08-MPLS配置指导

04-隧道策略配置

2.8.1 配置跨域VPN-OptionB方式隧道迭代器示例

2.8.2 配置HoVPN隧道迭代器示例

2.8.3 配置IPv6跨域VPN-OptionB方式隧道迭代器示例

1 隧道策略

1.1 隧道策略简介

隧道策略提供了灵活的隧道选择方法，可以满足MPLS VPN对隧道的多种选择要求，例如指定首选隧道、流量在隧道间负载分担等。当MPLS VPN的两个PE（Provider Edge，服务提供商网络边缘）设备之间存在多种隧道、每种隧道都有多条时，如何利用隧道策略合理地选择隧道，不仅有利于服务提供商网络的管理和规划，还可以降低PE设备的处理开销。

MPLS VPN的详细介绍请参见“MPLS配置指导”中的“MPLS L3VPN”。

每条首选隧道对应一个隧道接口。如果对端PE地址与隧道接口的目的地址相同，则通过该隧道转发到达该PE的流量。如果存在多条目的地址相同的首选隧道，则选择配置的第一条首选隧道；如果第一条首选隧道不可用，则选择下一条首选隧道；以此类推。也就是说到达同一个目的地址只能存在一条首选隧道，不会在多条隧道间进行负载分担。该方式为MPLS VPN显式指定了一条隧道，选择的隧道是明确的、可以预期的，便于网络流量规划。推荐使用该方式配置隧道策略。

2. 负载分担策略

选择多条隧道，流量在隧道之间进行负载分担：隧道的选择顺序和负载分担的隧道数目用户可配，隧道类型越靠前，其优先级越高。

采用该方式时，单个VPN的流量分担到多条隧道上，不同隧道的延时差别可能很大，设备或上层应用对报文进行排序处理可能会导致比较大的延迟。因此，不推荐使用此方式配置隧道策略。

1.1.2 隧道策略匹配规则

如果隧道策略中同时配置了上述两种方式，则优先选择首选隧道，即：

· 如果对端PE地址与某条首选隧道的目的地址相同，则采用该隧道转发流量，不会再根据负载分担方式选择隧道。

· 如果不存在隧道目的地址与对端PE地址相同的首选隧道，则根据负载分担方式选择隧道。

1.1.3 隧道选择示例

图1-1 MPLS VPN隧道选择示例图

如图1-1所示，当PE 1和PE 2之间存在多条隧道，且PE 1和PE 2连接多个MPLS VPN时，可以采用如下方式部署MPLS VPN的流量：

· 首选隧道策略：配置多个隧道策略，每个隧道策略中分别指定一条首选隧道，不同的MPLS VPN引用不同的隧道策略，从而实现不同VPN的流量通过不同的隧道转发。

· 负载分担策略：在隧道策略中指定隧道的选择顺序和负载分担的隧道数目，配置MPLS VPN引用该隧道策略，从而实现每个VPN的流量都在多条隧道之间进行负载分担。

1.2 隧道策略配置限制和指导

仅高级模式支持隧道策略功能。有关设备的工作模式的详细介绍，请参见“基础配置指导”中的“设备管理”。

隧道报文不支持MPLS转发。

为了实现某个VPN实例独占某条隧道，需要在隧道策略中使用preferred-path命令将该隧道配置为首选隧道，并只在该VPN实例内引用此隧道策略。

1.3 配置隧道策略

(1) 进入系统视图。

system-view

(2) 创建隧道策略，并进入隧道策略视图。

tunnel-policy tunnel-policy-name

(3) 配置隧道策略。请选择其中一项进行配置。

¡ 配置首选隧道策略。

preferred-path tunnel number

缺省情况下，未配置首选隧道。

¡ 配置负载分担策略。

select-seq lsp load-balance-number number

缺省情况下，负载分担的隧道数目为1。

1.4 隧道策略显示和维护

在完成上述配置后，在任意视图下执行display命令可以显示配置后隧道策略的运行情况，用户可以通过查看显示信息验证配置的效果。

表1-1 隧道策略显示和维护

操作	命令
显示隧道信息	display mpls tunnel { all \| statistics \| [ vpn-instance vpn-instance-name ] destination { ipv4-address \| ipv6-address } }
显示隧道策略的信息	display tunnel-policy [ tunnel-policy-name ]

2 隧道迭代器

2.1 隧道迭代器简介

在MPLS L3VPN网络中，隧道策略配置在VPN实例下，VPN实例下的所有路由根据该策略迭代隧道。隧道策略提供了灵活的隧道选择方法，可以满足MPLS VPN对隧道的多种选择要求。

隧道策略的使用限制：

· 在跨域VPN-OptionB组网中，ASBR设备接收所有PE对等体上发来的VPNv4/v6路由。当前系统为VPNv4/v6路由迭代LSP隧道，而有时为了进行带宽保证，需要为这些VPNv4/v6路由迭代MPLS TE隧道，如果不希望在ASBR上创建VPN实例，则隧道策略无法使用。

· 在跨域VPN-OptionC组网中，对于PE收到的BGP-IPv4/v6标签路由，系统选择的也是LSP隧道。如果需要对隧道的带宽进行保证，则也需要系统为标签路由迭代MPLS TE隧道，只配置隧道策略无法实现。

隧道迭代器可以对BGP VPNv4/v6或带标签的BGP IPv4/IPv6单播路由或BGP标签路由进行过滤，并为通过过滤的路由应用相应的隧道策略，从而根据隧道策略选中符合用户期望的隧道。

2.1.1 隧道迭代器的实现

隧道迭代器的实现步骤如下：

(1) 首先需要创建隧道迭代器。

(2) 然后定义将要实施隧道迭代器的路由信息的特征，即定义一组匹配规则。可以灵活使用过滤器来定义各种匹配规则。

(3) 再为隧道迭代器指定路由应用的隧道策略。

2.1.2 过滤器

过滤器可以看作是隧道迭代器过滤路由的工具，单独配置的过滤器没有任何过滤效果，只有隧道迭代器的相关命令中应用这些过滤器，才能够达到预期的过滤效果。下面将介绍几种常见的过滤器。

1. 访问控制列表

访问控制列表可以指定IP地址和子网范围，用于匹配路由信息的目的网段地址或下一跳地址。

ACL的相关内容请参见“ACL和QoS配置指导”中的“ACL”。

2. 地址前缀列表

地址前缀列表的作用类似于ACL，但比它更为灵活，且更易于用户理解。使用地址前缀列表过滤路由信息时，其匹配对象为路由信息的目的地址。

一个地址前缀列表由前缀列表名标识。每个前缀列表可以包含多个表项，每个表项可以独立指定一个网络前缀形式的匹配范围，并用一个索引号来标识，索引号指明了在地址前缀列表中进行匹配检查的顺序。

每个表项之间是“或”的关系，在匹配的过程中，路由器按升序依次检查由索引号标识的各个表项，只要有某一表项满足条件，就意味着通过该地址前缀列表的过滤（不再对下一个表项进行匹配）。

地址前缀相关内容请参见“三层技术-IP路由配置指导”中的“路由策略”。

3. 团体属性列表（community-list）

community-list仅用于BGP路由的过滤。BGP路由中包含团体（COMMUNITY）属性，该属性用来标识路由所属的组。community-list就是针对团体属性指定匹配条件。一个团体属性列表可以定义多个表项。在匹配过程中，各表项之间是“或”的关系，即只要路由信息通过该列表中的一条表项，就认为通过该团体属性列表。

团体属性列表的相关内容请参见“三层技术-IP路由配置指导”中的“BGP”。

4. RD属性列表（ip rd-list）

RD属性列表仅用于BGP路由的过滤。RD属性列表就是针对RD属性信息的匹配条件。RD属性列表通过rd-list-number标识，每个RD属性列表可以包含多个表项，每一个表项会指定一个RD号的范围，并用一个index-number来标识。过滤时通过指定RD属性列表名对其下的表项依次进行匹配。RD属性列表配置的规则之间是“或”的关系，因为每条路由只能有一个RD属性。

2.2 隧道迭代器配置任务简介

隧道迭代器配置任务如下：

(1) ‍创建隧道迭代器

(2) （可选）配置过滤器

2.3 创建隧道迭代器

1. 功能简介

设备通过节点号（node-number）来标识一个隧道迭代器中的不同节点，匹配时对一个隧道迭代器中的不同节点根据节点号从小到大依次匹配。

每个隧道迭代器节点都有deny（拒绝）和permit（允许）两种匹配模式。

隧道迭代器节点被指定为拒绝模式时，如果路由项满足该节点的所有if-match子句时被拒绝通过该节点的过滤，并且不会进行下一个节点的匹配；如果路由项不满足该节点的if-match子句，将进入下一个节点继续匹配。

隧道迭代器节点被指定为允许模式时。当路由项满足该节点的所有if-match子句时被允许通过该节点的过滤，如路由项不满足该节点的if-match子句，将继续匹配该隧道迭代器的下一个节点。

2. 配置步骤

2.4.6 配置if-match子句

1. 功能简介

在一个隧道迭代器的节点中，可以没有if-match子句，也可以有多个if-match子句。当不指定if-match子句时，如果该节点的匹配模式为允许模式，则所有路由信息都会通过该节点的过滤；如果该节点的匹配模式为拒绝模式，则所有路由信息都会被拒绝。

2. 配置限制和指导

如果配置了多条相同类型的if-match子句，设备在显示隧道迭代器时，会将这些if-match子句合并为一条if-match子句。如果合并后的if-match子句超过命令行最大长度，则这些相同类型的if-match子句会分成多条显示，这些子句之间是“或”的关系，即满足一个匹配条件，就认为匹配该if-match语句，例如出现多条if-match community子句时，各个子句的团体属性之间是“或”的关系，即满足其中一个团体属性，就认为匹配if-match community子句。

如果一个节点中if-match子句只指定了IPv6 ACL，没有指定IPv4 ACL，所有的IPv4路由信息都会匹配这个节点。如果一个节点中if-match子句只指定IPv4 ACL，没有指定IPv6 ACL，所有的IPv6路由信息都会匹配这个节点。

如果if-match子句对应的ACL不存在，则默认满足该匹配条件。如果if-match子句对应的ACL中没有匹配的ACL规则或者ACL规则处于非激活状态，则默认不满足该匹配条件。

如果if-match子句对应的前缀列表、团体属性列表或RD属性列表不存在，则默认满足该匹配条件。

3. 配置步骤

(1) ‍进入系统视图。

system-view

(2) 进入隧道迭代器视图。

tunnel-selector tunnel-selector-name { deny | permit } node node-number

(3) 配置通过ACL或IP地址前缀列表匹配路由。

（IPv4网络）

if-match ip { address | next-hop } { acl ipv4-acl-number | prefix-list prefix-list-name }

