBack0] ip address 4.4.4.27 255.255.255.255
[RR1-LoopBack0] ipv6 enable
[RR1-LoopBack0] ipv6 address 2001::15/128
[RR1-LoopBack0] quit
配置OSPFv2和OSPFv3。
# 创建OSPFv2进程1,并指定Router-id,创建Area 0,使能GR,配置密码认证。
[RR1] ospf 1 router-id 4.4.4.27
[RR1-ospf-1] silent-interface all
[RR1-ospf-1] undo silent-interface Eth-Trunk0
[RR1-ospf-1] undo silent-interface Eth-Trunk1
[RR1-ospf-1] preference 80
[RR1-ospf-1] opaque-capability enable
[RR1-ospf-1] graceful-restart
[RR1-ospf-1] bandwidth-reference 1000000
[RR1-ospf-1] enable traffic-adjustment
[RR1-ospf-1] area 0.0.0.0
[RR1-ospf-1-area-0.0.0.0] authentication-mode hmac-sha256 1 cipher YsHsjx_202206
[RR1-ospf-1-area-0.0.0.0] mpls-te enable
[RR1-ospf-1-area-0.0.0.0] quit
[RR1-ospf-1] quit
# 配置IPSec安全提议和安全联盟。
[RR1] ipsec proposal ah
[RR1-ipsec-proposal-ah] encapsulation-mode transport
[RR1-ipsec-proposal-ah] transform ah
[RR1-ipsec-proposal-ah] ah authentication-algorithm sha2-256
[RR1-ipsec-proposal-ah] quit
[RR1] ipsec sa ospfv3-sa
[RR1-ipsec-sa-ospfv3-sa] proposal ah
[RR1-ipsec-sa-ospfv3-sa] sa spi inbound ah 256
[RR1-ipsec-sa-ospfv3-sa] sa authentication-hex inbound ah cipher 112233445566778899aabbccddeeff00
[RR1-ipsec-sa-ospfv3-sa] sa spi outbound ah 256
[RR1-ipsec-sa-ospfv3-sa] sa authentication-hex outbound ah cipher aabbccddeeff001100aabbccddeeff00
[RR1-ipsec-sa-ospfv3-sa] quit
# 创建OSPFv3进程1,并指定Router-id,使能GR。
[RR1] ospfv3 1
[RR1-ospfv3-1] router-id 4.4.4.27
[RR1-ospfv3-1] bandwidth-reference 1000000
[RR1-ospfv3-1] graceful-restart
[RR1-ospfv3-1] quit
# 在Loopback0接口下使能OSPFv2和OSPFv3。
[RR1] interface LoopBack 0
[RR1-LoopBack0] ospf enable 1 area 0.0.0.0
[RR1-LoopBack0] ospfv3 1 area 0.0.0.0
[RR1-LoopBack0] quit
# 在Eth-Trunk0接口下使能OSPFv2和OSPFv3,类型为P2P,并且配置相应的OSPF COST值。
[RR1] interface Eth-Trunk 0
[RR1-Eth-Trunk0] ospf enable 1 area 0.0.0.0
[RR1-Eth-Trunk0] ospf network-type p2p
[RR1-Eth-Trunk0] ospf cost 10000
[RR1-Eth-Trunk0] ospfv3 1 area 0.0.0.0
[RR1-Eth-Trunk0] ospfv3 network-type p2p
[RR1-Eth-Trunk0] ospfv3 cost 10000
[RR1-Eth-Trunk0] ospfv3 ipsec sa ospfv3-sa
[RR1-Eth-Trunk0] quit
# 在Eth-Trunk1接口下使能OSPFv2和OSPFv3,类型为P2P,并且配置相应的OSPF COST值。
[RR1] interface Eth-Trunk 1
[RR1-Eth-Trunk1] ospf enable 1 area 0.0.0.0
[RR1-Eth-Trunk1] ospf network-type p2p
[RR1-Eth-Trunk1] ospf cost 1000
[RR1-Eth-Trunk1] ospfv3 1 area 0.0.0.0
[RR1-Eth-Trunk1] ospfv3 network-type p2p
[RR1-Eth-Trunk1] ospfv3 cost 1000
[RR1-Eth-Trunk1] ospfv3 ipsec sa ospfv3-sa
[RR1-Eth-Trunk1] quit
配置BGP和BGP4+,与各网元建立IBGP peer。
# 启动BGP进程,配置BGP对等体。
[RR1] bgp 2519
[RR1-bgp] router-id 4.4.4.27
[RR1-bgp] graceful-restart
[RR1-bgp] group iBGP internal
[RR1-bgp] peer iBGP connect-interface LoopBack0
[RR1-bgp] peer 4.4.4.1 as-number 2519
[RR1-bgp] peer 4.4.4.1 group iBGP
[RR1-bgp] peer 4.4.4.1 password cipher YsHsjx_202206
[RR1-bgp] peer 4.4.4.2 as-number 2519
[RR1-bgp] peer 4.4.4.2 group iBGP
[RR1-bgp] peer 4.4.4.2 password cipher YsHsjx_202206
[RR1-bgp] peer 4.4.4.39 as-number 2519
[RR1-bgp] peer 4.4.4.39 group iBGP
[RR1-bgp] peer 4.4.4.39 password cipher YsHsjx_202206
[RR1-bgp] peer 4.4.4.143 as-number 2519
[RR1-bgp] peer 4.4.4.143 group iBGP
[RR1-bgp] peer 4.4.4.143 password cipher YsHsjx_202206
[RR1-bgp] peer 4.4.4.144 as-number 2519
[RR1-bgp] peer 4.4.4.144 group iBGP
[RR1-bgp] peer 4.4.4.144 password cipher YsHsjx_202206
[RR1-bgp] peer 2001::149 as-number 2519
[RR1-bgp] peer 2001::149 group iBGP
[RR1-bgp] peer 2001::149 password cipher YsHsjx_202206
[RR1-bgp] peer 2001::14A as-number 2519
[RR1-bgp] peer 2001::14A group iBGP
[RR1-bgp] peer 2001::14A password cipher YsHsjx_202206
[RR1-bgp] peer 2001::21 as-number 2519
[RR1-bgp] peer 2001::21 group iBGP
[RR1-bgp] peer 2001::21 password cipher YsHsjx_202206
[RR1-bgp] peer 2001::22 as-number 2519
[RR1-bgp] peer 2001::22 group iBGP
[RR1-bgp] peer 2001::22 password cipher YsHsjx_202206
[RR1-bgp] peer 2001::31 as-number 2519
[RR1-bgp] peer 2001::31 group iBGP
[RR1-bgp] peer 2001::31 password cipher YsHsjx_202206
[RR1-bgp] ipv4-family unicast
[RR1-bgp-af-ipv4] undo synchronization
[RR1-bgp-af-ipv4] reflector cluster-id 2519
[RR1-bgp-af-ipv4] peer iBGP advertise-community
[RR1-bgp-af-ipv4] peer 4.4.4.1 reflect-client
[RR1-bgp-af-ipv4] peer 4.4.4.2 reflect-client
[RR1-bgp-af-ipv4] peer 4.4.4.39 reflect-client
[RR1-bgp-af-ipv4] peer 4.4.4.143 reflect-client
[RR1-bgp-af-ipv4] peer 4.4.4.144 reflect-client
[RR1-bgp-af-ipv4] quit
# 配置BGP4+对等体。
[RR1-bgp] ipv6-family unicast
[RR1-bgp-af-ipv6] undo synchronization
[RR1-bgp-af-ipv6] preference 170 170 130
[RR1-bgp-af-ipv6] reflector cluster-id 2519
[RR1-bgp-af-ipv6] peer iBGP enable
[RR1-bgp-af-ipv6] peer iBGP next-hop-local
[RR1-bgp-af-ipv6] peer iBGP advertise-community
[RR1-bgp-af-ipv6] peer 2001::149 enable
[RR1-bgp-af-ipv6] peer 2001::149 group iBGP
[RR1-bgp-af-ipv6] peer 2001::149 reflect-client
[RR1-bgp-af-ipv6] peer 2001:0::150 enable
[RR1-bgp-af-ipv6] peer 2001:0::150 group iBGP
[RR1-bgp-af-ipv6] peer 2001:0::150 reflect-client
[RR1-bgp-af-ipv6] peer 2001::21 enable
[RR1-bgp-af-ipv6] peer 2001::21 group iBGP
[RR1-bgp-af-ipv6] peer 2001::21 reflect-client
[RR1-bgp-af-ipv6] peer 2001::22 enable
[RR1-bgp-af-ipv6] peer 2001::22 group iBGP
[RR1-bgp-af-ipv6] peer 2001::22 reflect-client
[RR1-bgp-af-ipv6] peer 2001::31 enable
[RR1-bgp-af-ipv6] peer 2001::31 group iBGP
[RR1-bgp-af-ipv6] peer 2001::31 reflect-client
[RR1-bgp-af-ipv6] quit
[RR1-bgp] quit
配置Router
配置连接各个设备的接口。
# 创建Eth-Trunk0,配置Eth-Trunk0的IPv4和IPv6地址,使能LACP,并将接口XGE1/0/0、XGE2/0/0加入Eth-Trunk0。
<Router> system-view
[Router] ipv6
[Router] interface Eth-Trunk 0
[Router-Eth-Trunk0] undo portswitch
[Router-Eth-Trunk0] description To_P1
[Router-Eth-Trunk0] ip address 1.1.2.226 255.255.255.252
[Router-Eth-Trunk0] ipv6 enable
[Router-Eth-Trunk0] ipv6 address 2001:0:0:4D5::2/64
[Router-Eth-Trunk0] mode lacp
[Router-Eth-Trunk0] quit
[Router] interface XGigabitEthernet 1/0/0
[Router-XGigabitEthernet1/0/0] Eth-Trunk 0
[Router-XGigabitEthernet1/0/0] quit
[Router] interface XGigabitEthernet 2/0/0
[Router-XGigabitEthernet2/0/0] eth-trunk 0
[Router-XGigabitEthernet2/0/0] quit
# 创建Eth-Trunk1,配置Eth-Trunk1的IPv4和IPv6地址,使能LACP,并将接口XGE1/0/1、XGE2/0/1加入Eth-Trunk1。
[Router] interface Eth-Trunk 1
[Router-Eth-Trunk1] undo portswitch
[Router-Eth-Trunk1] description To_P2
[Router-Eth-Trunk1] ip address 1.1.2.230 255.255.255.252
[Router-Eth-Trunk1] ipv6 enable
[Router-Eth-Trunk1] ipv6 address 2001:0:0:4D4::2/64
[Router-Eth-Trunk1] mode lacp
[Router-Eth-Trunk1] quit
[Router] interface XGigabitEthernet 1/0/1
[Router-XGigabitEthernet1/0/1] eth-trunk 1
[Router-XGigabitEthernet1/0/1] quit
[Router] interface XGigabitEthernet 2/0/1
[Router-XGigabitEthernet2/0/1] eth-trunk 1
[Router-XGigabitEthernet2/0/1] quit
# 创建Loopback0,配置Loopback0的IPv4和IPv6地址。
[Router] interface LoopBack 0
[Router-LoopBack0] ip address 4.4.4.39 255.255.255.255
[Router-LoopBack0] ipv6 enable
[Router-LoopBack0] ipv6 address 2001::31/128
[Router-LoopBack0] quit
配置OSPFv2和OSPFv3。
# 创建OSPFv2进程1,并指定Router-id,创建Area 0,使能GR,配置密码认证。
[Router] ospf 1 router-id 4.4.4.39
[Router-ospf-1] silent-interface all
[Router-ospf-1] undo silent-interface Eth-Trunk0
[Router-ospf-1] undo silent-interface Eth-Trunk1
[Router-ospf-1] default-route-advertise always
[Router-ospf-1] preference 80
[Router-ospf-1] opaque-capability enable
[Router-ospf-1] graceful-restart
[Router-ospf-1] bandwidth-reference 1000000
[Router-ospf-1] enable traffic-adjustment
[Router-ospf-1] area 0.0.0.0
[Router-ospf-1-area-0.0.0.0] authentication-mode hmac-sha256 1 cipher YsHsjx_202206
[Router-ospf-1-area-0.0.0.0] mpls-te enable
[Router-ospf-1-area-0.0.0.0] quit
[Router-ospf-1] quit
# 配置IPSec安全提议和安全联盟。
[Router] ipsec proposal ah
[Router-ipsec-proposal-ah] encapsulation-mode transport
[Router-ipsec-proposal-ah] transform ah
[Router-ipsec-proposal-ah] ah authentication-algorithm sha2-256
[Router-ipsec-proposal-ah] quit
