适用产品和版本
CE12800/CE6800/CE5800系列产品V100R001C00或更高版本,CE7800系列产品V100R003C00或更高版本,CE8800系列产品V100R006C00或更高版本,CE12800E系列产品V200R002C50或更高版本。
组网需求
如图2-50所示,PE1为IP网络中的设备,服务器Server与PE1直连,PE2通过SwitchA连接到vpna,vpna通过PE2接入PE1。用户希望公网和私网之间路由互通,SwitchA能够访问到服务器Server。本示例中用交换机替代服务器。
图2-50 配置静态路由实现公私网路由互通示例组网图
配置思路
配置思路如下:
在PE1和SwitchA上配置VLAN和接口。
在PE2设备上配置VPN实例并将SwitchA接入PE2。
在Server、PE1和SwitchA上配置静态路由保证公网路由互通。
在PE2上配置静态路由实现公私网路由互通。
操作步骤
在PE1和SwitchA设备上配置VLAN和接口。# 配置PE1。
system-view
[~HUAWEI] sysname PE1
[*HUAWEI] commit
[~PE1] vlan batch 20 100
[*PE1] interface 10ge 1/0/1
[*PE1-10GE1/0/1] port link-type trunk
[*PE1-10GE1/0/1] port trunk allow-pass vlan 20
[*PE1-10GE1/0/1] undo port trunk allow-pass vlan 1
[*PE1-10GE1/0/1] quit
[*PE1] interface 10ge 1/0/2
[*PE1-10GE1/0/2] port link-type trunk
[*PE1-10GE1/0/2] port trunk allow-pass vlan 100
[*PE1-10GE1/0/2] undo port trunk allow-pass vlan 1
[*PE1-10GE1/0/2] quit
[*PE1] interface vlanif 20
[*PE1-Vlanif20] ip address 193.1.1.1 24
[*PE1-Vlanif20] quit
[*PE1] interface vlanif 100
[*PE1-Vlanif100] ip address 192.1.1.1 24
[*PE1-Vlanif100] quit
[*PE1] commit
# 配置SwitchA。
system-view
[~HUAWEI] sysname SwitchA
[*HUAWEI] commit
[~SwitchA] vlan batch 10
[*SwitchA] interface 10ge 1/0/1
[*SwitchA-10GE1/0/1] port link-type trunk
[*SwitchA-10GE1/0/1] port trunk allow-pass vlan 10
[*SwitchA-10GE1/0/1] undo port trunk allow-pass vlan 1
[*SwitchA-10GE1/0/1] quit
[*SwitchA] interface vlanif 10
[*SwitchA-Vlanif10] ip address 10.1.1.1 24
[*SwitchA-Vlanif10] quit
[*SwitchA] commit
在PE2设备上配置VPN实例,将SwitchA接入PE2。
system-view
[~HUAWEI] sysname PE2
[*HUAWEI] commit
[~PE2] vlan batch 10 100
[*PE2] interface 10ge 1/0/1
[*PE2-10GE1/0/1] port link-type trunk
[*PE2-10GE1/0/1] port trunk allow-pass vlan 10
[*PE2-10GE1/0/1] undo port trunk allow-pass vlan 1
[*PE2-10GE1/0/1] quit
[*PE2] interface 10ge 1/0/2
[*PE2-10GE1/0/2] port link-type trunk
[*PE2-10GE1/0/2] port trunk allow-pass vlan 100
[*PE2-10GE1/0/2] undo port trunk allow-pass vlan 1
[*PE2-10GE1/0/2] quit
[*PE2] ip vpn-instance vpna
[*PE2-vpn-instance-vpna] ipv4-family
[*PE2-vpn-instance-vpna-af-ipv4] route-distinguisher 100:1
[*PE2-vpn-instance-vpna-af-ipv4] vpn-target 111:1 both
[*PE2-vpn-instance-vpna-af-ipv4] quit
[*PE2-vpn-instance-vpna] quit
[*PE2] interface vlanif 10
[*PE2-Vlanif10] ip binding vpn-instance vpna
[*PE2-Vlanif10] ip address 10.1.1.2 24
[*PE2-Vlanif10] quit
[*PE2] interface vlanif 100
[*PE2-Vlanif100] ip address 192.1.1.2 24
[*PE2-Vlanif100] quit
[*PE2] commit
在Server、PE1和SwitchA上配置静态路由
# 配置Server。
VLAN和接口配置不在此体现。
[~Server] ip route-static 10.1.1.0 255.255.255.0 193.1.1.1 //Server指向SwitchA的静态路由。
[*Server] commit
# 配置PE1。
[~PE1] ip route-static 10.1.1.0 24 192.1.1.2 //PE1指向SwitchA的静态路由。
[*PE1] commit
# 配置SwitchA。
[~SwitchA] ip route-static 193.1.1.0 24 10.1.1.2 //SwitchA指向Server的静态路由。
[*SwitchA] commit
在PE2上配置静态路由实现公私网路由互通。
# 配置PE2。
[~PE2] ip route-static 10.1.1.0 24 vpn-instance vpna 10.1.1.1 //PE2指向SwitchA的静态路由,流量由公网入私网出。
[*PE2] ip route-static vpn-instance vpna 193.1.1.0 24 192.1.1.1 public //PE2指向Server的静态路由,流量由私网入公网出。