（IPv6网络）

if-match ipv6 { address | next-hop } { acl ipv6-acl-number | prefix-list prefix-list-name }

缺省情况下，未配置通过ACL或IP地址前缀列表匹配路由。

(4) 配置BGP路由信息的匹配条件。

¡ 配置匹配BGP路由信息的团体属性匹配条件

if-match community { { basic-community-list-number | name comm-list-name } [ whole-match ] | adv-community-list-number }&<1-32>

¡ 配置匹配BGP路由信息的RD属性列表匹配条件

if-match rd-list rd-list-number

缺省情况下，未配置BGP路由信息匹配条件。

2.5 配置隧道迭代器应用的隧道策略

1. 配置限制和指导

如果指定的隧道策略尚未创建，则需要通过tunnel-policy命令创建对应的隧道策略。

隧道策略的详细介绍，请参见“MPLS配置指导”中的“隧道策略”。

2. 配置步骤

(1) ‍进入系统视图。

system-view

(2) 进入隧道迭代器视图。

tunnel-selector tunnel-selector-name { deny | permit } node node-number

(3) 配置隧道迭代器应用的隧道策略。

apply tunnel-policy tunnel-policy-name

缺省情况下，未配置隧道迭代器应用的隧道策略。

2.6 应用隧道迭代器

1. 功能简介

在以下场景中，需要对BGP VPNv4/v6或者BGP标签路由应用隧道迭代器，实现通过隧道策略迭代期望类型的隧道：

· 跨域VPN-OptionB场景中，ASBR上不需要配置VPN实例但还需要对从PE收到的VPNv4/v6路由应用隧道策略。

· 分层VPN场景中，SPE设备上对从UPE设备上收到的VPNv4/v6路由用隧道策略。

· 跨域VPN-OptionC场景中，PE上对去往远端PE的BGP标签路由应用隧道策略。

2. 配置限制和指导

在OptionC组网中，为了使BGP标签路由在ASBR设备上支持基于隧道迭代的隧道负载分担，可以执行apply tunnel-selector tunnel-selector-name all命令对所有BGP IPv4/v6单播路由（包括标签路由和网段路由）应用隧道迭代器。

删除对BGP VPNv4/v6或者BGP标签路由应用的隧道迭代器，VPN业务有可能因为BGP VPNv4/v6或者BGP标签路由迭代不到隧道而中断。

3. 配置步骤

(1) 进入系统视图。

system-view

(2) 进入BGP实例视图。

bgp as-number [ instance instance-name ]

(3) 进入BGP地址族视图。请选择其中一项进行配置。

¡ 进入BGP IPv4单播地址族视图。

address-family ipv4 [ unicast ]

¡ 请依次执行以下命令进入BGP-VPN IPv4单播地址族视图。

ip vpn-instance vpn-instance-name

address-family ipv4 [ unicast ]

¡ BGP VPNv4地址族视图。

address-family vpnv4

¡ BGP IPv6单播地址族视图。

address-family ipv6 [ unicast ]

¡ 请依次执行以下命令BGP-VPN IPv6单播地址族视图。

ip vpn-instance vpn-instance-name

address-family ipv6 [ unicast ]

¡ BGP VPNv6地址族视图。

address-family vpnv6

(4) 应用隧道迭代器。

apply tunnel-selector tunnel-selector-name [ all ]

缺省情况下，BGP VPNv4、BGP VPNv6或带标签的BGP IPv4/IPv6单播路由未应用隧道迭代器。

2.7 隧道迭代器的显示和维护

在完成上述配置后，在任意视图下执行display命令可以显示配置后隧道迭代器的运行情况，通过查看显示信息验证配置的效果。

在用户视图下执行reset命令可以清除隧道迭代器的统计信息。

display ip community-list、display ip prefix-list、display ipv6 prefix-list、reset ip prefix-list和reset ipv6 prefix-list命令的详细介绍，请参见“三层技术-IP路由命令参考”中的“路由策略”。

表2-1 隧道迭代器显示和维护

操作	命令
显示BGP团体属性列表信息	display ip community-list [ basic-community-list-number \| adv-community-list-number \| name comm-list-name ]
显示IPv4地址前缀列表的统计信息	display ip prefix-list [ name prefix-list-name ]
显示IPv6地址前缀列表的统计信息	display ipv6 prefix-list [ name prefix-list-name ]
来显示RD列表信息	display ip rd-list [ rd-list-number ]
显示隧道迭代器的信息	display tunnel-selector [ tunnel-selector-name ]
清除IPv4地址前缀列表的统计信息	reset ip prefix-list [ prefix-list-name ]
清除IPv6地址前缀列表的统计信息	reset ipv6 prefix-list [ prefix-list-name ]

2.8 隧道迭代器配置举例‌

2.8.1 配置跨域VPN-OptionB方式隧道迭代器示例

1. 组网需求

· Site 1和Site 2属于同一个VPN，Site 1的CE 1通过AS 100的PE 1接入，Site 2的CE 2通过AS 600的PE 2接入；

· 同一自治系统内的PE设备之间运行IS-IS作为IGP；

· PE 1与ASBR-PE 1间通过MP-IBGP交换VPNv4路由，并分别通过隧道策略和隧道迭代器，使得PE 1与ASBR-PE 1间的流量通过MPLS TE隧道Tunnel1转发；

· PE 2与ASBR-PE 2间通过MP-IBGP交换VPNv4路由，并分别通过隧道策略和隧道迭代器，使得PE 2与ASBR-PE 2间的流量通过MPLS TE隧道Tunnel1转发；

· ASBR-PE 1与ASBR-PE 2间通过MP-EBGP交换VPNv4路由；

· ASBR上不对接收的VPNv4路由进行Route Target过滤。

2. 组网图

图2-1 配置跨域VPN-OptionB方式组网图

设备	接口	IP地址	设备	接口	IP地址
PE 1	Loop0	2.2.2.9/32	PE 2	Loop0	5.5.5.9/32
	Vlan-int12	30.0.0.1/8		Vlan-int12	20.0.0.1/8
	Vlan-int11	1.1.1.2/8		Vlan-int11	9.1.1.2/8
ASBR-PE 1	Loop0	3.3.3.9/32	ASBR-PE 2	Loop0	4.4.4.9/32
	Vlan-int11	1.1.1.1/8		Vlan-int11	9.1.1.1/8
	Vlan-int12	11.0.0.2/8		Vlan-int12	11.0.0.1/8
CE 1	Vlan-int12	30.0.0.2/8	CE 2	Vlan-int12	20.0.0.28

3. 配置步骤

(1) 配置CE 1

# 配置接口的IP地址。

<Sysname> system-view

[Sysname] sysname CE1

[CE1] vlan 12

[CE1-vlan12] quit

[CE1] interface ten-gigabitethernet 1/0/1

[CE1-Ten-GigabitEthernet1/0/1] port access vlan 12

[CE1-Ten-GigabitEthernet1/0/1] quit

[CE1] interface vlan-interface 12

[CE1-Vlan-interface12] ip address 30.0.0.2 8

[CE1-Vlan-interface12] quit

# 在PE与CE之间建立EBGP对等体，并引入直连路由。

[CE1] bgp 65001

[CE1-bgp-default] peer 30.0.0.1 as-number 100

[CE1-bgp-default] address-family ipv4 unicast

[CE1-bgp-default-ipv4] peer 30.0.0.1 enable

[CE1-bgp-default-ipv4] import-route direct

[CE1-bgp-default-ipv4] quit

[CE1-bgp-default] quit

(2) 配置PE 1

# 在PE 1上运行IS-IS。

<Sysname> system-view

[Sysname] sysname PE1

[PE1] isis 1

[PE1-isis-1] network-entity 10.111.111.111.111.00

[PE1-isis-1] quit

# 配置LSR ID，使能MPLS和LDP。

[PE1] mpls lsr-id 2.2.2.9

[PE1] mpls ldp

[PE1-ldp] quit

# 创建VLAN，并将端口加入到VLAN。

[PE1] vlan 11

[PE1-vlan11] quit

[PE1] vlan 12

[PE1-vlan12] quit

[PE1] interface ten-gigabitethernet 1/0/1

[PE1-Ten-GigabitEthernet1/0/1] port access vlan 11

[PE1-Ten-GigabitEthernet1/0/1] quit

[PE1] interface ten-gigabitethernet 1/0/2

[PE1-Ten-GigabitEthernet1/0/2] port access vlan 12

[PE1-Ten-GigabitEthernet1/0/2] quit

# 配置Vlan-interface11，在接口上运行IS-IS，并使能MPLS和LDP。

[PE1] interface vlan-interface 11

[PE1-Vlan-interface11] ip address 1.1.1.2 255.0.0.0

[PE1-Vlan-interface11] isis enable 1

[PE1-Vlan-interface11] mpls enable

[PE1-Vlan-interface11] mpls ldp enable

[PE1-Vlan-interface11] quit

# 创建Loopback0接口，在接口上运行IS-IS。

[PE1] interface loopback 0

[PE1-LoopBack0] ip address 2.2.2.9 32

[PE1-LoopBack0] isis enable 1

[PE1-LoopBack0] quit

# 创建一个VPN实例，名为vpn1，配置RD和Route Target属性。

[PE1] ip vpn-instance vpn1

[PE1-vpn-instance-vpn1] route-distinguisher 11:11

[PE1-vpn-instance-vpn1] vpn-target 1:1 2:2 3:3 import-extcommunity

[PE1-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity

[PE1-vpn-instance-vpn1] quit

# 将连接CE 1的接口绑定到创建的VPN实例。

[PE1] interface vlan-interface 12

[PE1-Vlan-interface12] ip binding vpn-instance vpn1

[PE1-Vlan-interface12] ip address 30.0.0.1 8

[PE1-Vlan-interface12] quit

# 在PE 1上运行BGP。

[PE1] bgp 100

# 配置IBGP对等体3.3.3.9为VPNv4对等体。

[PE1-bgp-default] peer 3.3.3.9 as-number 100

[PE1-bgp-default] peer 3.3.3.9 connect-interface loopback 0

[PE1-bgp-default] address-family vpnv4

[PE1-bgp-default-vpnv4] peer 3.3.3.9 enable

[PE1-bgp-default-vpnv4] quit

# 在PE与CE之间建立EBGP对等体。

[PE1-bgp-default] ip vpn-instance vpn1

[PE1-bgp-default-vpn1] peer 30.0.0.2 as-number 65001

[PE1-bgp-default-vpn1] address-family ipv4 unicast

[PE1-bgp-default-ipv4-vpn1] peer 30.0.0.2 enable

[PE1-bgp-default-ipv4-vpn1] quit

[PE1-bgp-default-vpn1] quit

[PE1-bgp-default] quit

# 开启MPLS TE、RSVP-TE和IS-IS TE能力，配置链路的MPLS TE属性，采用RSVP-TE信令协议建立MPLS TE隧道Tunnel1：目的地址为ASBR-PE 1的LSR ID（3.3.3.9），隧道所需的带宽为2000kbps。