[Router] ipsec sa ospfv3-sa
[Router-ipsec-sa-ospfv3-sa] proposal ah
[Router-ipsec-sa-ospfv3-sa] sa spi inbound ah 256
[Router-ipsec-sa-ospfv3-sa] sa authentication-hex inbound ah cipher 112233445566778899aabbccddeeff00
[Router-ipsec-sa-ospfv3-sa] sa spi outbound ah 256
[Router-ipsec-sa-ospfv3-sa] sa authentication-hex outbound ah cipher aabbccddeeff001100aabbccddeeff00
[Router-ipsec-sa-ospfv3-sa] quit
# 创建OSPFv3进程1,并指定Router-id,使能GR。
[Router] ospfv3 1
[Router-ospfv3-1] router-id 4.4.4.39
[Router-ospfv3-1] bandwidth-reference 1000000
[Router-ospfv3-1] graceful-restart
[Router-ospfv3-1] default-route-advertise always
[Router-ospfv3-1] quit
# 在Loopback0接口下使能OSPFv2和OSPFv3。
[Router] interface LoopBack 0
[Router-LoopBack0] ospf enable 1 area 0.0.0.0
[Router-LoopBack0] ospfv3 1 area 0.0.0.0
[Router-LoopBack0] quit
# 在Eth-Trunk0接口下使能OSPFv2和OSPFv3,类型为P2P。
[Router] interface Eth-Trunk 0
[Router-Eth-Trunk0] ospf enable 1 area 0.0.0.0
[Router-Eth-Trunk0] ospf network-type p2p
[Router-Eth-Trunk0] ospfv3 1 area 0.0.0.0
[Router-Eth-Trunk0] ospfv3 network-type p2p
[Router-Eth-Trunk0] ospfv3 ipsec sa ospfv3-sa
[Router-Eth-Trunk0] quit
# 在Eth-Trunk1接口下使能OSPFv2和OSPFv3,类型为P2P。
[Router] interface Eth-Trunk 1
[Router-Eth-Trunk1] ospf enable 1 area 0.0.0.0
[Router-Eth-Trunk1] ospf network-type p2p
[Router-Eth-Trunk1] ospfv3 1 area 0.0.0.0
[Router-Eth-Trunk1] ospfv3 network-type p2p
[Router-Eth-Trunk1] ospfv3 ipsec sa ospfv3-sa
[Router-Eth-Trunk1] quit
在全局配置MPLS和RSVP-TE,并且在各个三层接口使能。
# 配置MPLS RSVP-TE,使能全局MPLS。
[Router] mpls lsr-id 4.4.4.39
[Router] mpls
[Router-mpls] mpls te
[Router-mpls] mpls rsvp-te
[Router-mpls] mpls rsvp-te hello
[Router-mpls] mpls rsvp-te srefresh
[Router-mpls] quit
# 建立RSVP邻居节点,且使能MD5验证。
[Router] mpls rsvp-te peer 1.1.2.225
[Router-mpls-rsvp-te-peer-1.1.2.225] mpls rsvp-te authentication cipher YsHsjx_202206
[Router-mpls-rsvp-te-peer-1.1.2.225] quit
[Router] mpls rsvp-te peer 1.1.2.229
[Router-mpls-rsvp-te-peer-1.1.2.229] mpls rsvp-te authentication cipher YsHsjx_202206
[Router-mpls-rsvp-te-peer-1.1.2.229] quit
# 在连接其他P设备的三层口下使能MPLS和RSVP-TE。
[Router] interface Eth-Trunk 0
[Router-Eth-Trunk0] mpls
[Router-Eth-Trunk0] mpls te
[Router-Eth-Trunk0] mpls rsvp-te
[Router-Eth-Trunk0] mpls rsvp-te hello
[Router-Eth-Trunk0] quit
[Router] interface Eth-Trunk 1
[Router-Eth-Trunk1] mpls
[Router-Eth-Trunk1] mpls te
[Router-Eth-Trunk1] mpls rsvp-te
[Router-Eth-Trunk1] mpls rsvp-te hello
[Router-Eth-Trunk1] quit
配置TE隧道的显式路径和TE隧道。
# 配置TE隧道的显式路径。
[Router] explicit-path TO-PE1-1
[Router-explicit-path-TO-PE1-1] next hop 1.1.2.225
[Router-explicit-path-TO-PE1-1] next hop 1.1.1.2
[Router-explicit-path-TO-PE1-1] quit
[Router] explicit-path TO-PE1-2
[Router-explicit-path-TO-PE1-2] next hop 1.1.2.229
[Router-explicit-path-TO-PE1-2] next hop 1.1.1.10
[Router-explicit-path-TO-PE1-2] quit
[Router] explicit-path TO-PE2-1
[Router-explicit-path-TO-PE2-1] next hop 1.1.2.225
[Router-explicit-path-TO-PE2-1] next hop 1.1.1.6
[Router-explicit-path-TO-PE2-1] quit
[Router] explicit-path TO-PE2-2
[Router-explicit-path-TO-PE2-2] next hop 1.1.2.229
[Router-explicit-path-TO-PE2-2] next hop 1.1.1.14
[Router-explicit-path-TO-PE2-2] quit
# 配置TE隧道。
[Router] interface Tunnel1
[Router-Tunnel1] ip address unnumbered interface LoopBack0
[Router-Tunnel1] tunnel-protocol mpls te
[Router-Tunnel1] destination 4.4.4.143
[Router-Tunnel1] mpls te tunnel-id 1
[Router-Tunnel1] mpls te signalled tunnel-name router->pe1-1
[Router-Tunnel1] mpls te record-route label
[Router-Tunnel1] mpls te path explicit-path TO-PE1-1
[Router-Tunnel1] mpls te path explicit-path TO-PE1-2 secondary
[Router-Tunnel1] mpls te backup hot-standby
[Router-Tunnel1] mpls te igp shortcut ospf
[Router-Tunnel1] mpls te igp metric absolute 10
[Router-Tunnel1] mpls te reserved-for-binding
[Router-Tunnel1] ospf enable 1 area 0.0.0.0
[Router-Tunnel1] mpls
[Router-Tunnel1] mpls te commit
[Router-Tunnel1] quit
[Router] interface Tunnel2
[Router-Tunnel2] ip address unnumbered interface LoopBack0
[Router-Tunnel2] tunnel-protocol mpls te
[Router-Tunnel2] destination 4.4.4.144
[Router-Tunnel2] mpls te tunnel-id 2
[Router-Tunnel2] mpls te signalled tunnel-name router->pe2-1
[Router-Tunnel2] mpls te record-route label
[Router-Tunnel2] mpls te path explicit-path TO-PE2-1
[Router-Tunnel2] mpls te path explicit-path TO-PE2-2 secondary
[Router-Tunnel2] mpls te backup hot-standby
[Router-Tunnel2] mpls te igp shortcut ospf
[Router-Tunnel2] mpls te igp metric absolute 10
[Router-Tunnel2] mpls te reserved-for-binding
[Router-Tunnel2] ospf enable 1 area 0.0.0.0
[Router-Tunnel2] mpls
[Router-Tunnel2] mpls te commit
[Router-Tunnel2] quit
配置BGP和BGP4+,与RR1以及RR2建立IBGP peer。
# 启动BGP进程,配置BGP对等体。
[Router] bgp 2519
[Router-bgp] router-id 4.4.4.39
[Router-bgp] graceful-restart
[Router-bgp] group iBGP internal
[Router-bgp] peer iBGP connect-interface LoopBack0
[Router-bgp] peer 4.4.4.27 as-number 2519
[Router-bgp] peer 4.4.4.27 group iBGP
[Router-bgp] peer 4.4.4.27 password cipher YsHsjx_202206
[Router-bgp] peer 4.4.4.28 as-number 2519
[Router-bgp] peer 4.4.4.28 group iBGP
[Router-bgp] peer 4.4.4.28 password cipher YsHsjx_202206
[Router-bgp] peer 2001::15 as-number 2519
[Router-bgp] peer 2001::15 group iBGP
[Router-bgp] peer 2001::15 password cipher YsHsjx_202206
[Router-bgp] peer 2001::16 as-number 2519
[Router-bgp] peer 2001::16 group iBGP
[Router-bgp] peer 2001::16 password cipher YsHsjx_202206
[Router-bgp] ipv4-family unicast
[Router-bgp-af-ipv4] undo synchronization
[Router-bgp-af-ipv4] preference 170 170 130
[Router-bgp-af-ipv4] peer iBGP next-hop-local
[Router-bgp-af-ipv4] peer iBGP advertise-community
[Router-bgp-af-ipv4] quit
# 配置BGP4+对等体。
[Router-bgp] ipv6-family unicast
[Router-bgp-af-ipv6] undo synchronization
[Router-bgp-af-ipv6] preference 170 170 130
[Router-bgp-af-ipv6] peer iBGP enable
[Router-bgp-af-ipv6] peer iBGP next-hop-local
[Router-bgp-af-ipv6] peer iBGP advertise-community
[Router-bgp-af-ipv6] peer 2001::15 enable
[Router-bgp-af-ipv6] peer 2001::15 group iBGP
[Router-bgp-af-ipv6] peer 2001::16 enable
[Router-bgp-af-ipv6] peer 2001::16 group iBGP
[Router-bgp-af-ipv6] quit
[Router-bgp] quit
配置SW1
配置连接各个设备的接口。
# 创建Eth-Trunk0,配置Eth-Trunk0的IPv4地址,使能LACP,并将接口XGE0/0/1、XGE0/0/2加入Eth-Trunk0。
<SW1> system-view
[SW1] interface Eth-Trunk 0
[SW1-Eth-Trunk0] undo portswitch
[SW1-Eth-Trunk0] description To_PE1
[SW1-Eth-Trunk0] ip address 2.2.2.206 255.255.255.252
[SW1-Eth-Trunk0] mode lacp
[SW1-Eth-Trunk0] quit
[SW1] interface XGigabitEthernet 0/0/1
[SW1-XGigabitEthernet0/0/1] eth-trunk 0
[SW1-XGigabitEthernet0/0/1] quit
[SW1] interface XGigabitEthernet 0/0/2
[SW1-XGigabitEthernet0/0/2] eth-trunk 0
[SW1-XGigabitEthernet0/0/2] quit
# 创建Eth-Trunk1,配置Eth-Trunk1的IPv4,使能LACP,并将接口XGE0/0/3、XGE0/0/4加入Eth-Trunk1。
[SW1] interface Eth-Trunk 1
[SW1-Eth-Trunk1] undo portswitch
[SW1-Eth-Trunk1] description To_PE2
[SW1-Eth-Trunk1] ip address 2.2.2.254 255.255.255.252
[SW1-Eth-Trunk1] mode lacp
[SW1-Eth-Trunk1] quit
[SW1] interface XGigabitEthernet 0/0/3
[SW1-XGigabitEthernet0/0/3] eth-trunk 1
[SW1-XGigabitEthernet0/0/3] quit
[SW1] interface XGigabitEthernet 0/0/4
[SW1-XGigabitEthernet0/0/4] eth-trunk 1
[SW1-XGigabitEthernet0/0/4] quit
# 创建VLANIF300,配置VLANIF300的地址。
[SW1] vlan batch 300
[SW1] interface Vlanif300
[SW1-Vlanif300] ip address 5.5.5.1 255.255.255.0
[SW1-Vlanif300] quit
# 创建Eth-Trunk2,使能LACP,并将接口XGE0/0/5、XGE0/0/6加入Eth-Trunk2。
[SW1] interface Eth-Trunk 2
[SW1-Eth-Trunk2] port link-type trunk
[SW1-Eth-Trunk2] undo port trunk allow-pass vlan 1
[SW1-Eth-Trunk2] port trunk allow-pass vlan 300
[SW1-Eth-Trunk2] mode lacp
[SW1-Eth-Trunk2] quit
[SW1] interface XGigabitEthernet 0/0/5
[SW1-XGigabitEthernet0/0/5] eth-trunk 2
[SW1-XGigabitEthernet0/0/5] quit
[SW1] interface XGigabitEthernet 0/0/6
[SW1-XGigabitEthernet0/0/6] eth-trunk 2
[SW1-XGigabitEthernet0/0/6] quit
配置BGP,与PE建立EBGP peer。