[*PE2] commit
验证
# 查看PE2上为vpna实例维护的路由信息,可以看到指向公网网段的静态路由被引入到了vpna实例的路由信息中。
[~PE2] display ip routing-table vpn-instance vpna
Proto: Protocol Pre: Preference
Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route
------------------------------------------------------------------------------
Routing Table : vpna
Destinations : 5 Routes : 5
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.1.1.0/24 Direct 0 0 D 10.1.1.2 Vlanif10
10.1.1.2/32 Direct 0 0 D 127.0.0.1 Vlanif10
10.1.1.255/32 Direct 0 0 D 127.0.0.1 Vlanif10
193.1.1.0/24 Static 60 0 RD 192.1.1.1 Vlanif100
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
# 查看PE2上的IP路由表,可以看到指向私网网段的静态路由被引入到了公网路由表中。
[~PE2] display ip routing-table
Proto: Protocol Pre: Preference
Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route
------------------------------------------------------------------------------
Routing Table : _public_
Destinations : 8 Routes : 8
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.1.1.0/24 Static 60 0 RD 10.1.1.1 Vlanif10
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.1.1.0/24 Direct 0 0 D 192.1.1.2 Vlanif100
192.1.1.2/32 Direct 0 0 D 127.0.0.1 Vlanif100
192.1.1.255/32 Direct 0 0 D 127.0.0.1 Vlanif100
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
# 使用ping命令验证从SwitchA到Server的网络连通性。
[~SwitchA] ping 193.1.1.2
PING 193.1.1.2: 56 data bytes, press CTRL_C to break
Reply from 193.1.1.2: bytes=56 Sequence=1 ttl=252 time=3 ms
Reply from 193.1.1.2: bytes=56 Sequence=2 ttl=252 time=4 ms
Reply from 193.1.1.2: bytes=56 Sequence=3 ttl=252 time=3 ms
Reply from 193.1.1.2: bytes=56 Sequence=4 ttl=252 time=3 ms
Reply from 193.1.1.2: bytes=56 Sequence=5 ttl=252 time=3 ms
--- 193.1.1.2 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 3/3/4 ms
配置文件
PE1的配置文件
#
sysname PE1
#
vlan batch 20 100
#
interface Vlanif20
ip address 193.1.1.1 24
#
interface Vlanif100
ip address 192.1.1.1 24
#
interface 10GE1/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 20
#
interface 10GE1/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 100
#
ip route-static 10.1.1.0 255.255.255.0 192.1.1.2
#
returrn
PE2的配置文件
#
sysname PE2
#
vlan batch 10 100
#
ip vpn-instance vpna
ipv4-family
route-distinguisher 100:1
vpn-target 111:1 export-extcommunity
vpn-target 111:1 import-extcommunity
#
interface Vlanif10
ip binding vpn-instance vpna
ip address 10.1.1.2 24
#
interface Vlanif100
ip address 192.1.1.2 24
#
interface 10GE1/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 10
#
interface 10GE1/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 100
#
ip route-static 10.1.1.0 255.255.255.0 vpn-instance vpna 10.1.1.1
ip route-static vpn-instance vpna 193.1.1.0 255.255.255.0 192.1.1.1 public
#
returrn
SwitchA的配置文件
#
sysname SwitchA
#
vlan batch 10
#
interface Vlanif10
ip address 10.1.1.1 24
#
interface 10GE1/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 10
#
ip route-static 193.1.1.0 255.255.255.0 10.1.1.2
#
returrn
领取专属 10元无门槛券
私享最新 技术干货