[PE1] mpls te

[PE1-te] quit

[PE1] rsvp

[PE1-rsvp] quit

[PE1] interface vlan-interface 11

[PE1-Vlan-interface11] mpls enable

[PE1-Vlan-interface11] mpls te enable

[PE1-Vlan-interface11] mpls te max-link-bandwidth 10000

[PE1-Vlan-interface11] mpls te max-reservable-bandwidth 5000

[PE1-Vlan-interface11] rsvp enable

[PE1-Vlan-interface11] quit

[PE1] isis 1

[PE1-isis-1] cost-style wide

[PE1-isis-1] mpls te enable level-2

[PE1-isis-1] quit

[PE1] interface tunnel 1 mode mpls-te

[PE1-Tunnel1] ip address unnumbered interface LoopBack0

[PE1-Tunnel1] destination 3.3.3.9

[PE1-Tunnel1] mpls te signaling rsvp-te

[PE1-Tunnel1] mpls te bandwidth 2000

[PE1-Tunnel1] quit

# 创建隧道策略tpolicy1并在名为vpn1的VPN实例内应用隧道策略tpolicy1。

[PE1] tunnel-policy tpolicy1

[PE1-tunnel-policy-tpolicy1] preferred-path tunnel 1

[PE1-tunnel-policy-tpolicy1] quit

[PE1] ip vpn-instance vpn1

[PE1-vpn-instance-vpn1] tnl-policy tpolicy1

[PE1-vpn-instance-vpn1] quit

(3) 配置ASBR-PE 1

# 在ASBR-PE 1上运行IS-IS。

<Sysname> system-view

[Sysname] sysname ASBR-PE1

[ASBR-PE1] isis 1

[ASBR-PE1-isis-1] network-entity 10.222.222.222.222.00

[ASBR-PE1-isis-1] quit

# 配置LSR ID，使能MPLS和LDP。

[ASBR-PE1] mpls lsr-id 3.3.3.9

[ASBR-PE1] mpls ldp

[ASBR-PE1-ldp] quit

# 创建VLAN，并将端口加入到VLAN。

[ASBR-PE1] vlan 11

[ASBR-PE1-vlan11] quit

[ASBR-PE1] vlan 12

[ASBR-PE1-vlan12] quit

[ASBR-PE1] interface ten-gigabitethernet 1/0/1

[ASBR-PE1-Ten-GigabitEthernet1/0/1] port access vlan 11

[ASBR-PE1-Ten-GigabitEthernet1/0/1] quit

[ASBR-PE1] interface ten-gigabitethernet 1/0/2

[ASBR-PE1-Ten-GigabitEthernet1/0/2] port access vlan 12

[ASBR-PE1-Ten-GigabitEthernet1/0/2] quit

# 配置接口Vlan-interface11，在接口上运行IS-IS，并使能MPLS和LDP。

[ASBR-PE1] interface vlan-interface11

[ASBR-PE1-Vlan-interface11] ip address 1.1.1.1 255.0.0.0

[ASBR-PE1-Vlan-interface11] isis enable 1

[ASBR-PE1-Vlan-interface11] mpls enable

[ASBR-PE1-Vlan-interface11] mpls ldp enable

[ASBR-PE1-Vlan-interface11] quit

# 配置接口Vlan-interface12，使能MPLS。

[ASBR-PE1] interface vlan-interface 12

[ASBR-PE1-Vlan-interface12] ip address 11.0.0.2 255.0.0.0

[ASBR-PE1-Vlan-interface12] mpls enable

[ASBR-PE1-Vlan-interface12] quit

# 创建Loopback0接口，并运行IS-IS。

[ASBR-PE1] interface loopback 0

[ASBR-PE1-LoopBack0] ip address 3.3.3.9 32

[ASBR-PE1-LoopBack0] isis enable 1

[ASBR-PE1-LoopBack0] quit

# 在ASBR-PE 1上运行BGP

[ASBR-PE1] bgp 100

[ASBR-PE1-bgp-default] peer 2.2.2.9 as-number 100

[ASBR-PE1-bgp-default] peer 2.2.2.9 connect-interface loopback 0

[ASBR-PE1-bgp-default] peer 11.0.0.1 as-number 600

[ASBR-PE1-bgp-default] peer 11.0.0.1 connect-interface vlan-interface 12

# 不对接收的VPNv4路由进行Route target过滤。

[ASBR-PE1-bgp-default] address-family vpnv4

[ASBR-PE1-bgp-default-vpnv4] undo policy vpn-target

# 将IBGP对等体2.2.2.9和EBGP对等体11.0.0.1都配置为VPNv4对等体。

[ASBR-PE1-bgp-default-vpnv4] peer 11.0.0.1 enable

[ASBR-PE1-bgp-default-vpnv4] peer 2.2.2.9 enable

[ASBR-PE1-bgp-default-vpnv4] quit

[ASBR-PE1-bgp-default] quit

# 开启MPLS TE、RSVP-TE和IS-IS TE能力，配置链路的MPLS TE属性，采用RSVP-TE信令协议建立MPLS TE隧道Tunnel1：目的地址为PE 1的LSR ID（2.2.2.9），隧道所需的带宽为2000kbps。

[ASBR-PE1] mpls te

[ASBR-PE1-te] quit

[ASBR-PE1] rsvp

[ASBR-PE1-rsvp] quit

[ASBR-PE1] interface vlan-interface 11

[ASBR-PE1-Vlan-interface11] mpls enable

[ASBR-PE1-Vlan-interface11] mpls te enable

[ASBR-PE1-Vlan-interface11] mpls te max-link-bandwidth 10000

[ASBR-PE1-Vlan-interface11] mpls te max-reservable-bandwidth 5000

[ASBR-PE1-Vlan-interface11] rsvp enable

[ASBR-PE1-Vlan-interface11] quit

[ASBR-PE1] isis 1

[ASBR-PE1-isis-1] cost-style wide

[ASBR-PE1-isis-1] mpls te enable level-2

[ASBR-PE1-isis-1] quit

[ASBR-PE1] interface tunnel 1 mode mpls-te

[ASBR-PE1-Tunnel1] ip address unnumbered interface LoopBack0

[ASBR-PE1-Tunnel1] destination 2.2.2.9

[ASBR-PE1-Tunnel1] mpls te signaling rsvp-te

[ASBR-PE1-Tunnel1] mpls te bandwidth 2000

[ASBR-PE1-Tunnel1] quit

# 创建隧道策略tpolicy1和隧道迭代器ts1，并在BGP VPNv4视图应用隧道迭代器ts1。

[ASBR-PE1] tunnel-policy tpolicy1

[ASBR-PE1-tunnel-policy-tpolicy1] preferred-path tunnel 1

[ASBR-PE1-tunnel-policy-tpolicy1] quit

[ASBR-PE1] tunnel-selector ts1 permit node 1

[ASBR-PE1-tunnel-selector-ts1-1] apply tunnel-policy tpolicy1

[ASBR-PE1-tunnel-selector-ts1-1] quit

[ASBR-PE1] bgp 100

[ASBR-PE1-bgp-default] address-family vpnv4

[ASBR-PE1-bgp-default-vpnv4] apply tunnel-selector ts1

[ASBR-PE1-bgp-default-vpnv4] quit

[ASBR-PE1-bgp-default] quit

(4) 配置ASBR-PE 2

# 在ASBR-PE 2上运行IS-IS。

<Sysname> system-view

[Sysname] sysname ASBR-PE2

[ASBR-PE2] isis 1

[ASBR-PE2-isis-1] network-entity 10.222.222.222.222.00

[ASBR-PE2-isis-1] quit

# 配置LSR ID，使能MPLS和LDP。

[ASBR-PE2] mpls lsr-id 4.4.4.9

[ASBR-PE2] mpls ldp

[ASBR-PE2-ldp] quit

# 创建VLAN，并将端口加入到VLAN。

[ASBR-PE2] vlan 11

[ASBR-PE2-vlan11] quit

[ASBR-PE2] vlan 12

[ASBR-PE2-vlan12] quit

[ASBR-PE2] interface ten-gigabitethernet 1/0/1

[ASBR-PE2-Ten-GigabitEthernet1/0/1] port access vlan 11

[ASBR-PE2-Ten-GigabitEthernet1/0/1] quit

[ASBR-PE2] interface ten-gigabitethernet 1/0/2

[ASBR-PE2-Ten-GigabitEthernet1/0/2] port access vlan 12

[ASBR-PE2-Ten-GigabitEthernet1/0/2] quit

# 配置接口Vlan-interface11，在接口上运行IS-IS，并使能MPLS和LDP。

[ASBR-PE2] interface vlan-interface 11

[ASBR-PE2-Vlan-interface11] ip address 9.1.1.1 255.0.0.0

[ASBR-PE2-Vlan-interface11] isis enable 1

[ASBR-PE2-Vlan-interface11] mpls enable

[ASBR-PE2-Vlan-interface11] mpls ldp enable

[ASBR-PE2-Vlan-interface11] quit

# 配置接口Vlan-interface12，使能MPLS。

[ASBR-PE2] interface vlan-interface 12

[ASBR-PE2-Vlan-interface12] ip address 11.0.0.1 255.0.0.0

[ASBR-PE2-Vlan-interface12] mpls enable

[ASBR-PE2-Vlan-interface12] quit

# 创建Loopback0接口，并运行IS-IS。

[ASBR-PE2] interface loopback 0

[ASBR-PE2-LoopBack0] ip address 4.4.4.9 32

[ASBR-PE2-LoopBack0] isis enable 1

[ASBR-PE2-LoopBack0] quit

# 在ASBR-PE 2上运行BGP。

[ASBR-PE2] bgp 600

[ASBR-PE2-bgp-default] peer 11.0.0.2 as-number 100

[ASBR-PE2-bgp-default] peer 11.0.0.2 connect-interface vlan-interface 12

[ASBR-PE2-bgp-default] peer 5.5.5.9 as-number 600

[ASBR-PE2-bgp-default] peer 5.5.5.9 connect-interface loopback 0

# 不对接收的VPNv4路由进行Route target过滤。

[ASBR-PE2-bgp-default] address-family vpnv4

[ASBR-PE2-bgp-default-vpnv4] undo policy vpn-target

# 将IBGP对等体5.5.5.9和EBGP对等体11.0.0.2都配置为VPNv4对等体。

[ASBR-PE2-bgp-default-vpnv4] peer 11.0.0.2 enable

[ASBR-PE2-bgp-default-vpnv4] peer 5.5.5.9 enable

[ASBR-PE2-bgp-default-vpnv4] quit

[ASBR-PE2-bgp-default] quit

# 开启MPLS TE、RSVP-TE和IS-IS TE能力，配置链路的MPLS TE属性，采用RSVP-TE信令协议建立MPLS TE隧道Tunnel1：目的地址为PE 2的LSR ID（5.5.5.9），隧道所需的带宽为2000kbps。