# 启动BGP进程,配置BGP对等体。
[SW1] bgp 64901
[SW1-bgp] graceful-restart
[SW1-bgp] group eBGP1 external
[SW1-bgp] peer eBGP1 connect-interface Eth-Trunk0
[SW1-bgp] peer 2.2.2.205 as-number 2519
[SW1-bgp] peer 2.2.2.205 group eBGP1
[SW1-bgp] peer 2.2.2.205 password cipher YsHsjx_202206
[SW1-bgp] group eBGP2 external
[SW1-bgp] peer eBGP2 connect-interface Eth-Trunk1
[SW1-bgp] peer 2.2.2.253 as-number 2519
[SW1-bgp] peer 2.2.2.253 group eBGP2
[SW1-bgp] peer 2.2.2.253 password cipher YsHsjx_202206
[SW1-bgp-af-ipv4] ipv4-family unicast
[SW1-bgp-af-ipv4] undo synchronization
[SW1-bgp-af-ipv4] network 5.5.5.0 255.255.255.0
[SW1-bgp-af-ipv4] quit
[SW1-bgp] quit
配置SW2
配置连接各个设备的接口。
# 创建VLANIF100和VLANIF200,并配置VLANIF100和VLANIF200的地址。
<SW2> system-view
[SW2] vlan batch 100 200
[SW2] interface Vlanif100
[SW2-Vlanif100] ip address 3.3.3.116 255.255.255.248
[SW2-Vlanif100] quit
[SW2] interface Vlanif200
[SW2-Vlanif200] ip address 6.6.6.1 255.255.255.0
[SW2-Vlanif200] quit
# 创建Eth-Trunk0,使能LACP,并将接口XGE0/0/1、XGE0/0/2加入Eth-Trunk0。
[SW2] interface Eth-Trunk 0
[SW2-Eth-Trunk0] port link-type trunk
[SW2-Eth-Trunk0] undo port trunk allow-pass vlan 1
[SW2-Eth-Trunk0] port trunk allow-pass vlan 100
[SW2-Eth-Trunk0] stp disable
[SW2-Eth-Trunk0] mode lacp
[SW2-Eth-Trunk0] quit
[SW2] interface XGigabitEthernet 0/0/1
[SW2-XGigabitEthernet0/0/1] eth-trunk 0
[SW2-XGigabitEthernet0/0/1] quit
[SW2] interface XGigabitEthernet 0/0/2
[SW2-XGigabitEthernet0/0/2] eth-trunk 0
[SW2-XGigabitEthernet0/0/2] quit
# 创建Eth-Trunk1,使能LACP,并将接口XGE0/0/3、XGE0/0/4加入Eth-Trunk1。
[SW2] interface Eth-Trunk 1
[SW2-Eth-Trunk1] port link-type trunk
[SW2-Eth-Trunk1] undo port trunk allow-pass vlan 1
[SW2-Eth-Trunk1] port trunk allow-pass vlan 100
[SW2-Eth-Trunk1] stp disable
[SW2-Eth-Trunk1] mode lacp
[SW2-Eth-Trunk1] quit
[SW2] interface XGigabitEthernet 0/0/3
[SW2-XGigabitEthernet0/0/3] eth-trunk 1
[SW2-XGigabitEthernet0/0/3] quit
[SW2] interface XGigabitEthernet 0/0/4
[SW2-XGigabitEthernet0/0/4] eth-trunk 1
[SW2-XGigabitEthernet0/0/4] quit
# 创建Eth-Trunk2,使能LACP,并将接口XGE0/0/5、XGE0/0/6加入Eth-Trunk2。
[SW2] interface Eth-Trunk 2
[SW2-Eth-Trunk2] port link-type trunk
[SW2-Eth-Trunk2] undo port trunk allow-pass vlan 1
[SW2-Eth-Trunk2] port trunk allow-pass vlan 200
[SW2-Eth-Trunk2] stp disable
[SW2-Eth-Trunk2] mode lacp
[SW2-Eth-Trunk2] quit
[SW2] interface XGigabitEthernet 0/0/5
[SW2-XGigabitEthernet0/0/5] eth-trunk 2
[SW2-XGigabitEthernet0/0/5] quit
[SW2] interface XGigabitEthernet 0/0/6
[SW2-XGigabitEthernet0/0/6] eth-trunk 2
[SW2-XGigabitEthernet0/0/6] quit
# 配置静态路由
[SW2] ip route-static 0.0.0.0 0.0.0.0 Vlanif100 3.3.3.113
结果验证
在“企业客户1”和“企业客户2”处连接测试仪,模拟用户,分别为DeviceA、DeviceB。
DeviceA可以分别Ping通Device B、P设备和远端Router设备。
DeviceB可以分别Ping通Device A、P设备和远端Router设备。
配置文件
SW1
SW2
#
sysname SW1
#
vlan batch 300
#
interface Vlanif300
ip address 5.5.5.1 255.255.255.0
#
interface Eth-Trunk0
undo portswitch
description To_PE1
ip address 2.2.2.206 255.255.255.252
mode lacp
#
interface Eth-Trunk1
undo portswitch
description To_PE2
ip address 2.2.2.254 255.255.255.252
mode lacp
#
interface Eth-Trunk2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 300
mode lacp
#
interface XGigabitEthernet0/0/1
eth-trunk 0
#
interface XGigabitEthernet0/0/2
eth-trunk 0
#
interface XGigabitEthernet0/0/3
eth-trunk 1
#
interface XGigabitEthernet0/0/4
eth-trunk 1
#
interface XGigabitEthernet0/0/5
eth-trunk 2
#
interface XGigabitEthernet1/0/6
eth-trunk 2
#
bgp 64901
graceful-restart
group eBGP1 external
peer eBGP1 connect-interface Eth-Trunk1
peer 2.2.2.205 as-number 2519
peer 2.2.2.205 group eBGP1
peer 2.2.2.205 password cipher %^%#r-cY&8yb<(u#B}3bmEoRd6qkX.GNMPEiY2D^bV*A%^%#
group eBGP2 external
peer eBGP2 connect-interface Eth-Trunk0
peer 2.2.2.253 as-number 2519
peer 2.2.2.253 group eBGP2
peer 2.2.2.253 password cipher %^%#r-cY&8yb<(u#B}3bmEoRd6qkX.GNMPEiY2D^bV*A%^%#
#
ipv4-family unicast
undo synchronization
network 5.5.5.0 255.255.255.0
peer eBGP1 enable
peer 2.2.2.205 enable
peer 2.2.2.205 group eBGP1
peer eBGP2 enable
peer 2.2.2.253 enable
peer 2.2.2.253 group eBGP2
#
return
#
sysname SW2
#
vlan batch 100 200
#
interface Vlanif100
ip address 3.3.3.116 255.255.255.248
#
interface Vlanif200
ip address 6.6.6.1 255.255.255.0
#
interface Eth-Trunk0
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 100
stp disable
mode lacp
#
interface Eth-Trunk1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 100
stp disable
mode lacp
#
interface Eth-Trunk2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 200
stp disable
mode lacp
#
interface XGigabitEthernet0/0/1
eth-trunk 0
#
interface XGigabitEthernet0/0/2
eth-trunk 0
#
interface XGigabitEthernet0/0/3
eth-trunk 1
#
interface XGigabitEthernet0/0/4
eth-trunk 1
#
interface XGigabitEthernet0/0/5
eth-trunk 2
#
interface XGigabitEthernet1/0/6
eth-trunk 2
#
ip route-static 0.0.0.0 0.0.0.0 Vlanif100 3.3.3.113
#
return
PE1
PE2
#
sysname PE1
#
ipv6
#
mpls lsr-id 4.4.4.143
mpls
mpls te
mpls rsvp-te
mpls rsvp-te hello
mpls rsvp-te srefresh
#
explicit-path TO-P1-1
next hop 1.1.1.1
#
explicit-path TO-P1-2
next hop 1.1.1.9
next hop 1.1.2.9
#
explicit-path TO-P2-1
next hop 1.1.1.9
#
explicit-path TO-P2-2
next hop 1.1.1.1
next hop 1.1.2.10
#
explicit-path TO-PE2-1
next hop 1.1.1.1
next hop 1.1.1.6
#
explicit-path TO-PE2-2
next hop 1.1.1.9
next hop 1.1.1.14
#
explicit-path TO-ROUTER-1
next hop 1.1.1.1
next hop 1.1.2.226
#
explicit-path TO-ROUTER-2
next hop 1.1.1.9
next hop 1.1.2.230
#
mpls rsvp-te peer 1.1.1.1
mpls rsvp-te authentication cipher %^%#r-cY&8yb<(u#B}3bmEoRd6qkX.GNMPEiY2D^bV*A%^%#
#
mpls rsvp-te peer 1.1.1.9
mpls rsvp-te authentication cipher %^%#r-cY&8yb<(u#B}3bmEoRd6qkX.GNMPEiY2D^bV*A%^%#
#
ipsec proposal ah
encapsulation-mode transport
transform ah
ah authentication-algorithm sha2-256
#
ipsec sa ospfv3-sa
proposal ah
sa spi inbound ah 256
sa authentication-hex inbound ah cipher %^%#Hs`fE9Kd_92D<#M^CGDSwqjQFrgB~@q,\&NzzsD,xF>0UP%>5+H&q6Vj8ilG%^%#
sa spi outbound ah 256
sa authentication-hex outbound ah cipher %^%#"sFYHYf[9Mz|GW;ko4d<`%DjK-OBR$^<Dt!Hx#FYZ:oDR:\BEGkIsK$LtsnQ%^%#
#
ospfv3 1
router-id 4.4.4.143
bandwidth-reference 1000000
graceful-restart
#
interface Eth-Trunk0
undo portswitch
description To_P1
ipv6 enable
ip address 1.1.1.2 255.255.255.252
ipv6 address 2001:0:0:4D9::2/64
ospfv3 1 area 0.0.0.0
ospfv3 network-type p2p
ospfv3 ipsec sa ospfv3-sa
ospf network-type p2p
ospf enable 1 area 0.0.0.0
mpls
mpls te
mpls rsvp-te
mpls rsvp-te hello
more lacp
#
interface Eth-Trunk1
undo portswitch
description To_P2
ipv6 enable
ip address 1.1.1.10 255.255.255.252
ipv6 address 2001:0:0:4DB::2/64
ospfv3 1 area 0.0.0.0
ospfv3 network-type p2p
ospfv3 ipsec sa ospfv3-sa
ospf network-type p2p
ospf enable 1 area 0.0.0.0
mpls
mpls te
mpls rsvp-te
mpls rsvp-te hello
more lacp
#
interface Eth-Trunk2
undo portswitch
description To_SW1
ip address 2.2.2.205 255.255.255.252
ospf network-type p2p
ospf enable 1 area 0.0.0.0
mode lacp
#
interface Eth-Trunk3
undo portswitch
description To_SW2
ip address 3.3.3.114 255.255.255.248
vrrp vrid 1 virtual-ip 3.3.3.113
vrrp vrid 1 priority 150
vrrp vrid 1 preempt-mode timer delay 120
vrrp vrid 1 track interface Eth-Trunk0 reduced 30
vrrp vrid 1 track interface Eth-Trunk1 reduced 30
vrrp vrid 1 authentication-mode md5 %^%#r-cY&8yb<(u#B}3bmEoRd6qkX.GNMPEiY2D^bV*A%^%#
ospf cost 10000
ospf enable 1 area 0.0.0.0
mode lacp
#
interface XGigabitEthernet1/0/0
eth-trunk 0
#
interface XGigabitEthernet1/0/1
eth-trunk 1
#
interface XGigabitEthernet2/0/0
eth-trunk 0
#
interface XGigabitEthernet2/0/1
eth-trunk 1
#
interface XGigabitEthernet3/0/0
eth-trunk 2
#
interface XGigabitEthernet3/0/1
eth-trunk 3
#
interface XGigabitEthernet4/0/0
eth-trunk 2
#
interface XGigabitEthernet4/0/1
eth-trunk 3
#
interface LoopBack0
ipv6 enable
ip address 4.4.4.143 255.255.255.255
ipv6 address 2001::149/128