[ASBR-PE2] mpls te

[ASBR-PE2-te] quit

[ASBR-PE2] rsvp

[ASBR-PE2-rsvp] quit

[ASBR-PE2] interface vlan-interface 11

[ASBR-PE2-Vlan-interface11] mpls enable

[ASBR-PE2-Vlan-interface11] mpls te enable

[ASBR-PE2-Vlan-interface11] mpls te max-link-bandwidth 10000

[ASBR-PE2-Vlan-interface11] mpls te max-reservable-bandwidth 5000

[ASBR-PE2-Vlan-interface11] rsvp enable

[ASBR-PE2-Vlan-interface11] quit

[ASBR-PE2] isis 1

[ASBR-PE2-isis-1] cost-style wide

[ASBR-PE2-isis-1] mpls te enable level-2

[ASBR-PE2-isis-1] quit

[ASBR-PE2] interface tunnel 1 mode mpls-te

[ASBR-PE2-Tunnel1] ip address unnumbered interface LoopBack0

[ASBR-PE2-Tunnel1] destination 5.5.5.9

[ASBR-PE2-Tunnel1] mpls te signaling rsvp-te

[ASBR-PE2-Tunnel1] mpls te bandwidth 2000

[ASBR-PE2-Tunnel1] quit

# 创建隧道策略tpolicy1和隧道迭代器ts1，并在BGP VPNv4视图应用隧道迭代器ts1。

[ASBR-PE2] tunnel-policy tpolicy1

[ASBR-PE2-tunnel-policy-tpolicy1] preferred-path tunnel 1

[ASBR-PE2-tunnel-policy-tpolicy1] quit

[ASBR-PE2] tunnel-selector ts1 permit node 1

[ASBR-PE2-tunnel-selector-ts1-1] apply tunnel-policy tpolicy1

[ASBR-PE2-tunnel-selector-ts1-1] quit

[ASBR-PE2] bgp 600

[ASBR-PE2-bgp-default] address-family vpnv4

[ASBR-PE2-bgp-default-vpnv4] apply tunnel-selector ts1

[ASBR-PE2-bgp-default-vpnv4] quit

[ASBR-PE2-bgp-default] quit

(5) 配置PE 2

# 在PE 2上运行IS-IS。

<Sysname> system-view

[Sysname] sysname PE2

[PE2] isis 1

[PE2-isis-1] network-entity 10.111.111.111.111.00

[PE2-isis-1] quit

# 配置LSR ID，使能MPLS和LDP。

[PE2] mpls lsr-id 5.5.5.9

[PE2] mpls ldp

[PE2-ldp] quit

# 创建VLAN，并将端口加入到VLAN。

[PE2] vlan 11

[PE2-vlan11] quit

[PE2] vlan 12

[PE2-vlan12] quit

[PE2] interface ten-gigabitethernet 1/0/1

[PE2-Ten-GigabitEthernet1/0/1] port access vlan 11

[PE2-Ten-GigabitEthernet1/0/1] quit

[PE2] interface ten-gigabitethernet 1/0/2

[PE2-Ten-GigabitEthernet1/0/2] port access vlan 12

[PE2-Ten-GigabitEthernet1/0/2] quit

# 配置接口Vlan-interface11，在接口上运行IS-IS，并使能MPLS和LDP。

[PE2] interface vlan-interface 11

[PE2-Vlan-interface11] ip address 9.1.1.2 255.0.0.0

[PE2-Vlan-interface11] isis enable 1

[PE2-Vlan-interface11] mpls enable

[PE2-Vlan-interface11] mpls ldp enable

[PE2-Vlan-interface11] quit

# 创建Loopback0接口，在接口上运行IS-IS。

[PE2] interface loopback 0

[PE2-LoopBack0] ip address 5.5.5.9 32

[PE2-LoopBack0] isis enable 1

[PE2-LoopBack0] quit

# 创建一个VPN实例，名为vpn1，配置RD和Route Target属性。

[PE2] ip vpn-instance vpn1

[PE2-vpn-instance-vpn1] route-distinguisher 12:12

[PE2-vpn-instance-vpn1] vpn-target 1:1 2:2 3:3 import-extcommunity

[PE2-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity

[PE2-vpn-instance-vpn1] quit

# 将连接CE 2的接口绑定到创建的VPN实例。

[PE2] interface vlan-interface 12

[PE2-Vlan-interface12] ip binding vpn-instance vpn1

[PE2-Vlan-interface12] ip address 20.0.0.1 8

[PE2-Vlan-interface12] quit

# 在PE 2上运行BGP。

[PE2] bgp 600

# 配置IBGP对等体4.4.4.9为VPNv4对等体。

[PE2-bgp-default] peer 4.4.4.9 as-number 600

[PE2-bgp-default] peer 4.4.4.9 connect-interface loopback 0

[PE2-bgp-default] address-family vpnv4

[PE2-bgp-default-vpnv4] peer 4.4.4.9 enable

[PE2-bgp-default-vpnv4] quit

# 在PE与CE之间建立EBGP对等体。

[PE2-bgp-default] ip vpn-instance vpn1

[PE2-bgp-default-vpn1] peer 20.0.0.2 as-number 65002

[PE2-bgp-default-vpn1] address-family ipv4 unicast

[PE2-bgp-default-ipv4-vpn1] peer 20.0.0.2 enable

[PE2-bgp-default-ipv4-vpn1] quit

[PE2-bgp-default-vpn1] quit

[PE2-bgp-default] quit

# 开启MPLS TE、RSVP-TE和IS-IS TE能力，配置链路的MPLS TE属性，采用RSVP-TE信令协议建立MPLS TE隧道Tunnel1：目的地址为ASBR-PE 2的LSR ID（4.4.4.9），隧道所需的带宽为2000kbps。

[PE2] mpls te

[PE2-te] quit

[PE2] rsvp

[PE2-rsvp] quit

[PE2] interface vlan-interface 11

[PE2-Vlan-interface11] mpls enable

[PE2-Vlan-interface11] mpls te enable

[PE2-Vlan-interface11] mpls te max-link-bandwidth 10000

[PE2-Vlan-interface11] mpls te max-reservable-bandwidth 5000

[PE2-Vlan-interface11] rsvp enable

[PE2-Vlan-interface11] quit

[PE2] isis 1

[PE2-isis-1] cost-style wide

[PE2-isis-1] mpls te enable level-2

[PE2-isis-1] quit

[PE2] interface tunnel 1 mode mpls-te

[PE2-Tunnel1] ip address unnumbered interface LoopBack0

[PE2-Tunnel1] destination 4.4.4.9

[PE2-Tunnel1] mpls te signaling rsvp-te

[PE2-Tunnel1] mpls te bandwidth 2000

[PE2-Tunnel1] quit

# 创建隧道策略tpolicy1并在名为vpn1的VPN实例内应用隧道策略tpolicy1。

[PE2] tunnel-policy tpolicy1

[PE2-tunnel-policy-tpolicy1] preferred-path tunnel 1

[PE2-tunnel-policy-tpolicy1] quit

[PE2] ip vpn-instance vpn1

[PE2-vpn-instance-vpn1] tnl-policy tpolicy1

[PE2-vpn-instance-vpn1] quit

(6) 配置CE 2

# 配置接口的IP地址。

<Sysname> system-view

[Sysname] sysname CE2

[CE2] vlan 12

[CE2-vlan12] quit

[CE2] interface ten-gigabitethernet 1/0/1

[CE2-Ten-GigabitEthernet1/0/1] port access vlan 12

[CE2-Ten-GigabitEthernet1/0/1] quit

[CE2] interface vlan-interface 12

[CE2-Vlan-interface12] ip address 20.0.0.2 8

[CE2-Vlan-interface12] quit

# 在PE与CE之间建立EBGP对等体，并引入直连路由。

[CE2] bgp 65002

[CE2-bgp-default] peer 20.0.0.1 as-number 600

[CE2-bgp-default] address-family ipv4 unicast

[CE2-bgp-default-ipv4] peer 20.0.0.1 enable

[CE2-bgp-default-ipv4] import-route direct

[CE2-bgp-default-ipv4] quit

[CE2-bgp-default] quit

4. 验证配置

(1) 验证连通性。

# CE 1可以ping通CE 2。

[CE1] ping 20.0.0.2

Ping 20.0.0.2 (20.0.0.2): 56 data bytes, press CTRL+C to break

56 bytes from 20.0.0.2: icmp_seq=0 ttl=253 time=2.000 ms

56 bytes from 20.0.0.2: icmp_seq=1 ttl=253 time=3.000 ms

56 bytes from 20.0.0.2: icmp_seq=2 ttl=253 time=2.000 ms

56 bytes from 20.0.0.2: icmp_seq=3 ttl=253 time=2.000 ms

56 bytes from 20.0.0.2: icmp_seq=4 ttl=253 time=3.000 ms

--- Ping statistics for 20.0.0.2 ---

5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss

round-trip min/avg/max/std-dev = 2.000/2.400/3.000/0.490 ms

(2) 验证PE通过MPLS TE隧道将VPN流量转发给ASBR-PE。（以PE 1为例）

# 在PE 1上查看VPN实例vpn1的路由表，可以看到vpn1内到达CE 2的流量通过Tunnel1转发给ASBR-PE 1。

[PE1] display ip routing-table vpn-instance vpn1

Destinations : 11 Routes : 11

Destination/Mask Proto Pre Cost NextHop Interface

0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

20.0.0.0/8 BGP 255 0 3.3.3.9 Tun1

30.0.0.0/8 Direct 0 0 30.0.0.1 Vlan12

30.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0

30.255.255.255/32 Direct 0 0 30.0.0.1 Vlan12

127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0

127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0

127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

224.0.0.0/4 Direct 0 0 0.0.0.0 NULL0

224.0.0.0/24 Direct 0 0 0.0.0.0 NULL0

255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

(3) 验证ASBR-PE通过MPLS TE隧道将VPN流量转发给PE。（以ASBR-PE 1为例）

# 在PE 2上查看VPN实例vpn1的IP转发表，并查看MPLS转发表，可以看到vpn1内到达CE 1的流量通过Tunnel1转发给ASBR-PE 2，PE 2为报文添加的MPLS标签为600127（内层VPN标签为600127，外层公网隧道标签为隐式空标签）。

[PE2] display fib vpn-instance vpn1

Destination count: 12 FIB entry count: 12

Flag:

U:Useable G:Gateway H:Host B:Blackhole D:Dynamic S:Static

R:Relay F:FRR

Destination/Mask Nexthop Flag OutInterface/Token Label

0.0.0.0/32 127.0.0.1 UH InLoop0 Null

20.0.0.0/8 20.0.0.1 U Vlan12 Null

20.0.0.1/32 127.0.0.1 UH InLoop0 Null

20.0.0.2/32 20.0.0.2 UH Vlan12 Null

20.255.255.255/32 20.0.0.1 UBH Vlan12 Null

30.0.0.0/8 4.4.4.9 UGR 268435457 600127

127.0.0.0/8 127.0.0.1 U InLoop0 Null

127.0.0.1/32 127.0.0.1 UH InLoop0 Null

127.255.255.255/32 127.0.0.1 UH InLoop0 Null

224.0.0.0/4 0.0.0.0 UB NULL0 Null

224.0.0.0/24 0.0.0.0 UB NULL0 Null

255.255.255.255/32 127.0.0.1 UH InLoop0 Null

[PE2] display mpls forwarding nhlfe

Total NHLFE entries: 4

Flags: T - Forwarded through a tunnel

N - Forwarded through the outgoing interface to the nexthop IP address

B - Backup forwarding information

A - Active forwarding information

M - P2MP forwarding information

NID Tnl-Type Flag OutLabel Forwarding Info

--------------------------------------------------------------------------------

0 LOCAL NA - Vlan11 9.1.1.1

1 CRLSP NA 3 Vlan11 9.1.1.1

2 LSP NA 3 Vlan11 9.1.1.1

268435457 TE TA - 1

# 在ASBR-PE 2上查看MPLS转发表，可以看到ASBR-PE 2将标签600127替换为600127，即ASBR-PE 2发送给ASBR-PE 1的VPN流量携带的标签为600127。

[ASBR-PE2] display mpls forwarding ilm

Total ILM entries: 5

Flags: T - Forwarded through a tunnel

N - Forwarded through the outgoing interface to the nexthop IP address

B - Backup forwarding information

A - Active forwarding information

M - P2MP forwarding information

InLabel Oper VRF Flag SwapInfo Forwarding Info

--------------------------------------------------------------------------------

24128 SWAP 0 NA 3 Vlan11 9.1.1.2

600124 SWAP 0 TA 600127 268435457

600125 SWAP 0 TA 600127 1

600126 SWAP 0 TA 600127 4

600127 SWAP 0 TA 600127 1

[ASBR-PE2] display mpls forwarding nhlfe

Total NHLFE entries: 6

Flags: T - Forwarded through a tunnel

N - Forwarded through the outgoing interface to the nexthop IP address

B - Backup forwarding information

A - Active forwarding information

M - P2MP forwarding information

NID Tnl-Type Flag OutLabel Forwarding Info

--------------------------------------------------------------------------------

0 LOCAL NA - Vlan12 11.0.0.2

1 LSP NA - Vlan12 11.0.0.2

2 LOCAL NA - Vlan11 9.1.1.2

3 CRLSP NA 3 Vlan11 9.1.1.2

4 LSP NA 3 Vlan11 9.1.1.2

268435457 TE TA - 3

# 在ASBR-PE 1上查看MPLS转发表，可以看到ASBR-PE 1通过MPLS TE隧道将VPN流量转发给PE 1。

[ASBR-PE1] display mpls forwarding ilm

Total ILM entries: 3

Flags: T - Forwarded through a tunnel

N - Forwarded through the outgoing interface to the nexthop IP address

B - Backup forwarding information

A - Active forwarding information

M - P2MP forwarding information

InLabel Oper VRF Flag SwapInfo Forwarding Info

--------------------------------------------------------------------------------

24128 SWAP 0 NA 3 Vlan11 1.1.1.2

600125 SWAP 0 TA 600124 4

600127 SWAP 0 TA 600127 268435457

[ASBR-PE1] display mpls forwarding nhlfe

Total NHLFE entries: 6

Flags: T - Forwarded through a tunnel

N - Forwarded through the outgoing interface to the nexthop IP address

B - Backup forwarding information

A - Active forwarding information

M - P2MP forwarding information

NID Tnl-Type Flag OutLabel Forwarding Info

--------------------------------------------------------------------------------

0 LOCAL NA - Vlan11 1.1.1.2

1 LSP NA 3 Vlan11 1.1.1.2

2 CRLSP NA 3 Vlan11 1.1.1.2

3 LOCAL NA - Vlan12 11.0.0.1

4 LSP NA - Vlan12 11.0.0.1

268435457 TE TA - 2

5. 配置文件

· CE 1：

sysname CE1

vlan 12

interface Vlan-interface12

ip address 30.0.0.2 255.0.0.0

interface Ten-GigabitEthernet1/0/1

port link-mode bridge

port access vlan 12

bgp 65001

peer 30.0.0.1 as-number 100

address-family ipv4 unicast

import-route direct

peer 30.0.0.1 enable

return

· PE 1：

sysname PE1

ip vpn-instance vpn1

route-distinguisher 11:11

tnl-policy tpolicy1

vpn-target 1:1 2:2 3:3 import-extcommunity

vpn-target 3:3 export-extcommunity

isis 1

cost-style wide

mpls te enable level-2

network-entity 10.1111.1111.1111.00

mpls lsr-id 2.2.2.9

vlan 11 to 12

mpls ldp

mpls te

rsvp

tunnel-policy tpolicy1

preferred-path tunnel 1

interface LoopBack0

ip address 2.2.2.9 255.255.255.255

isis enable 1

interface Vlan-interface11

ip address 1.1.1.2 255.0.0.0

isis enable 1

mpls enable

mpls ldp enable

mpls te enable

mpls te max-link-bandwidth 10000

mpls te max-reservable-bandwidth 5000

rsvp enable

interface Vlan-interface12

ip binding vpn-instance vpn1

ip address 30.0.0.1 255.0.0.0

interface Ten-GigabitEthernet1/0/1

port link-mode bridge

port access vlan 11

interface Ten-GigabitEthernet1/0/2

port link-mode bridge

port access vlan 12

interface Tunnel1 mode mpls-te

ip address unnumbered interface LoopBack0

mpls te bandwidth ct0 2000

destination 3.3.3.9

bgp 100

peer 3.3.3.9 as-number 100

peer 3.3.3.9 connect-interface LoopBack0

address-family vpnv4

peer 3.3.3.9 enable

ip vpn-instance vpn1

peer 30.0.0.2 as-number 65001

address-family ipv4 unicast

peer 30.0.0.2 enable

return

· ASBR-PE 1：

sysname ASBR-PE1

isis 1

cost-style wide

mpls te enable level-2

network-entity 10.2222.2222.2222.00

mpls lsr-id 3.3.3.9

vlan 11 to 12

mpls ldp

mpls te

rsvp

tunnel-policy tpolicy1

preferred-path tunnel 1

interface LoopBack0

ip address 3.3.3.9 255.255.255.255

isis enable 1

interface Vlan-interface11

ip address 1.1.1.1 255.0.0.0

isis enable 1

mpls enable

mpls ldp enable

mpls te enable

mpls te max-link-bandwidth 10000

mpls te max-reservable-bandwidth 5000

rsvp enable

interface Vlan-interface12

ip address 11.0.0.2 255.0.0.0

mpls enable

interface Ten-GigabitEthernet1/0/1

port link-mode bridge

port access vlan 11

interface Ten-GigabitEthernet1/0/2

port link-mode bridge

port access vlan 12

interface Tunnel1 mode mpls-te

ip address unnumbered interface LoopBack0

mpls te bandwidth ct0 2000

destination 2.2.2.9

bgp 100

peer 2.2.2.9 as-number 100

peer 2.2.2.9 connect-interface LoopBack0

peer 11.0.0.1 as-number 600

peer 11.0.0.1 connect-interface Vlan-interface12

address-family vpnv4

undo policy vpn-target

apply tunnel-selector ts1

peer 2.2.2.9 enable

peer 11.0.0.1 enable

tunnel-selector ts1 permit node 1

apply tunnel-policy tpolicy1

return

· ASBR-PE 2：

sysname ASBR-PE2

isis 1

cost-style wide

mpls te enable level-2

network-entity 10.2222.2222.2222.00

mpls lsr-id 4.4.4.9

vlan 11 to 12

mpls ldp

mpls te

rsvp

tunnel-policy tpolicy1

preferred-path tunnel 1

interface LoopBack0

ip address 4.4.4.9 255.255.255.255

isis enable 1

interface Vlan-interface11

ip address 9.1.1.1 255.0.0.0

isis enable 1

mpls enable

mpls ldp enable

mpls te enable

mpls te max-link-bandwidth 10000

mpls te max-reservable-bandwidth 5000

rsvp enable

interface Vlan-interface12

ip address 11.0.0.1 255.0.0.0

mpls enable

interface Ten-GigabitEthernet1/0/1

port link-mode bridge

port access vlan 11

interface Ten-GigabitEthernet1/0/2

port link-mode bridge

port access vlan 12

interface Tunnel1 mode mpls-te

ip address unnumbered interface LoopBack0

mpls te bandwidth ct0 2000

destination 5.5.5.9

bgp 600

peer 5.5.5.9 as-number 600

peer 5.5.5.9 connect-interface LoopBack0

peer 11.0.0.2 as-number 100

peer 11.0.0.2 connect-interface Vlan-interface12

address-family vpnv4

undo policy vpn-target

apply tunnel-selector ts1

peer 5.5.5.9 enable

peer 11.0.0.2 enable

tunnel-selector ts1 permit node 1

apply tunnel-policy tpolicy1

return

· PE 2：

sysname PE2

ip vpn-instance vpn1

route-distinguisher 12:12

tnl-policy tpolicy1

vpn-target 1:1 2:2 3:3 import-extcommunity

vpn-target 3:3 export-extcommunity

isis 1

cost-style wide

mpls te enable level-2

network-entity 10.1111.1111.1111.00

mpls lsr-id 5.5.5.9

vlan 11 to 12

mpls ldp

mpls te

rsvp

tunnel-policy tpolicy1

preferred-path tunnel 1

interface LoopBack0

ip address 5.5.5.9 255.255.255.255

isis enable 1

interface Vlan-interface11

ip address 9.1.1.2 255.0.0.0

isis enable 1

mpls enable

mpls ldp enable

mpls te enable

mpls te max-link-bandwidth 10000

mpls te max-reservable-bandwidth 5000

rsvp enable

interface Vlan-interface12

ip binding vpn-instance vpn1

ip address 20.0.0.1 255.0.0.0

interface Ten-GigabitEthernet1/0/1

port link-mode bridge

port access vlan 11

interface Ten-GigabitEthernet1/0/2

port link-mode bridge

port access vlan 12

interface Tunnel1 mode mpls-te

ip address unnumbered interface LoopBack0

mpls te bandwidth ct0 2000

destination 4.4.4.9

bgp 600

peer 4.4.4.9 as-number 600

peer 4.4.4.9 connect-interface LoopBack0

address-family vpnv4

peer 4.4.4.9 enable

ip vpn-instance vpn1

peer 20.0.0.2 as-number 65002

address-family ipv4 unicast

peer 20.0.0.2 enable

return

· CE 2

sysname CE2

vlan 12

interface Vlan-interface12

ip address 20.0.0.2 255.0.0.0

interface Ten-GigabitEthernet1/0/1

port link-mode bridge

port access vlan 12

bgp 65002

peer 20.0.0.1 as-number 600

address-family ipv4 unicast

import-route direct

peer 20.0.0.1 enable

return

2.8.2 配置HoVPN隧道迭代器示例

1. 组网需求

以一个包括省骨干和地市的MPLS VPN网络为例：

· SPE作为省网的PE设备，接入地市的MPLS VPN网络。

· UPE作为下层地市网络的PE设备，最终接入VPN客户。对UPE的性能要求低于对SPE的性能要求。

· SPE将通过路由策略的路由发送给UPE，限制不同Site之间的互相访问权限，使得VPN 1内的CE 1和CE 3可以互相访问，VPN 2内的CE 2和CE 4不能互相访问。

· 分别在SPE和UPE上应用隧道迭代器，使得：

¡ UPE上，VPN数据承载在MPLS TE隧道上，使传输的流量得到足够的带宽保护。

¡ SPE上，不同网段的流量承载在不同的MPLS TE隧道上，以满足不同的业务需求。

2. 组网图

图2-2 配置HoVPN组网图

设备	接口	IP地址	设备	接口	IP地址
CE 1	Vlan-int12	10.2.1.1/24	CE 3	Vlan-int12	10.1.1.1/24
CE 2	Vlan-int13	10.4.1.1/24	CE 4	Vlan-int13	10.3.1.1/24
UPE 1	Loop0	1.1.1.9/32	UPE 2	Loop0	4.4.4.9/32
	Vlan-int11	172.1.1.1/24		Vlan-int11	172.2.1.1/24
	Vlan-int12	10.2.1.2/24		Vlan-int12	10.1.1.2/24
	Vlan-int13	10.4.1.2/24		Vlan-int13	10.3.1.2/24
SPE 1	Loop0	2.2.2.9/32	SPE 2	Loop0	3.3.3.9/32
	Vlan-int11	172.1.1.2/24		Vlan-int11	172.2.1.2/24
	Vlan-int12	180.1.1.1/24		Vlan-int12	180.1.1.2/24