ospfv3 1 area 0.0.0.0
ospf enable 1 area 0.0.0.0
#
interface Tunnel1
ip address unnumbered interface LoopBack0
tunnel-protocol mpls te
destination 4.4.4.1
mpls te tunnel-id 1
mpls te signalled tunnel-name pe1->P1-1
mpls te record-route label
mpls te path explicit-path TO-P1-1
mpls te path explicit-path TO-P1-2 secondary
mpls te backup hot-standby
mpls te igp shortcut ospf
mpls te igp metric absolute 10
mpls te reserved-for-binding
mpls te commit
ospf enable 1 area 0.0.0.0
mpls
#
interface Tunnel2
ip address unnumbered interface LoopBack0
tunnel-protocol mpls te
destination 4.4.4.2
mpls te tunnel-id 2
mpls te signalled tunnel-name pe1->P2-1
mpls te record-route label
mpls te path explicit-path TO-P2-1
mpls te path explicit-path TO-P2-2 secondary
mpls te backup hot-standby
mpls te igp shortcut ospf
mpls te igp metric absolute 10
mpls te reserved-for-binding
mpls te commit
ospf enable 1 area 0.0.0.0
mpls
#
interface Tunnel3
ip address unnumbered interface LoopBack0
tunnel-protocol mpls te
destination 4.4.4.39
mpls te tunnel-id 19
mpls te signalled tunnel-name pe1->router-1
mpls te record-route label
mpls te path explicit-path TO-ROUTER-1
mpls te path explicit-path TO-ROUTER-2 secondary
mpls te backup hot-standby
mpls te igp shortcut ospf
mpls te igp metric absolute 10
mpls te reserved-for-binding
mpls te commit
ospf enable 1 area 0.0.0.0
mpls
#
interface Tunnel4
ip address unnumbered interface LoopBack0
tunnel-protocol mpls te
destination 4.4.4.39
mpls te tunnel-id 20
mpls te signalled tunnel-name pe1->router-2
mpls te record-route label
mpls te path explicit-path TO-ROUTER-2
mpls te path explicit-path TO-ROUTER-1 secondary
mpls te backup hot-standby
mpls te igp shortcut ospf
mpls te igp metric absolute 10
mpls te reserved-for-binding
mpls te commit
ospf enable 1 area 0.0.0.0
mpls
#
interface Tunnel5
ip address unnumbered interface LoopBack0
tunnel-protocol mpls te
destination 4.4.4.144
mpls te tunnel-id 69
mpls te signalled tunnel-name pe1->pe2-1
mpls te record-route label
mpls te path explicit-path TO-PE2-1
mpls te path explicit-path TO-PE2-2 secondary
mpls te backup hot-standby
mpls te igp shortcut ospf
mpls te igp metric absolute 10
mpls te reserved-for-binding
mpls te commit
ospf enable 1 area 0.0.0.0
mpls
#
interface Tunnel6
ip address unnumbered interface LoopBack0
tunnel-protocol mpls te
destination 4.4.4.144
mpls te tunnel-id 70
mpls te signalled tunnel-name pe1->pe2-2
mpls te record-route label
mpls te path explicit-path TO-PE2-2
mpls te path explicit-path TO-PE2-1 secondary
mpls te backup hot-standby
mpls te igp shortcut ospf
mpls te igp metric absolute 10
mpls te reserved-for-binding
mpls te commit
ospf enable 1 area 0.0.0.0
mpls
#
bgp 2519
router-id 4.4.4.143
graceful-restart
group IPv6-PRIVATEAS_CUSTOMER external
group PRIVATEAS_CUSTOMER external
peer 2.2.2.206 as-number 64901
peer 2.2.2.206 group PRIVATEAS_CUSTOMER
peer 2.2.2.206 password cipher %^%#r-cY&8yb<(u#B}3bmEoRd6qkX.GNMPEiY2D^bV*A%^%#
group iBGP internal
peer iBGP connect-interface LoopBack0
peer 4.4.4.27 as-number 2519
peer 4.4.4.27 group iBGP
peer 4.4.4.27 password cipher %^%#r-cY&8yb<(u#B}3bmEoRd6qkX.GNMPEiY2D^bV*A%^%#
peer 4.4.4.28 as-number 2519
peer 4.4.4.28 group iBGP
peer 4.4.4.28 password cipher %^%#r-cY&8yb<(u#B}3bmEoRd6qkX.GNMPEiY2D^bV*A%^%#
peer 2001::15 as-number 2519
peer 2001::15 group iBGP
peer 2001::15 password cipher %^%#r-cY&8yb<(u#B}3bmEoRd6qkX.GNMPEiY2D^bV*A%^%#
peer 2001::16 as-number 2519
peer 2001::16 group iBGP
peer 2001::16 password cipher %^%#r-cY&8yb<(u#B}3bmEoRd6qkX.GNMPEiY2D^bV*A%^%#
#
ipv4-family unicast
undo synchronization
preference 170 170 130
import-route static route-policy STATIC-to-BGP
peer IPv6-PRIVATEAS_CUSTOMER enable
peer PRIVATEAS_CUSTOMER enable
peer PRIVATEAS_CUSTOMER advertise-community
peer 2.2.2.206 enable
peer 2.2.2.206 group PRIVATEAS_CUSTOMER
peer 2.2.2.206 route-policy DENY-ANY_ROUTE-OUT export
peer 2.2.2.206 default-route-advertise route-policy PRIVATEAS_CUSTOMER-DEFAULT-OUT conditional-route-match-any 0.0.0.0 0.0.0.0
peer iBGP enable
peer iBGP next-hop-local
peer iBGP advertise-community
peer 4.4.4.27 enable
peer 4.4.4.27 group iBGP
peer 4.4.4.28 enable
peer 4.4.4.28 group iBGP
#
ipv6-family unicast
undo synchronization
preference 170 170 130
import-route static route-policy STATIC-to-BGP
peer IPv6-PRIVATEAS_CUSTOMER enable
peer IPv6-PRIVATEAS_CUSTOMER advertise-community
peer iBGP enable
peer iBGP next-hop-local
peer iBGP advertise-community
peer 2001::15 enable
peer 2001::15 group iBGP
peer 2001::16 enable
peer 2001::16 group iBGP
#
ospf 1 router-id 4.4.4.143
silent-interface all
undo silent-interface Eth-Trunk0
undo silent-interface Eth-Trunk1
preference 80
opaque-capability enable
graceful-restart
bandwidth-reference 1000000
enable traffic-adjustment
area 0.0.0.0
authentication-mode hmac-sha256 1 cipher %^%#r-cY&8yb<(u#B}3bmEoRd6qkX.GNMPEiY2D^bV*A%^%#
mpls-te enable
#
route-policy PRIVATEAS_CUSTOMER-DEFAULT-OUT permit node 100
if-match ip-prefix DEFAULT-ROUTE
apply community no-export
#
route-policy PRIVATEAS_CUSTOMER-DEFAULT-OUT deny node 200
#
route-policy DENY-ANY_ROUTE-OUT deny node 100
#
route-policy STATIC-to-BGP permit node 200
if-match tag 2519
apply local-preference 10000
apply origin igp
apply community 2519:1
#
ip ip-prefix DEFAULT-ROUTE index 5 permit 0.0.0.0 0
#
ip route-static 6.6.6.0 255.255.255.0 Eth-Trunk3 3.3.3.116 tag 2519
#
return
#
sysname PE2
#
ipv6
#
mpls lsr-id 4.4.4.144
mpls
mpls te
mpls rsvp-te
mpls rsvp-te hello
mpls rsvp-te srefresh
#
explicit-path TO-P1-1
next hop 1.1.1.5
#
explicit-path TO-P1-2
next hop 1.1.1.13
next hop 1.1.2.9
#
explicit-path TO-P2-1
next hop 1.1.1.13
#
explicit-path TO-P2-2
next hop 1.1.1.5
next hop 1.1.2.10
#
explicit-path TO-PE1-1
next hop 1.1.1.5
next hop 1.1.1.2
#
explicit-path TO-PE1-2
next hop 1.1.1.13
next hop 1.1.1.10
#
explicit-path TO-ROUTER-1
next hop 1.1.1.5
next hop 1.1.2.226
#
explicit-path TO-ROUTER-2
next hop 1.1.1.13
next hop 1.1.2.230
#
mpls rsvp-te peer 1.1.1.5
mpls rsvp-te authentication cipher %^%#r-cY&8yb<(u#B}3bmEoRd6qkX.GNMPEiY2D^bV*A%^%#
#
mpls rsvp-te peer 1.1.1.13
mpls rsvp-te authentication cipher %^%#r-cY&8yb<(u#B}3bmEoRd6qkX.GNMPEiY2D^bV*A%^%#
#
ipsec proposal ah
encapsulation-mode transport
transform ah
ah authentication-algorithm sha2-256
#
ipsec sa ospfv3-sa
proposal ah
sa spi inbound ah 256
sa authentication-hex inbound ah cipher %^%#Hs`fE9Kd_92D<#M^CGDSwqjQFrgB~@q,\&NzzsD,xF>0UP%>5+H&q6Vj8ilG%^%#
sa spi outbound ah 256
sa authentication-hex outbound ah cipher %^%#"sFYHYf[9Mz|GW;ko4d<`%DjK-OBR$^<Dt!Hx#FYZ:oDR:\BEGkIsK$LtsnQ%^%#
#
ospfv3 1
router-id 4.4.4.144
bandwidth-reference 1000000
graceful-restart
#
interface Eth-Trunk0
undo portswitch
description To_P1
ipv6 enable
ip address 1.1.1.6 255.255.255.252
ipv6 address 2001:0:0:4DA::2/64
ospfv3 1 area 0.0.0.0
ospfv3 network-type p2p
ospfv3 ipsec sa ospfv3-sa
ospf network-type p2p
ospf enable 1 area 0.0.0.0
mpls
mpls te
mpls rsvp-te
mpls rsvp-te hello
more lacp
#
interface Eth-Trunk1
undo portswitch
description To_P2
ipv6 enable
ip address 1.1.1.14 255.255.255.252
ipv6 address 2001:0:0:4DC::2/64
ospfv3 1 area 0.0.0.0
ospfv3 network-type p2p
ospfv3 ipsec sa ospfv3-sa
ospf network-type p2p
ospf enable 1 area 0.0.0.0
mpls
mpls te
mpls rsvp-te
mpls rsvp-te hello
more lacp
#
interface Eth-Trunk2
undo portswitch
description To_SW1
ip address 2.2.2.253 255.255.255.252
ospf network-type p2p
ospf enable 1 area 0.0.0.0
mode lacp
#
interface Eth-Trunk3
undo portswitch
description To_SW2
ip address 3.3.3.115 255.255.255.248
vrrp vrid 1 virtual-ip 3.3.3.113
vrrp vrid 1 track interface Eth-Trunk0 reduced 30
vrrp vrid 1 track interface Eth-Trunk1 reduced 30
vrrp vrid 1 authentication-mode md5 %^%#r-cY&8yb<(u#B}3bmEoRd6qkX.GNMPEiY2D^bV*A%^%#
ospf cost 20000
ospf enable 1 area 0.0.0.0
mode lacp