3. 配置步骤

(1) 配置UPE 1

# 创建VLAN，并将端口加入到VLAN。

<Sysname> system-view

[Sysname] sysname UPE1

[UPE1] vlan 11

[UPE1-vlan11] quit

[UPE1] vlan 12

[UPE1-vlan12] quit

[UPE1] vlan 13

[UPE1-vlan13] quit

[UPE1] interface ten-gigabitethernet 1/0/1

[UPE1-Ten-GigabitEthernet1/0/1] port access vlan 11

[UPE1-Ten-GigabitEthernet1/0/1] quit

[UPE1] interface ten-gigabitethernet 1/0/2

[UPE1-Ten-GigabitEthernet1/0/2] port access vlan 12

[UPE1-Ten-GigabitEthernet1/0/2] quit

[UPE1] interface ten-gigabitethernet 1/0/3

[UPE1-Ten-GigabitEthernet1/0/3] port access vlan 13

[UPE1-Ten-GigabitEthernet1/0/3] quit

# 配置MPLS基本能力和MPLS LDP能力，建立LDP LSP。

[UPE1] interface loopback 0

[UPE1-LoopBack0] ip address 1.1.1.9 32

[UPE1-LoopBack0] quit

[UPE1] mpls lsr-id 1.1.1.9

[UPE1] mpls ldp

[UPE1-ldp] quit

[UPE1] interface vlan-interface 11

[UPE1-Vlan-interface11] ip address 172.1.1.1 24

[UPE1-Vlan-interface11] mpls enable

[UPE1-Vlan-interface11] mpls ldp enable

[UPE1-Vlan-interface11] quit

# 配置IGP协议，以OSPF为例。

[UPE1] ospf

[UPE1-ospf-1] area 0

[UPE1-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255

[UPE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0

[UPE1-ospf-1-area-0.0.0.0] quit

[UPE1-ospf-1] quit

# 配置VPN实例vpn1和vpn2，将CE 1和CE 2接入UPE 1。

[UPE1] ip vpn-instance vpn1

[UPE1-vpn-instance-vpn1] route-distinguisher 100:1

[UPE1-vpn-instance-vpn1] vpn-target 100:1 both

[UPE1-vpn-instance-vpn1] quit

[UPE1] ip vpn-instance vpn2

[UPE1-vpn-instance-vpn2] route-distinguisher 100:2

[UPE1-vpn-instance-vpn2] vpn-target 100:2 both

[UPE1-vpn-instance-vpn2] quit

[UPE1] interface vlan-interface 12

[UPE1-Vlan-interface12] ip binding vpn-instance vpn1

[UPE1-Vlan-interface12] ip address 10.2.1.2 24

[UPE1-Vlan-interface12] quit

[UPE1] interface vlan-interface 13

[UPE1-Vlan-interface13] ip binding vpn-instance vpn2

[UPE1-Vlan-interface13] ip address 10.4.1.2 24

[UPE1-Vlan-interface13] quit

# 配置UPE 1与SPE 1建立MP-IBGP对等体。

[UPE1] bgp 100

[UPE1-bgp-default] peer 2.2.2.9 as-number 100

[UPE1-bgp-default] peer 2.2.2.9 connect-interface loopback 0

[UPE1-bgp-default] address-family vpnv4

[UPE1-bgp-default-vpnv4] peer 2.2.2.9 enable

[UPE1-bgp-default-vpnv4] quit

# 配置UPE 1与CE 1建立EBGP对等体。

[UPE1-bgp-default] ip vpn-instance vpn1

[UPE1-bgp-default-vpn1] peer 10.2.1.1 as-number 65410

[UPE1-bgp-default-vpn1] address-family ipv4 unicast

[UPE1-bgp-default-ipv4-vpn1] peer 10.2.1.1 enable

[UPE1-bgp-default-ipv4-vpn1] quit

[UPE1-bgp-default-vpn1] quit

# 配置UPE 1与CE 2建立EBGP对等体。

[UPE1-bgp-default] ip vpn-instance vpn2

[UPE1-bgp-default-vpn2] peer 10.4.1.1 as-number 65420

[UPE1-bgp-default-vpn2] address-family ipv4 unicast

[UPE1-bgp-default-ipv4-vpn2] peer 10.4.1.1 enable

[UPE1-bgp-default-ipv4-vpn2] quit

[UPE1-bgp-default-vpn2] quit

[UPE1-bgp-default] quit

# 开启MPLS TE、RSVP-TE和OSPF TE能力，配置链路的MPLS TE属性，采用RSVP-TE信令协议建立MPLS TE隧道Tunnel1和Tunnel2：目的地址为SPE 1的LSR ID（2.2.2.9）。

[UPE1] mpls te

[UPE1-te] quit

[UPE1] rsvp

[UPE1-rsvp] quit

[UPE1] interface Vlan-interface 11

[UPE1-Vlan-interface11] mpls te enable

[UPE1-Vlan-interface11] mpls te max-link-bandwidth 10000

[UPE1-Vlan-interface11] mpls te max-reservable-bandwidth 8000

[UPE1-Vlan-interface11] rsvp enable

[UPE1-Vlan-interface11] quit

[UPE1] ospf 1

[UPE1-ospf-1] area 0

[UPE1-ospf-1-area-0.0.0.0] mpls te enable

[UPE1-ospf-1] quit

[UPE1] interface tunnel 1 mode mpls-te

[UPE1-Tunnel1] ip address unnumbered interface LoopBack0

[UPE1-Tunnel1] destination 2.2.2.9

[UPE1-Tunnel1] mpls te signaling rsvp-te

[UPE1-Tunnel1] mpls te bandwidth 2000

[UPE1-Tunnel1] quit

[UPE1] interface tunnel 2 mode mpls-te

[UPE1-Tunnel2] ip address unnumbered interface LoopBack0

[UPE1-Tunnel2] destination 2.2.2.9

[UPE1-Tunnel2] mpls te signaling rsvp-te

[UPE1-Tunnel2] mpls te bandwidth 2500

[UPE1-Tunnel2] quit

# 创建隧道策略tpolicy1并在名为vpn1的VPN实例内应用隧道策略tpolicy1。

[UPE1] tunnel-policy tpolicy1

[UPE1-tunnel-policy-tpolicy1] select-seq cr-lsp load-balance-number 2

[UPE1-tunnel-policy-tpolicy1] quit

[UPE1] ip vpn-instance vpn1

[UPE1-vpn-instance-vpn1] tnl-policy tpolicy1

[UPE1-vpn-instance-vpn1] quit

(2) 配置CE 1

<Sysname> system-view

[Sysname] sysname CE1

[CE1] vlan 12

[CE1-vlan12] quit

[CE1] interface ten-gigabitethernet 1/0/1

[CE1-Ten-GigabitEthernet1/0/1] port access vlan 12

[CE1-Ten-GigabitEthernet1/0/1] quit

[CE1] interface vlan-interface 12

[CE1-Vlan-interface12] ip address 10.2.1.1 255.255.255.0

[CE1-Vlan-interface12] quit

[CE1] bgp 65410

[CE1-bgp-default] peer 10.2.1.2 as-number 100

[CE1-bgp-default] address-family ipv4 unicast

[CE1-bgp-default-ipv4] peer 10.2.1.2 enable

[CE1-bgp-default-ipv4] import-route direct

[CE1-bgp-default-ipv4] quit

[CE1-bgp-default] quit

(3) 配置CE 2

<Sysname> system-view

[Sysname] sysname CE2

[CE2] vlan 13

[CE2-vlan13] quit

[CE2] interface ten-gigabitethernet 1/0/1

[CE2-Ten-GigabitEthernet1/0/1] port access vlan 13

[CE2-Ten-GigabitEthernet1/0/1] quit

[CE2] interface vlan-interface 13

[CE2-Vlan-interface13] ip address 10.4.1.1 255.255.255.0

[CE2-Vlan-interface13] quit

[CE2] bgp 65420

[CE2-bgp-default] peer 10.4.1.2 as-number 100

[CE2-bgp-default] address-family ipv4 unicast

[CE2-bgp-default-ipv4] peer 10.4.1.2 enable

[CE2-bgp-default-ipv4] import-route direct

[CE2-bgp-default-ipv4] quit

[CE2-bgp-default] quit

(4) 配置UPE 2

# 创建VLAN，并将端口加入到VLAN。

<Sysname> system-view

[Sysname] sysname UPE2

[UPE2] vlan 11

[UPE2-vlan11] quit

[UPE2] vlan 12

[UPE2-vlan12] quit

[UPE2] vlan 13

[UPE2-vlan13] quit

[UPE2] interface ten-gigabitethernet 1/0/1

[UPE2-Ten-GigabitEthernet1/0/1] port access vlan 11

[UPE2-Ten-GigabitEthernet1/0/1] quit

[UPE2] interface ten-gigabitethernet 1/0/2

[UPE2-Ten-GigabitEthernet1/0/2] port access vlan 12

[UPE2-Ten-GigabitEthernet1/0/2] quit

[UPE2] interface ten-gigabitethernet 1/0/3

[UPE2-Ten-GigabitEthernet1/0/3] port access vlan 13

[UPE2-Ten-GigabitEthernet1/0/3] quit

# 配置MPLS基本能力和MPLS LDP能力，建立LDP LSP。

[UPE2] interface loopback 0

[UPE2-Loopback0] ip address 4.4.4.9 32

[UPE2-Loopback0] quit

[UPE2] mpls lsr-id 4.4.4.9

[UPE2] mpls ldp

[UPE2-ldp] quit

[UPE2] interface vlan-interface 11

[UPE2-Vlan-interface11] ip address 172.2.1.1 24

[UPE2-Vlan-interface11] mpls enable

[UPE2-Vlan-interface11] mpls ldp enable

[UPE2-Vlan-interface11] quit

# 配置IGP协议，以OSPF为例。

[UPE2] ospf

[UPE2-ospf-1] area 0

[UPE2-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255

[UPE2-ospf-1-area-0.0.0.0] network 4.4.4.9 0.0.0.0

[UPE2-ospf-1-area-0.0.0.0] quit

[UPE2-ospf-1] quit

# 配置VPN实例vpn1和vpn2，将CE 3和CE 4接入UPE 2。

[UPE2] ip vpn-instance vpn1

[UPE2-vpn-instance-vpn1] route-distinguisher 300:1

[UPE2-vpn-instance-vpn1] vpn-target 100:1 both

[UPE2-vpn-instance-vpn1] quit

[UPE2] ip vpn-instance vpn2

[UPE2-vpn-instance-vpn2] route-distinguisher 400:2

[UPE2-vpn-instance-vpn2] vpn-target 100:2 both

[UPE2-vpn-instance-vpn2] quit

[UPE2] interface vlan-interface 12

[UPE2-Vlan-interface12] ip binding vpn-instance vpn1

[UPE2-Vlan-interface12] ip address 10.1.1.2 24

[UPE2-Vlan-interface12] quit

[UPE2] interface vlan-interface 13

[UPE2-Vlan-interface13] ip binding vpn-instance vpn2

[UPE2-Vlan-interface13] ip address 10.3.1.2 24

[UPE2-Vlan-interface13] quit

# 配置UPE 2与SPE 2建立MP-IBGP对等体。

[UPE2] bgp 100

[UPE2-bgp-default] peer 3.3.3.9 as-number 100

[UPE2-bgp-default] peer 3.3.3.9 connect-interface loopback 0

[UPE2-bgp-default] address-family vpnv4

[UPE2-bgp-default-vpnv4] peer 3.3.3.9 enable

[UPE2-bgp-default-vpnv4] quit

# 配置UPE 2与CE 3建立EBGP对等体。

[UPE2-bgp-default] ip vpn-instance vpn1

[UPE2-bgp-default-vpn1] peer 10.1.1.1 as-number 65430

[UPE2-bgp-default-vpn1] address-family ipv4 unicast

[UPE2-bgp-default-ipv4-vpn1] peer 10.1.1.1 enable

[UPE2-bgp-default-ipv4-vpn1] quit

[UPE2-bgp-default-vpn1] quit

# 配置UPE 2与CE 4建立EBGP对等体。

[UPE2-bgp-default] ip vpn-instance vpn2

[UPE2-bgp-default-vpn2] peer 10.3.1.1 as-number 65440

[UPE2-bgp-default-vpn2] address-family ipv4 unicast

[UPE2-bgp-default-ipv4-vpn2] peer 10.3.1.1 enable

[UPE2-bgp-default-ipv4-vpn2] quit

[UPE2-bgp-default-vpn2] quit

[UPE2-bgp-default] quit

# 开启MPLS TE、RSVP-TE和OSPF TE能力，配置链路的MPLS TE属性，采用RSVP-TE信令协议建立MPLS TE隧道Tunnel1和Tunnel2：目的地址为SPE 2的LSR ID（3.3.3.9）。

[UPE2] mpls te

[UPE2-te] quit

[UPE2] rsvp

[UPE2-rsvp] quit

[UPE2] interface Vlan-interface 11

[UPE2-Vlan-interface11] mpls te enable

[UPE2-Vlan-interface11] mpls te max-link-bandwidth 10000

[UPE2-Vlan-interface11] mpls te max-reservable-bandwidth 8000

[UPE2-Vlan-interface11] rsvp enable

[UPE2-Vlan-interface11] quit

[UPE2] ospf 1

[UPE2-ospf-1] area 0

[UPE2-ospf-1-area-0.0.0.0] mpls te enable

[UPE2-ospf-1] quit

[UPE2] interface tunnel 1 mode mpls-te

[UPE2-Tunnel1] ip address unnumbered interface LoopBack0

[UPE2-Tunnel1] destination 3.3.3.9

[UPE2-Tunnel1] mpls te signaling rsvp-te

[UPE2-Tunnel1] mpls te bandwidth 2000

[UPE2-Tunnel1] quit

[UPE2] interface tunnel 2 mode mpls-te

[UPE2-Tunnel2] ip address unnumbered interface LoopBack0

[UPE2-Tunnel2] destination 3.3.3.9

[UPE2-Tunnel2] mpls te signaling rsvp-te

[UPE2-Tunnel2] mpls te bandwidth 2500

[UPE2-Tunnel2] quit

# 创建隧道策略tpolicy1并在名为vpn1的VPN实例内应用隧道策略tpolicy1。

[UPE2] tunnel-policy tpolicy1

[UPE2-tunnel-policy-tpolicy1] select-seq cr-lsp load-balance-number 2

[UPE2-tunnel-policy-tpolicy1] quit

[UPE2] ip vpn-instance vpn1

[UPE2-vpn-instance-vpn1] tnl-policy tpolicy1

[UPE2-vpn-instance-vpn1] quit

(5) 配置CE 3

<Sysname> system-view

[Sysname] sysname CE3

[CE3] vlan 12

[CE3-vlan12] quit

[CE3] interface ten-gigabitethernet 1/0/1

[CE3-Ten-GigabitEthernet1/0/1] port access vlan 12

[CE3-Ten-GigabitEthernet1/0/1] quit

[CE3] interface vlan-interface 12

[CE3-Vlan-interface12] ip address 10.1.1.1 255.255.255.0

[CE3-Vlan-interface12] quit

[CE3] bgp 65430

[CE3-bgp-default] peer 10.1.1.2 as-number 100

[CE3-bgp-default] address-family ipv4 unicast

[CE3-bgp-default-ipv4] peer 10.1.1.2 enable

[CE3-bgp-default-ipv4] import-route direct

[CE3-bgp-default-ipv4] quit

[CE3-bgp-default] quit

(6) 配置CE 4

<Sysname> system-view

[Sysname] sysname CE4

[CE4] vlan 13

[CE4-vlan13] quit

[CE4] interface ten-gigabitethernet 1/0/1

[CE4-Ten-GigabitEthernet1/0/1] port access vlan 13

[CE4-Ten-GigabitEthernet1/0/1] quit

[CE4] interface vlan-interface 13

[CE4-Vlan-interface13] ip address 10.3.1.1 255.255.255.0

[CE4-Vlan-interface13] quit

[CE4] bgp 65440

[CE4-bgp-default] peer 10.3.1.2 as-number 100

[CE4-bgp-default] address-family ipv4 unicast

[CE4-bgp-default-ipv4] peer 10.3.1.2 enable

[CE4-bgp-default-ipv4] import-route direct

[CE4-bgp-default-ipv4] quit

[CE4-bgp-default] quit

(7) 配置SPE 1

# 创建VLAN，并将端口加入到VLAN。

<Sysname> system-view

[Sysname] sysname SPE1

[SPE1] vlan 11

[SPE1-vlan11] quit

[SPE1] vlan 12

[SPE1-vlan12] quit

[SPE1] interface ten-gigabitethernet 1/0/1

[SPE1-Ten-GigabitEthernet1/0/1] port access vlan 11

[SPE1-Ten-GigabitEthernet1/0/1] quit

[SPE1] interface ten-gigabitethernet 1/0/2

[SPE1-Ten-GigabitEthernet1/0/2] port access vlan 12

[SPE1-Ten-GigabitEthernet1/0/2] quit

# 配置MPLS基本能力和MPLS LDP能力，建立LDP LSP。

[SPE1] interface loopback 0

[SPE1-LoopBack0] ip address 2.2.2.9 32

[SPE1-LoopBack0] quit

[SPE1] mpls lsr-id 2.2.2.9

[SPE1] mpls ldp

[SPE1-ldp] quit

[SPE1] interface vlan-interface 11

[SPE1-Vlan-interface11] ip address 172.1.1.2 24

[SPE1-Vlan-interface11] mpls enable

[SPE1-Vlan-interface11] mpls ldp enable

[SPE1-Vlan-interface11] quit

[SPE1] interface vlan-interface 12

[SPE1-Vlan-interface12] ip address 180.1.1.1 24

[SPE1-Vlan-interface12] mpls enable

[SPE1-Vlan-interface12] mpls ldp enable

[SPE1-Vlan-interface12] quit

# 配置IGP协议，以OSPF为例。

[SPE1] ospf

[SPE1-ospf-1] area 0

[SPE1-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0

[SPE1-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255

[SPE1-ospf-1-area-0.0.0.0] network 180.1.1.0 0.0.0.255

[SPE1-ospf-1-area-0.0.0.0] quit

[SPE1-ospf-1] quit

# 配置VPN实例vpn1和vpn2。

[SPE1] ip vpn-instance vpn1

[SPE1-vpn-instance-vpn1] route-distinguisher 500:1

[SPE1-vpn-instance-vpn1] vpn-target 100:1 both

[SPE1-vpn-instance-vpn1] quit

[SPE1] ip vpn-instance vpn2

[SPE1-vpn-instance-vpn2] route-distinguisher 700:1

[SPE1-vpn-instance-vpn2] vpn-target 100:2 both

[SPE1-vpn-instance-vpn2] quit

# 配置SPE 1与SPE 2、UPE 1建立MP-IBGP对等体，并指定UPE 1为UPE。

[SPE1] bgp 100

[SPE1-bgp-default] peer 1.1.1.9 as-number 100

[SPE1-bgp-default] peer 1.1.1.9 connect-interface loopback 0

[SPE1-bgp-default] peer 3.3.3.9 as-number 100

[SPE1-bgp-default] peer 3.3.3.9 connect-interface loopback 0

[SPE1-bgp-default] address-family vpnv4