#
interface XGigabitEthernet1/0/0
eth-trunk 0
#
interface XGigabitEthernet1/0/1
eth-trunk 1
#
interface XGigabitEthernet2/0/0
eth-trunk 0
#
interface XGigabitEthernet2/0/1
eth-trunk 1
#
interface XGigabitEthernet3/0/0
eth-trunk 2
#
interface XGigabitEthernet3/0/1
eth-trunk 3
#
interface XGigabitEthernet4/0/0
eth-trunk 2
#
interface XGigabitEthernet4/0/1
eth-trunk 3
#
interface LoopBack0
ipv6 enable
ip address 4.4.4.144 255.255.255.255
ipv6 address 2001::14A/128
ospfv3 1 area 0.0.0.0
ospf enable 1 area 0.0.0.0
#
interface Tunnel1
ip address unnumbered interface LoopBack0
tunnel-protocol mpls te
destination 4.4.4.1
mpls te tunnel-id 1
mpls te signalled tunnel-name pe2->P1-1
mpls te record-route label
mpls te path explicit-path TO-P1-1
mpls te path explicit-path TO-P1-2 secondary
mpls te backup hot-standby
mpls te igp shortcut ospf
mpls te igp metric absolute 10
mpls te reserved-for-binding
mpls te commit
ospf enable 1 area 0.0.0.0
mpls
#
interface Tunnel2
ip address unnumbered interface LoopBack0
tunnel-protocol mpls te
destination 4.4.4.2
mpls te tunnel-id 2
mpls te signalled tunnel-name pe2->P2-1
mpls te record-route label
mpls te path explicit-path TO-P2-1
mpls te path explicit-path TO-P2-2 secondary
mpls te backup hot-standby
mpls te igp shortcut ospf
mpls te igp metric absolute 10
mpls te reserved-for-binding
mpls te commit
ospf enable 1 area 0.0.0.0
mpls
#
interface Tunnel3
ip address unnumbered interface LoopBack0
tunnel-protocol mpls te
destination 4.4.4.39
mpls te tunnel-id 3
mpls te signalled tunnel-name pe2->router-1
mpls te record-route label
mpls te path explicit-path TO-ROUTER-1
mpls te path explicit-path TO-ROUTER-2 secondary
mpls te backup hot-standby
mpls te igp shortcut ospf
mpls te igp metric absolute 10
mpls te reserved-for-binding
mpls te commit
ospf enable 1 area 0.0.0.0
mpls
#
interface Tunnel4
ip address unnumbered interface LoopBack0
tunnel-protocol mpls te
destination 4.4.4.39
mpls te tunnel-id 4
mpls te signalled tunnel-name pe2->router-2
mpls te record-route label
mpls te path explicit-path TO-ROUTER-2
mpls te path explicit-path TO-ROUTER-1 secondary
mpls te backup hot-standby
mpls te igp shortcut ospf
mpls te igp metric absolute 10
mpls te reserved-for-binding
mpls te commit
ospf enable 1 area 0.0.0.0
mpls
#
interface Tunnel5
ip address unnumbered interface LoopBack0
tunnel-protocol mpls te
destination 4.4.4.143
mpls te tunnel-id 5
mpls te signalled tunnel-name pe2->pe1-1
mpls te record-route label
mpls te path explicit-path TO-PE1-1
mpls te path explicit-path TO-PE1-2 secondary
mpls te backup hot-standby
mpls te igp shortcut ospf
mpls te igp metric absolute 10
mpls te reserved-for-binding
mpls te commit
ospf enable 1 area 0.0.0.0
mpls
#
interface Tunnel6
ip address unnumbered interface LoopBack0
tunnel-protocol mpls te
destination 4.4.4.143
mpls te tunnel-id 6
mpls te signalled tunnel-name pe2->pe1-2
mpls te record-route label
mpls te path explicit-path TO-PE1-2
mpls te path explicit-path TO-PE1-1 secondary
mpls te backup hot-standby
mpls te igp shortcut ospf
mpls te igp metric absolute 10
mpls te reserved-for-binding
mpls te commit
ospf enable 1 area 0.0.0.0
mpls
#
bgp 2519
router-id 4.4.4.144
graceful-restart
group IPv6-PRIVATEAS_CUSTOMER external
group PRIVATEAS_CUSTOMER external
peer 2.2.2.254 as-number 64901
peer 2.2.2.254 group PRIVATEAS_CUSTOMER
peer 2.2.2.254 password cipher %^%#r-cY&8yb<(u#B}3bmEoRd6qkX.GNMPEiY2D^bV*A%^%#
group iBGP internal
peer iBGP connect-interface LoopBack0
peer 4.4.4.27 as-number 2519
peer 4.4.4.27 group iBGP
peer 4.4.4.27 password cipher %^%#r-cY&8yb<(u#B}3bmEoRd6qkX.GNMPEiY2D^bV*A%^%#
peer 4.4.4.28 as-number 2519
peer 4.4.4.28 group iBGP
peer 4.4.4.28 password cipher %^%#r-cY&8yb<(u#B}3bmEoRd6qkX.GNMPEiY2D^bV*A%^%#
peer 2001::15 as-number 2519
peer 2001::15 group iBGP
peer 2001::15 password cipher %^%#r-cY&8yb<(u#B}3bmEoRd6qkX.GNMPEiY2D^bV*A%^%#
peer 2001::16 as-number 2519
peer 2001::16 group iBGP
peer 2001::16 password cipher %^%#r-cY&8yb<(u#B}3bmEoRd6qkX.GNMPEiY2D^bV*A%^%#
#
ipv4-family unicast
undo synchronization
preference 170 170 130
import-route static route-policy STATIC-to-BGP
peer IPv6-PRIVATEAS_CUSTOMER enable
peer PRIVATEAS_CUSTOMER enable
peer PRIVATEAS_CUSTOMER advertise-community
peer 2.2.2.254 enable
peer 2.2.2.254 group PRIVATEAS_CUSTOMER
peer 2.2.2.254 route-policy DENY-ANY_ROUTE-OUT export
peer 2.2.2.254 default-route-advertise route-policy PRIVATEAS_CUSTOMER-DEFAULT-OUT conditional-route-match-any 0.0.0.0 0.0.0.0
peer iBGP enable
peer iBGP next-hop-local
peer iBGP advertise-community
peer 4.4.4.27 enable
peer 4.4.4.27 group iBGP
peer 4.4.4.28 enable
peer 4.4.4.28 group iBGP
#
ipv6-family unicast
undo synchronization
preference 170 170 130
import-route static route-policy STATIC-to-BGP
peer IPv6-PRIVATEAS_CUSTOMER enable
peer IPv6-PRIVATEAS_CUSTOMER advertise-community
peer iBGP enable
peer iBGP next-hop-local
peer iBGP advertise-community
peer 2001::15 enable
peer 2001::15 group iBGP
peer 2001::16 enable
peer 2001::16 group iBGP
#
ospf 1 router-id 4.4.4.144
silent-interface all
undo silent-interface Eth-Trunk0
undo silent-interface Eth-Trunk1
preference 80
opaque-capability enable
graceful-restart
bandwidth-reference 1000000
enable traffic-adjustment
area 0.0.0.0
authentication-mode hmac-sha256 1 cipher %^%#r-cY&8yb<(u#B}3bmEoRd6qkX.GNMPEiY2D^bV*A%^%#
mpls-te enable
#
route-policy PRIVATEAS_CUSTOMER-DEFAULT-OUT permit node 100
if-match ip-prefix DEFAULT-ROUTE
apply community no-export
#
route-policy PRIVATEAS_CUSTOMER-DEFAULT-OUT deny node 200
#
route-policy DENY-ANY_ROUTE-OUT deny node 100
#
route-policy STATIC-to-BGP permit node 200
if-match tag 2519
apply local-preference 9000
apply origin igp
apply community 2519:1
#
ip ip-prefix DEFAULT-ROUTE index 5 permit 0.0.0.0 0
#
ip route-static 6.6.6.0 255.255.255.0 Eth-Trunk3 3.3.3.116 tag 2519
#
return
P1
P2
#
sysname P1
#
ipv6
#
mpls lsr-id 4.4.4.1
mpls
mpls te
mpls rsvp-te
mpls rsvp-te hello
mpls rsvp-te srefresh
#
explicit-path TO-PE1-1
next hop 1.1.1.2
#
explicit-path TO-PE1-2
next hop 1.1.2.10
next hop 1.1.1.10
#
explicit-path TO-PE2-1
next hop 1.1.1.6
#
explicit-path TO-PE2-2
next hop 1.1.2.10
next hop 1.1.1.14
#
mpls rsvp-te peer 1.1.1.2
mpls rsvp-te authentication cipher %^%#r-cY&8yb<(u#B}3bmEoRd6qkX.GNMPEiY2D^bV*A%^%#
#
mpls rsvp-te peer 1.1.1.6
mpls rsvp-te authentication cipher %^%#r-cY&8yb<(u#B}3bmEoRd6qkX.GNMPEiY2D^bV*A%^%#
#
mpls rsvp-te peer 1.1.2.10
mpls rsvp-te authentication cipher %^%#r-cY&8yb<(u#B}3bmEoRd6qkX.GNMPEiY2D^bV*A%^%#
#
mpls rsvp-te peer 1.1.2.226
mpls rsvp-te authentication cipher %^%#r-cY&8yb<(u#B}3bmEoRd6qkX.GNMPEiY2D^bV*A%^%#
#
ipsec proposal ah
encapsulation-mode transport
transform ah
ah authentication-algorithm sha2-256
#
ipsec sa ospfv3-sa
proposal ah
sa spi inbound ah 256
sa authentication-hex inbound ah cipher %^%#Hs`fE9Kd_92D<#M^CGDSwqjQFrgB~@q,\&NzzsD,xF>0UP%>5+H&q6Vj8ilG%^%#
sa spi outbound ah 256
sa authentication-hex outbound ah cipher %^%#"sFYHYf[9Mz|GW;ko4d<`%DjK- OBR$^<Dt!Hx#FYZ:oDR:\BEGkIsK$LtsnQ%^%#
#
ospfv3 1
router-id 4.4.4.1
bandwidth-reference 1000000
graceful-restart
#
interface Eth-Trunk0
undo portswitch
description To_PE1
ipv6 enable
ip address 1.1.1.1 255.255.255.252
ipv6 address 2001:0:0:4D9::1/64
ospfv3 1 area 0.0.0.0
ospfv3 network-type p2p
ospfv3 ipsec sa ospfv3-sa
ospf network-type p2p
ospf enable 1 area 0.0.0.0
mpls
mpls te
mpls rsvp-te
mpls rsvp-te hello
mode lacp
#
interface Eth-Trunk1
undo portswitch
description To_PE2
ipv6 enable
ip address 1.1.1.5 255.255.255.252
ipv6 address 2001:0:0:4DA::1/64
ospfv3 1 area 0.0.0.0
ospfv3 network-type p2p
ospfv3 ipsec sa ospfv3-sa
ospf network-type p2p
ospf enable 1 area 0.0.0.0
mpls
mpls te
mpls rsvp-te
mpls rsvp-te hello
mode lacp
#
interface Eth-Trunk2
undo portswitch
description To_P2
ipv6 enable
ip address 1.1.2.9 255.255.255.252
ipv6 address 2001:0:0:4D8::1/64
ospfv3 1 area 0.0.0.0
ospfv3 network-type p2p
ospfv3 ipsec sa ospfv3-sa
ospf network-type p2p
ospf enable 1 area 0.0.0.0
mpls
mpls te
mpls rsvp-te
mpls rsvp-te hello
mode lacp
#
interface Eth-Trunk3
undo portswitch
description To_RR1
ipv6 enable
ip address 1.1.2.233 255.255.255.252
ipv6 address 2001:0:0:4D7::1/64
ospfv3 1 area 0.0.0.0
ospfv3 network-type p2p
ospfv3 ipsec sa ospfv3-sa
ospf network-type p2p
ospf enable 1 area 0.0.0.0
mode lacp
#
interface Eth-Trunk4
undo portswitch
description To_RR2
ipv6 enable
ip address 1.1.2.189 255.255.255.252
ipv6 address 2001:0:0:4E2::1/64
ospfv3 1 area 0.0.0.0
ospfv3 network-type p2p
ospfv3 ipsec sa ospfv3-sa
ospf network-type p2p
ospf enable 1 area 0.0.0.0
mode lacp
#
interface Eth-Trunk5
undo portswitch
description To_Router
ipv6 enable
ip address 1.1.2.225 255.255.255.252
ipv6 address 2001:0:0:4D5::1/64
ospfv3 1 area 0.0.0.0
ospfv3 network-type p2p
ospfv3 ipsec sa ospfv3-sa
ospf network-type p2p
ospf enable 1 area 0.0.0.0
mpls
mpls te
mpls rsvp-te
mpls rsvp-te hello
mode lacp
#
interface XGigabitEthernet1/0/0
eth-trunk 0
#
interface XGigabitEthernet1/0/1
eth-trunk 1
#
interface XGigabitEthernet2/0/0
eth-trunk 0
#
interface XGigabitEthernet2/0/1
eth-trunk 1
#
interface XGigabitEthernet3/0/0
eth-trunk 2
#
interface XGigabitEthernet3/0/1
eth-trunk 3
#
interface XGigabitEthernet3/0/2
eth-trunk 4
#
interface XGigabitEthernet3/0/3
eth-trunk 5
#
interface XGigabitEthernet4/0/0
eth-trunk 2
#
interface XGigabitEthernet4/0/1
eth-trunk 3
#
interface XGigabitEthernet4/0/2
eth-trunk 4
#
interface XGigabitEthernet4/0/3
eth-trunk 5
#
interface LoopBack0
ipv6 enable
ip address 4.4.4.1 255.255.255.255
ipv6 address 2001::21/128
ospfv3 1 area 0.0.0.0
ospf enable 1 area 0.0.0.0
#
interface Tunnel1
ip address unnumbered interface LoopBack0
tunnel-protocol mpls te
destination 4.4.4.143
mpls te tunnel-id 1
mpls te signalled tunnel-name P1->pe1-1
mpls te record-route label
mpls te path explicit-path TO-PE1-1
mpls te path explicit-path TO-PE1-2 secondary
mpls te backup hot-standby
mpls te igp shortcut ospf
mpls te igp metric absolute 10
mpls te reserved-for-binding
mpls te commit
ospf enable 1 area 0.0.0.0
mpls
#
interface Tunnel2
ip address unnumbered interface LoopBack0
tunnel-protocol mpls te
destination 4.4.4.144
mpls te tunnel-id 2
mpls te signalled tunnel-name P1->pe2-1
mpls te record-route label
mpls te path explicit-path TO-PE2-1
mpls te path explicit-path TO-PE2-2 secondary
mpls te backup hot-standby
mpls te igp shortcut ospf
mpls te igp metric absolute 10
mpls te reserved-for-binding
mpls te commit
ospf enable 1 area 0.0.0.0
mpls
#
bgp 2519
router-id 4.4.4.1
graceful-restart
group iBGP internal
peer iBGP connect-interface LoopBack0
peer 4.4.4.27 as-number 2519
peer 4.4.4.27 group iBGP
peer 4.4.4.27 password cipher %^%#r-cY&8yb<(u#B}3bmEoRd6qkX.GNMPEiY2D^bV*A%^%#
peer 4.4.4.28 as-number 2519
peer 4.4.4.28 group iBGP
peer 4.4.4.28 password cipher %^%#r- cY&8yb<(u#B}3bmEoRd6qkX.GNMPEiY2D^bV*A%^%#
peer 2001::15 as-number 2519
peer 2001::15 group iBGP
peer 2001::15 password cipher %^%#r- cY&8yb<(u#B}3bmEoRd6qkX.GNMPEiY2D^bV*A%^%#
peer 2001::16 as-number 2519
peer 2001::16 group iBGP
peer 2001::16 password cipher %^%#r-cY&8yb<(u#B}3bmEoRd6qkX.GNMPEiY2D^bV*A%^%#
#
ipv4-family unicast
undo synchronization
preference 170 170 130
peer iBGP enable
peer iBGP next-hop-local
peer iBGP advertise-community
peer 4.4.4.27 enable
peer 4.4.4.27 group iBGP
peer 4.4.4.28 enable
peer 4.4.4.28 group iBGP
#
ipv6-family unicast
undo synchronization
preference 170 170 130
peer iBGP enable
peer iBGP next-hop-local
peer iBGP advertise-community
peer 2001::15 enable
peer 2001::15 group iBGP
peer 2001::16 enable
peer 2001::16 group iBGP
#
ospf 1 router-id 4.4.4.1
silent-interface all
undo silent-interface Eth-Trunk0
undo silent-interface Eth-Trunk1
undo silent-interface Eth-Trunk2
undo silent-interface Eth-Trunk3
undo silent-interface Eth-Trunk4
undo silent-interface Eth-Trunk5
preference 80
opaque-capability enable
graceful-restart
bandwidth-reference 1000000
enable traffic-adjustment
area 0.0.0.0
authentication-mode hmac-sha256 1 cipher %^%#r-cY&8yb<(u#B}3bmEoRd6qkX.GNMPEiY2D^bV*A%^%#
mpls-te enable
#
return
#
sysname P2
#
ipv6
#
mpls lsr-id 4.4.4.2
mpls
mpls te
mpls rsvp-te
mpls rsvp-te hello
mpls rsvp-te srefresh
#
explicit-path TO-PE1-1
next hop 1.1.1.10
#
explicit-path TO-PE1-2
next hop 1.1.2.9
next hop 1.1.1.2
#
explicit-path TO-PE2-1
next hop 1.1.1.14
#
explicit-path TO-PE2-2
next hop 1.1.2.9
next hop 1.1.1.6
#
mpls rsvp-te peer 1.1.1.10
mpls rsvp-te authentication cipher %^%#r-cY&8yb<(u#B}3bmEoRd6qkX.GNMPEiY2D^bV*A%^%#
#
mpls rsvp-te peer 1.1.1.14
mpls rsvp-te authentication cipher %^%#r-cY&8yb<(u#B}3bmEoRd6qkX.GNMPEiY2D^bV*A%^%#
#
mpls rsvp-te peer 1.1.2.9
mpls rsvp-te authentication cipher %^%#r-cY&8yb<(u#B}3bmEoRd6qkX.GNMPEiY2D^bV*A%^%#
#
mpls rsvp-te peer 1.1.2.230
mpls rsvp-te authentication cipher %^%#r-cY&8yb<(u#B}3bmEoRd6qkX.GNMPEiY2D^bV*A%^%#
#
ipsec proposal ah
encapsulation-mode transport
transform ah
ah authentication-algorithm sha2-256
#
ipsec sa ospfv3-sa
proposal ah
sa spi inbound ah 256
sa authentication-hex inbound ah cipher %^%#Hs`fE9Kd_92D<#M^CGDSwqjQFrgB~@q,\&NzzsD,xF>0UP%>5+H&q6Vj8ilG%^%#
sa spi outbound ah 256
sa authentication-hex outbound ah cipher %^%#"sFYHYf[9Mz|GW;ko4d<`%DjK-OBR$^<Dt!Hx#FYZ:oDR:\BEGkIsK$LtsnQ%^%#
#
ospfv3 1
router-id 4.4.4.2
bandwidth-reference 1000000
graceful-restart
#
interface Eth-Trunk0
undo portswitch
description To_PE1
ipv6 enable
ip address 1.1.1.9 255.255.255.252
ipv6 address 2001:0:0:4DB::1/64
ospfv3 1 area 0.0.0.0
ospfv3 network-type p2p
ospfv3 ipsec sa ospfv3-sa
ospf network-type p2p
ospf enable 1 area 0.0.0.0
mpls
mpls te
mpls rsvp-te
mpls rsvp-te hello
mode lacp
#
interface Eth-Trunk1
undo portswitch
description To_PE2
ipv6 enable
ip address 1.1.1.13 255.255.255.252
ipv6 address 2001:0:0:4DC::1/64
ospfv3 1 area 0.0.0.0
ospfv3 network-type p2p
ospfv3 ipsec sa ospfv3-sa
ospf network-type p2p
ospf enable 1 area 0.0.0.0
mpls
mpls te
mpls rsvp-te
mpls rsvp-te hello
mode lacp
#
interface Eth-Trunk2
undo portswitch
description To_P2
ipv6 enable
ip address 1.1.2.10 255.255.255.252
ipv6 address 2001:0:0:4D8::2/64
ospfv3 1 area 0.0.0.0
ospfv3 network-type p2p
ospfv3 ipsec sa ospfv3-sa
ospf network-type p2p
ospf enable 1 area 0.0.0.0
mpls
mpls te
mpls rsvp-te
mpls rsvp-te hello
mode lacp
#
interface Eth-Trunk3
undo portswitch
description To_RR1
ipv6 enable
ip address 1.1.2.237 255.255.255.252
ipv6 address 2001:0:0:4D6::1/64
ospfv3 1 area 0.0.0.0
ospfv3 network-type p2p
ospfv3 ipsec sa ospfv3-sa
ospf network-type p2p
ospf enable 1 area 0.0.0.0
mode lacp
#
interface Eth-Trunk4
undo portswitch
description To_RR2
ipv6 enable
ip address 1.1.2.193 255.255.255.252
ipv6 address 2001:0:0:4E1::1/64
ospfv3 1 area 0.0.0.0
ospfv3 network-type p2p
ospfv3 ipsec sa ospfv3-sa
ospf network-type p2p
ospf enable 1 area 0.0.0.0
mode lacp
#
interface Eth-Trunk5
undo portswitch
description To_Router
ipv6 enable
ip address 1.1.2.229 255.255.255.252
ipv6 address 2001:0:0:4D4::1/64
ospfv3 1 area 0.0.0.0
ospfv3 network-type p2p
ospfv3 ipsec sa ospfv3-sa
ospf network-type p2p
ospf enable 1 area 0.0.0.0
mpls
mpls te
mpls rsvp-te
mpls rsvp-te hello
mode lacp
#
interface XGigabitEthernet1/0/0
eth-trunk 0
#
interface XGigabitEthernet1/0/1
eth-trunk 1
#
interface XGigabitEthernet2/0/0
eth-trunk 0
#
interface XGigabitEthernet2/0/1
eth-trunk 1
#
interface XGigabitEthernet3/0/0
eth-trunk 2
#
interface XGigabitEthernet3/0/1
eth-trunk 3
#
interface XGigabitEthernet3/0/2
eth-trunk 4
#
interface XGigabitEthernet3/0/3
eth-trunk 5
#
interface XGigabitEthernet4/0/0
eth-trunk 2
#
interface XGigabitEthernet4/0/1
eth-trunk 3
#
interface XGigabitEthernet4/0/2
eth-trunk 4
#
interface XGigabitEthernet4/0/3
eth-trunk 5
#
interface LoopBack0
ipv6 enable
ip address 4.4.4.2 255.255.255.255
ipv6 address 2001::22/128
ospfv3 1 area 0.0.0.0
ospf enable 1 area 0.0.0.0
#
interface Tunnel1
ip address unnumbered interface LoopBack0
tunnel-protocol mpls te
destination 4.4.4.143
mpls te tunnel-id 1
mpls te signalled tunnel-name P2->pe1-1
mpls te record-route label
mpls te path explicit-path TO-PE1-1
mpls te path explicit-path TO-PE1-2 secondary
mpls te backup hot-standby
mpls te igp shortcut ospf
mpls te igp metric absolute 10
mpls te reserved-for-binding
mpls te commit
ospf enable 1 area 0.0.0.0
mpls
#
interface Tunnel2
ip address unnumbered interface LoopBack0
tunnel-protocol mpls te
destination 4.4.4.144
mpls te tunnel-id 2
mpls te signalled tunnel-name P2->pe2-1
mpls te record-route label
mpls te path explicit-path TO-PE2-1
mpls te path explicit-path TO-PE2-2 secondary
mpls te backup hot-standby
mpls te igp shortcut ospf
mpls te igp metric absolute 10
mpls te reserved-for-binding
mpls te commit
ospf enable 1 area 0.0.0.0
mpls
#
bgp 2519
router-id 4.4.4.2
graceful-restart
group iBGP internal
peer iBGP connect-interface LoopBack0
peer 4.4.4.27 as-number 2519
peer 4.4.4.27 group iBGP
peer 4.4.4.27 password cipher %^%#r-cY&8yb<(u#B}3bmEoRd6qkX.GNMPEiY2D^bV*A%^%#
peer 4.4.4.28 as-number 2519
peer 4.4.4.28 group iBGP
peer 4.4.4.28 password cipher %^%#r- cY&8yb<(u#B}3bmEoRd6qkX.GNMPEiY2D^bV*A%^%#
peer 2001::15 as-number 2519
peer 2001::15 group iBGP
peer 2001::15 password cipher %^%#r-cY&8yb<(u#B}3bmEoRd6qkX.GNMPEiY2D^bV*A%^%#
peer 2001::16 as-number 2519
peer 2001::16 group iBGP
peer 2001::16 password cipher %^%#r-cY&8yb<(u#B}3bmEoRd6qkX.GNMPEiY2D^bV*A%^%#
#
ipv4-family unicast
undo synchronization
preference 170 170 130
peer iBGP enable
peer iBGP next-hop-local
peer iBGP advertise-community
peer 4.4.4.27 enable
peer 4.4.4.27 group iBGP
peer 4.4.4.28 enable
peer 4.4.4.28 group iBGP
#
ipv6-family unicast
undo synchronization
preference 170 170 130
peer iBGP enable
peer iBGP next-hop-local
peer iBGP advertise-community
peer 2001::15 enable
peer 2001::15 group iBGP
peer 2001::16 enable
peer 2001::16 group iBGP
#
ospf 1 router-id 4.4.4.2
silent-interface all
undo silent-interface Eth-Trunk0
undo silent-interface Eth-Trunk1
undo silent-interface Eth-Trunk2
undo silent-interface Eth-Trunk3
undo silent-interface Eth-Trunk4
undo silent-interface Eth-Trunk5
preference 80
opaque-capability enable
graceful-restart
bandwidth-reference 1000000
enable traffic-adjustment
area 0.0.0.0
authentication-mode hmac-sha256 1 cipher %^%#r-cY&8yb<(u#B}3bmEoRd6qkX.GNMPEiY2D^bV*A%^%#
mpls-te enable
#
return
RR1
RR2
#
sysname RR1
#
ipv6
#
ipsec proposal ah
encapsulation-mode transport
transform ah
ah authentication-algorithm sha2-256
#
ipsec sa ospfv3-sa
proposal ah
sa spi inbound ah 256
sa authentication-hex inbound ah cipher %^%#Hs`fE9Kd_92D<#M^CGDSwqjQFrgB~@q,\&NzzsD,xF>0UP%>5+H&q6Vj8ilG%^%#
sa spi outbound ah 256
sa authentication-hex outbound ah cipher %^%#"sFYHYf[9Mz|GW;ko4d<`%DjK-OBR$^<Dt!Hx#FYZ:oDR:\BEGkIsK$LtsnQ%^%#
#
ospfv3 1
router-id 4.4.4.27
bandwidth-reference 1000000
graceful-restart
#
interface Eth-Trunk0
undo portswitch
description To_P1
ipv6 enable
ip address 1.1.2.234 255.255.255.252
ipv6 address 2001:0:0:4D7::2/64
ospfv3 1 area 0.0.0.0
ospfv3 cost 10000
ospfv3 network-type p2p
ospfv3 ipsec sa ospfv3-sa
ospf cost 10000
ospf network-type p2p
ospf enable 1 area 0.0.0.0
mode lacp
#
interface Eth-Trunk1
undo portswitch
description To_P2
ipv6 enable
ip address 1.1.2.238 255.255.255.252
ipv6 address 2001:0:0:4D6::2/64
ospfv3 1 area 0.0.0.0
ospfv3 cost 1000
ospfv3 network-type p2p
ospfv3 ipsec sa ospfv3-sa
ospf cost 1000
ospf network-type p2p
ospf enable 1 area 0.0.0.0
mode lacp
#
interface XGigabitEthernet1/0/0
eth-trunk 0
#
interface XGigabitEthernet1/0/1
eth-trunk 1
#
interface XGigabitEthernet2/0/0
eth-trunk 0
#
interface XGigabitEthernet2/0/1
eth-trunk 1
#
interface LoopBack0
ipv6 enable
ip address 4.4.4.27 255.255.255.255
ipv6 address 2001::15/128
ospfv3 1 area 0.0.0.0
ospf enable 1 area 0.0.0.0
#
bgp 2519
router-id 4.4.4.27
graceful-restart
group iBGP internal
peer iBGP connect-interface LoopBack0
peer 4.4.4.1 as-number 2519
peer 4.4.4.1 group iBGP
peer 4.4.4.1 password cipher %^%#r-cY&8yb<(u#B}3bmEoRd6qkX.GNMPEiY2D^bV*A%^%#
peer 4.4.4.2 as-number 2519
peer 4.4.4.2 group iBGP
peer 4.4.4.2 password cipher %^%#r-cY&8yb<(u#B}3bmEoRd6qkX.GNMPEiY2D^bV*A%^%#
peer 4.4.4.39 as-number 2519
peer 4.4.4.39 group iBGP
peer 4.4.4.39 password cipher %^%#r-cY&8yb<(u#B}3bmEoRd6qkX.GNMPEiY2D^bV*A%^%#
peer 4.4.4.143 as-number 2519
peer 4.4.4.143 group iBGP
peer 4.4.4.143 password cipher %^%#r-cY&8yb<(u#B}3bmEoRd6qkX.GNMPEiY2D^bV*A%^%#
peer 4.4.4.144 as-number 2519
peer 4.4.4.144 group iBGP
peer 4.4.4.144 password cipher %^%#r-cY&8yb<(u#B}3bmEoRd6qkX.GNMPEiY2D^bV*A%^%#
peer 2001::21 as-number 2519
peer 2001::21 group iBGP
peer 2001::21 password cipher %^%#Df[B&=%EiAdjp',]J'aTYKvRU]aRoBMw)c#ueRO@%^%#
peer 2001::22 as-number 2519
peer 2001::22 group iBGP
peer 2001::22 password cipher %^%#%L73Zh@&+U}9+\%GU<M07v}SO%{f!6WO<j)(rUmI%^%#
peer 2001::31 as-number 2519
peer 2001::31 group iBGP
peer 2001::31 password cipher %^%#]/q`QBny7KG<(T%tM)TLc2V8%cmLN2*o1cUuyt]U%^%#
peer 2001::149 as-number 2519
peer 2001::149 group iBGP
peer 2001::149 password cipher %^%#$_KwO"PsP)Cv2\~rmZ%;":hb$ZTRE@4rnYAtEusX%^%#
peer 2001::14A as-number 2519
peer 2001::14A group iBGP
peer 2001::14A password cipher %^%#N0~G8KObA6aSzL;d,n&YVsT0$!\G{6suKiATq=)G%^%#
#
ipv4-family unicast
undo synchronization
reflector cluster-id 2519
peer iBGP enable
peer iBGP advertise-community
peer 4.4.4.1 enable
peer 4.4.4.1 group iBGP
peer 4.4.4.1 reflect-client
peer 4.4.4.2 enable
peer 4.4.4.2 group iBGP
peer 4.4.4.2 reflect-client
peer 4.4.4.39 enable
peer 4.4.4.39 group iBGP
peer 4.4.4.39 reflect-client
peer 4.4.4.143 enable
peer 4.4.4.143 group iBGP
peer 4.4.4.143 reflect-client
peer 4.4.4.144 enable
peer 4.4.4.144 group iBGP
peer 4.4.4.144 reflect-client
#
ipv6-family unicast
undo synchronization
reflector cluster-id 2519
preference 170 170 130
peer iBGP enable
peer iBGP next-hop-local
peer iBGP advertise-community
peer 2001::21 enable
peer 2001::21 group iBGP
peer 2001::21 reflect-client
peer 2001::22 enable
peer 2001::22 group iBGP
peer 2001::22 reflect-client
peer 2001::31 enable
peer 2001::31 group iBGP
peer 2001::31 reflect-client
peer 2001::149 enable
peer 2001::149 group iBGP
peer 2001::149 reflect-client
peer 2001::14A enable
peer 2001::14A group iBGP
peer 2001::14A reflect-client
#
ospf 1 router-id 4.4.4.27
silent-interface all
undo silent-interface Eth-Trunk0
undo silent-interface Eth-Trunk1
preference 80
opaque-capability enable
graceful-restart
bandwidth-reference 1000000
enable traffic-adjustment
area 0.0.0.0
authentication-mode hmac-sha256 1 cipher %^%#r-cY&8yb<(u#B}3bmEoRd6qkX.GNMPEiY2D^bV*A%^%#
mpls-te enable
#
return
#
sysname RR2
#
ipv6
#
ipsec proposal ah
encapsulation-mode transport
transform ah
ah authentication-algorithm sha2-256
#
ipsec sa ospfv3-sa
proposal ah
sa spi inbound ah 256
sa authentication-hex inbound ah cipher %^%#Hs`fE9Kd_92D<#M^CGDSwqjQFrgB~@q,\&NzzsD,xF>0UP%>5+H&q6Vj8ilG%^%#
sa spi outbound ah 256
sa authentication-hex outbound ah cipher %^%#"sFYHYf[9Mz|GW;ko4d<`%DjK-OBR$^<Dt!Hx#FYZ:oDR:\BEGkIsK$LtsnQ%^%#
#
ospfv3 1
router-id 4.4.4.28
bandwidth-reference 1000000
graceful-restart
#
interface Eth-Trunk0
undo portswitch
description To_P1
ipv6 enable
ip address 1.1.2.190 255.255.255.252
ipv6 address 2001:0:0:4E2::2/64
ospfv3 1 area 0.0.0.0
ospfv3 cost 10000
ospfv3 network-type p2p
ospfv3 ipsec sa ospfv3-sa
ospf cost 10000
ospf network-type p2p
ospf enable 1 area 0.0.0.0
mode lacp
#
interface Eth-Trunk1
undo portswitch
description To_P2
ipv6 enable
ip address 1.1.2.194 255.255.255.252
ipv6 address 2001:0:0:4E1::2/64
ospfv3 1 area 0.0.0.0
ospfv3 cost 1000
ospfv3 network-type p2p
ospfv3 ipsec sa ospfv3-sa
ospf cost 1000
ospf network-type p2p
ospf enable 1 area 0.0.0.0
mode lacp
#
interface XGigabitEthernet1/0/0
eth-trunk 0
#
interface XGigabitEthernet1/0/1
eth-trunk 1
#
interface XGigabitEthernet2/0/0
eth-trunk 0
#
interface XGigabitEthernet2/0/1
eth-trunk 1
#
interface LoopBack0
ipv6 enable
ip address 4.4.4.28 255.255.255.255
ipv6 address 2001::16/128
ospfv3 1 area 0.0.0.0
ospf enable 1 area 0.0.0.0
#
bgp 2519
router-id 4.4.4.28
graceful-restart
group iBGP internal
peer iBGP connect-interface LoopBack0
peer 4.4.4.1 as-number 2519
peer 4.4.4.1 group iBGP
peer 4.4.4.1 password cipher %^%#r-cY&8yb<(u#B}3bmEoRd6qkX.GNMPEiY2D^bV*A%^%#
peer 4.4.4.2 as-number 2519
peer 4.4.4.2 group iBGP
peer 4.4.4.2 password cipher %^%#r-cY&8yb<(u#B}3bmEoRd6qkX.GNMPEiY2D^bV*A%^%#
peer 4.4.4.39 as-number 2519
peer 4.4.4.39 group iBGP
peer 4.4.4.39 password cipher %^%#r- cY&8yb<(u#B}3bmEoRd6qkX.GNMPEiY2D^bV*A%^%#
peer 4.4.4.143 as-number 2519
peer 4.4.4.143 group iBGP
peer 4.4.4.143 password cipher %^%#r-cY&8yb<(u#B}3bmEoRd6qkX.GNMPEiY2D^bV*A%^%#
peer 4.4.4.144 as-number 2519
peer 4.4.4.144 group iBGP
peer 4.4.4.144 password cipher %^%#r-cY&8yb<(u#B}3bmEoRd6qkX.GNMPEiY2D^bV*A%^%#
peer 2001::21 as-number 2519
peer 2001::21 group iBGP
peer 2001::21 password cipher %^%#Df[B&=%EiAdjp',]J'aTYKvRU]aRoBMw)c#ueRO@%^%#
peer 2001::22 as-number 2519
peer 2001::22 group iBGP
peer 2001::22 password cipher %^%#%L73Zh@&+U}9+\%GU<M07v}SO%{f!6WO<j)(rUmI%^%#
peer 2001::31 as-number 2519
peer 2001::31 group iBGP
peer 2001::31 password cipher %^%#]/q`QBny7KG<(T%tM)TLc2V8%cmLN2*o1cUuyt]U%^%#
peer 2001::149 as-number 2519
peer 2001::149 group iBGP
peer 2001::149 password cipher %^%#$_KwO"PsP)Cv2\~rmZ%;":hb$ZTRE@4rnYAtEusX%^%#
peer 2001::14A as-number 2519
peer 2001::14A group iBGP
peer 2001::14A password cipher %^%#N0~G8KObA6aSzL;d,n&YVsT0$!\G{6suKiATq=)G%^%#
#
ipv4-family unicast
undo synchronization
reflector cluster-id 2519
peer iBGP enable
peer iBGP advertise-community
peer 4.4.4.1 enable
peer 4.4.4.1 group iBGP
peer 4.4.4.1 reflect-client
peer 4.4.4.2 enable
peer 4.4.4.2 group iBGP
peer 4.4.4.2 reflect-client
peer 4.4.4.39 enable
peer 4.4.4.39 group iBGP
peer 4.4.4.39 reflect-client
peer 4.4.4.143 enable
peer 4.4.4.143 group iBGP
peer 4.4.4.143 reflect-client
peer 4.4.4.144 enable
peer 4.4.4.144 group iBGP
peer 4.4.4.144 reflect-client
#
ipv6-family unicast
undo synchronization
reflector cluster-id 2519
preference 170 170 130
peer iBGP enable
peer iBGP next-hop-local
peer iBGP advertise-community
peer 2001::21 enable
peer 2001::21 group iBGP
peer 2001::21 reflect-client
peer 2001::22 enable
peer 2001::22 group iBGP
peer 2001::22 reflect-client
peer 2001::31 enable
peer 2001::31 group iBGP
peer 2001::31 reflect-client
peer 2001::149 enable
peer 2001::149 group iBGP
peer 2001::149 reflect-client
peer 2001::14A enable
peer 2001::14A group iBGP
peer 2001::14A reflect-client
#
ospf 1 router-id 4.4.4.28
silent-interface all
undo silent-interface Eth-Trunk0
undo silent-interface Eth-Trunk1
preference 80
opaque-capability enable
graceful-restart
bandwidth-reference 1000000
enable traffic-adjustment
area 0.0.0.0
authentication-mode hmac-sha256 1 cipher %^%#r-cY&8yb<(u#B}3bmEoRd6qkX.GNMPEiY2D^bV*A%^%#
mpls-te enable
#
return
Router
#
sysname Router
#
ipv6
#
mpls lsr-id 4.4.4.39
mpls
mpls te
mpls rsvp-te
mpls rsvp-te hello
mpls rsvp-te srefresh
#
explicit-path TO-PE1-1
next hop 1.1.2.225
next hop 1.1.1.2
#
explicit-path TO-PE1-2
next hop 1.1.2.229
next hop 1.1.1.10
#
explicit-path TO-PE2-1
next hop 1.1.2.225
next hop 1.1.1.6
#
explicit-path TO-PE2-2
next hop 1.1.2.229
next hop 1.1.1.14
#
mpls rsvp-te peer 1.1.2.225
mpls rsvp-te authentication cipher %^%#r-cY&8yb<(u#B}3bmEoRd6qkX.GNMPEiY2D^bV*A%^%#
#
mpls rsvp-te peer 1.1.2.229
mpls rsvp-te authentication cipher %^%#r-cY&8yb<(u#B}3bmEoRd6qkX.GNMPEiY2D^bV*A%^%#
#
ipsec proposal ah
encapsulation-mode transport
transform ah
ah authentication-algorithm sha2-256
#
ipsec sa ospfv3-sa
proposal ah
sa spi inbound ah 256
sa authentication-hex inbound ah cipher %^%#Hs`fE9Kd_92D<#M^CGDSwqjQFrgB~@q,\&NzzsD,xF>0UP%>5+H&q6Vj8ilG%^%#
sa spi outbound ah 256
sa authentication-hex outbound ah cipher %^%#"sFYHYf[9Mz|GW;ko4d<`%DjK-OBR$^<Dt!Hx#FYZ:oDR:\BEGkIsK$LtsnQ%^%#
#
ospfv3 1
router-id 4.4.4.1
bandwidth-reference 1000000
graceful-restart
default-route-advertise always
#
interface Eth-Trunk0
undo portswitch
description To_P1
ipv6 enable
ip address 1.1.2.226 255.255.255.252
ipv6 address 2001:0:0:4D5::2/64
ospfv3 1 area 0.0.0.0
ospfv3 network-type p2p
ospfv3 ipsec sa ospfv3-sa
ospf cost 10000
ospf network-type p2p
ospf enable 1 area 0.0.0.0
mpls
mpls te
mpls rsvp-te
mpls rsvp-te hello
mode lacp
#
interface Eth-Trunk1
undo portswitch
description To_P2
ipv6 enable
ip address 1.1.2.230 255.255.255.252
ipv6 address 2001:0:0:4D4::2/64
ospfv3 1 area 0.0.0.0
ospfv3 cost 1000
ospfv3 network-type p2p
ospfv3 ipsec sa ospfv3-sa
ospf network-type p2p
ospf enable 1 area 0.0.0.0
mpls
mpls te
mpls rsvp-te
mpls rsvp-te hello
mode lacp
#
interface XGigabitEthernet1/0/0
eth-trunk 0
#
interface XGigabitEthernet1/0/1
eth-trunk 1
#
interface XGigabitEthernet2/0/0
eth-trunk 0
#
interface XGigabitEthernet2/0/1
eth-trunk 1
#
interface LoopBack0
ipv6 enable
ip address 4.4.4.39 255.255.255.255
ipv6 address 2001::31/128
ospfv3 1 area 0.0.0.0
ospf enable 1 area 0.0.0.0
#
interface Tunnel1
ip address unnumbered interface LoopBack0
tunnel-protocol mpls te
destination 4.4.4.143
mpls te tunnel-id 1
mpls te signalled tunnel-name router->pe1-1
mpls te record-route label
mpls te path explicit-path TO-PE1-1
mpls te path explicit-path TO-PE1-2 secondary
mpls te backup hot-standby
mpls te igp shortcut ospf
mpls te igp metric absolute 10
mpls te reserved-for-binding
mpls te commit
ospf enable 1 area 0.0.0.0
mpls
#
interface Tunnel2
ip address unnumbered interface LoopBack0
tunnel-protocol mpls te
destination 4.4.4.144
mpls te tunnel-id 2
mpls te signalled tunnel-name router->pe2-1
mpls te record-route label
mpls te path explicit-path TO-PE2-1
mpls te path explicit-path TO-PE2-2 secondary
mpls te backup hot-standby
mpls te igp shortcut ospf
mpls te igp metric absolute 10
mpls te reserved-for-binding
mpls te commit
ospf enable 1 area 0.0.0.0
mpls
#
bgp 2519
router-id 4.4.4.39
graceful-restart
group iBGP internal
peer iBGP connect-interface LoopBack0
peer 4.4.4.27 as-number 2519
peer 4.4.4.27 group iBGP
peer 4.4.4.27 password cipher %^%#r-cY&8yb<(u#B}3bmEoRd6qkX.GNMPEiY2D^bV*A%^%#
peer 4.4.4.28 as-number 2519
peer 4.4.4.28 group iBGP
peer 4.4.4.28 password cipher %^%#r-cY&8yb<(u#B}3bmEoRd6qkX.GNMPEiY2D^bV*A%^%#
peer 2001::15 as-number 2519
peer 2001::15 group iBGP
peer 2001::15 password cipher %^%#r-cY&8yb<(u#B}3bmEoRd6qkX.GNMPEiY2D^bV*A%^%#
peer 2001::16 as-number 2519
peer 2001::16 group iBGP
peer 2001::16 password cipher %^%#r-cY&8yb<(u#B}3bmEoRd6qkX.GNMPEiY2D^bV*A%^%#
#
ipv4-family unicast
undo synchronization
preference 170 170 130
peer iBGP enable
peer iBGP next-hop-local
peer iBGP advertise-community
peer 4.4.4.27 enable
peer 4.4.4.27 group iBGP
peer 4.4.4.28 enable
peer 4.4.4.28 group iBGP
#
ipv6-family unicast
undo synchronization
preference 170 170 130
peer iBGP enable
peer iBGP next-hop-local
peer iBGP advertise-community
peer 2001::15 enable
peer 2001::15 group iBGP
peer 2001::16 enable
peer 2001::16 group iBGP
#
ospf 1 router-id 4.4.4.39
default-route-advertise always
silent-interface all
undo silent-interface Eth-Trunk0
undo silent-interface Eth-Trunk1
preference 80
opaque-capability enable
graceful-restart
bandwidth-reference 1000000
enable traffic-adjustment advertise
area 0.0.0.0
authentication-mode hmac-sha256 1 cipher %^%#r-cY&8yb<(u#B}3bmEoRd6qkX.GNMPEiY2D^bV*A%^%#
mpls-te enable
#
return