[SPE1-bgp-default-vpnv4] peer 3.3.3.9 enable

[SPE1-bgp-default-vpnv4] peer 1.1.1.9 enable

[SPE1-bgp-default-vpnv4] peer 1.1.1.9 upe

[SPE1-bgp-default-vpnv4] peer 1.1.1.9 next-hop-local

[SPE1-bgp-default-vpnv4] quit

# 为VPN实例vpn1和vpn2分别创建BGP-VPN实例，以便根据Route Target属性将学习到的VPNv4路由添加到相应VPN实例的BGP路由表中。

[SPE1-bgp-default] ip vpn-instance vpn1

[SPE1-bgp-default-vpn1] quit

[SPE1-bgp-default] ip vpn-instance vpn2

[SPE1-bgp-default-vpn2] quit

[SPE1-bgp-default] quit

# 配置SPE 1向UPE 1发送通过策略的路由信息，允许CE 3的路由发送给UPE 1。

[SPE1] ip prefix-list hope index 10 permit 10.1.1.1 24

[SPE1] route-policy hope permit node 0

[SPE1-route-policy-hope-0] if-match ip address prefix-list hope

[SPE1-route-policy-hope-0] quit

[SPE1] bgp 100

[SPE1-bgp-default] address-family vpnv4

[SPE1-bgp-default-vpnv4] peer 1.1.1.9 upe route-policy hope export

[SPE1-bgp-default-vpnv4] quit

[SPE1-bgp-default] quit

# 开启MPLS TE、RSVP-TE和OSPF TE能力，配置链路的MPLS TE属性，采用RSVP-TE信令协议建立MPLS TE隧道Tunnel1、Tunnel2，和Tunnel3、Tunnel4，目的地址为UPE 1的LSR ID（1.1.1.9）和SPE 2的LSR ID（3.3.3.9）。

[SPE1] mpls te

[SPE1-te] quit

[SPE1] rsvp

[SPE1-rsvp] quit

[SPE1] interface Vlan-interface 11

[SPE1-Vlan-interface11] mpls te enable

[SPE1-Vlan-interface11] mpls te max-link-bandwidth 10000

[SPE1-Vlan-interface11] mpls te max-reservable-bandwidth 8000

[SPE1-Vlan-interface11] rsvp enable

[SPE1-Vlan-interface11] quit

[SPE1] interface Vlan-interface 12

[SPE1-Vlan-interface12] mpls te enable

[SPE1-Vlan-interface12] mpls te max-link-bandwidth 10000

[SPE1-Vlan-interface12] mpls te max-reservable-bandwidth 8000

[SPE1-Vlan-interface12] rsvp enable

[SPE1-Vlan-interface12] quit

[SPE1] ospf 1

[SPE1-ospf-1] area 0

[SPE1-ospf-1-area-0.0.0.0] mpls te enable

[SPE1-ospf-1] quit

[SPE1] interface tunnel 1 mode mpls-te

[SPE1-Tunnel1] ip address unnumbered interface LoopBack0

[SPE1-Tunnel1] destination 1.1.1.9

[SPE1-Tunnel1] mpls te signaling rsvp-te

[SPE1-Tunnel1] mpls te bandwidth 1000

[SPE1-Tunnel1] quit

[SPE1] interface tunnel 2 mode mpls-te

[SPE1-Tunnel2] ip address unnumbered interface LoopBack0

[SPE1-Tunnel2] destination 1.1.1.9

[SPE1-Tunnel2] mpls te signaling rsvp-te

[SPE1-Tunnel2] mpls te bandwidth 1500

[SPE1-Tunnel2] quit

[SPE1] interface tunnel 3 mode mpls-te

[SPE1-Tunnel3] ip address unnumbered interface LoopBack0

[SPE1-Tunnel3] destination 3.3.3.9

[SPE1-Tunnel3] mpls te signaling rsvp-te

[SPE1-Tunnel3] mpls te bandwidth 2000

[SPE1-Tunnel3] quit

[SPE1] interface tunnel 4 mode mpls-te

[SPE1-Tunnel4] ip address unnumbered interface LoopBack0

[SPE1-Tunnel4] destination 3.3.3.9

[SPE1-Tunnel4] mpls te signaling rsvp-te

[SPE1-Tunnel4] mpls te bandwidth 2500

[SPE1-Tunnel4] quit

# 配置前缀列表pt1、pt2、pt3和pt4。

[SPE1] ip prefix-list pt1 index 10 permit 10.2.1.1 24

[SPE1] ip prefix-list pt2 index 10 permit 10.4.1.1 24

[SPE1] ip prefix-list pt3 index 10 permit 10.1.1.1 24

[SPE1] ip prefix-list pt4 index 10 permit 10.3.1.1 24

# 创建隧道策略tp1、tp2、tp3和tp4。

[SPE1] tunnel-policy tp1

[SPE1-tunnel-policy-tp1] preferred-path tunnel 1

[SPE1-tunnel-policy-tp1] quit

[SPE1] tunnel-policy tp2

[SPE1-tunnel-policy-tp2] preferred-path tunnel 2

[SPE1-tunnel-policy-tp2] quit

[SPE1] tunnel-policy tp3

[SPE1-tunnel-policy-tp3] preferred-path tunnel 3

[SPE1-tunnel-policy-tp3] quit

[SPE1] tunnel-policy tp4

[SPE1-tunnel-policy-tp4] preferred-path tunnel 4

[SPE1-tunnel-policy-tp4] quit

# 创建隧道迭代器ts1、ts2。

[SPE1] tunnel-selector ts1 permit node 1

[SPE1-tunnel-selector-ts1-1] if-match ip address prefix-list pt1

[SPE1-tunnel-selector-ts1-1] apply tunnel-policy tp1

[SPE1-tunnel-selector-ts1-1] quit

[SPE1] tunnel-selector ts1 permit node 2

[SPE1-tunnel-selector-ts1-2] if-match ip address prefix-list pt3

[SPE1-tunnel-selector-ts1-2] apply tunnel-policy tp3

[SPE1-tunnel-selector-ts1-2] quit

[SPE1] tunnel-selector ts2 permit node 1

[SPE1-tunnel-selector-ts2-1] if-match ip address prefix-list pt2

[SPE1-tunnel-selector-ts2-1] apply tunnel-policy tp2

[SPE1-tunnel-selector-ts2-1] quit

[SPE1] tunnel-selector ts2 permit node 2

[SPE1-tunnel-selector-ts2-2] if-match ip address prefix-list pt4

[SPE1-tunnel-selector-ts2-2] apply tunnel-policy tp4

[SPE1-tunnel-selector-ts2-2] quit

# 在BGP-VPN IPv4单播地址族视图下应用隧道迭代器。

[SPE1] bgp 100

[SPE1-bgp-default] ip vpn-instance vpn1

[SPE1-bgp-default-vpn1] address-family ipv4

[SPE1-bgp-default-ipv4-vpn1] apply tunnel-selector ts1

[SPE1-bgp-default-ipv4-vpn1] quit

[SPE1-bgp-default-vpn1] quit

[SPE1-bgp-default] ip vpn-instance vpn2

[SPE1-bgp-default-vpn2] address-family ipv4

[SPE1-bgp-default-ipv4-vpn2] apply tunnel-selector ts2

[SPE1-bgp-default-ipv4-vpn2] quit

[SPE1-bgp-default-vpn2] quit

[SPE1-bgp-default] quit

(8) 配置SPE 2

# 创建VLAN，并将端口加入到VLAN。

<Sysname> system-view

[Sysname] sysname SPE2

[SPE2] vlan 11

[SPE2-vlan11] quit

[SPE2] vlan 12

[SPE2-vlan12] quit

[SPE2] interface ten-gigabitethernet 1/0/1

[SPE2-Ten-GigabitEthernet1/0/1] port access vlan 11

[SPE2-Ten-GigabitEthernet1/0/1] quit

[SPE2] interface ten-gigabitethernet 1/0/2

[SPE2-Ten-GigabitEthernet1/0/2] port access vlan 12

[SPE2-Ten-GigabitEthernet1/0/2] quit

# 配置MPLS基本能力和MPLS LDP能力，建立LDP LSP。

[SPE2] interface loopback 0

[SPE2-LoopBack0] ip address 3.3.3.9 32

[SPE2-LoopBack0] quit

[SPE2] mpls lsr-id 3.3.3.9

[SPE2] mpls ldp

[SPE2-ldp] quit

[SPE2] interface vlan-interface 12

[SPE2-Vlan-interface12] ip address 180.1.1.2 24

[SPE2-Vlan-interface12] mpls enable

[SPE2-Vlan-interface12] mpls ldp enable

[SPE2-Vlan-interface12] quit

[SPE2] interface vlan-interface 11

[SPE2-Vlan-interface11] ip address 172.2.1.2 24

[SPE2-Vlan-interface11] mpls enable

[SPE2-Vlan-interface11] mpls ldp enable

[SPE2-Vlan-interface11] quit

# 配置IGP协议，以OSPF为例。

[SPE2] ospf

[SPE2-ospf-1] area 0

[SPE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0

[SPE2-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255

[SPE2-ospf-1-area-0.0.0.0] network 180.1.1.0 0.0.0.255

[SPE2-ospf-1-area-0.0.0.0] quit

[SPE2-ospf-1] quit

# 配置VPN实例vpn1和vpn2。

[SPE2] ip vpn-instance vpn1

[SPE2-vpn-instance-vpn1] route-distinguisher 600:1

[SPE2-vpn-instance-vpn1] vpn-target 100:1 both

[SPE2-vpn-instance-vpn1] quit

[SPE2] ip vpn-instance vpn2

[SPE2-vpn-instance-vpn2] route-distinguisher 800:1

[SPE2-vpn-instance-vpn2] vpn-target 100:2 both

[SPE2-vpn-instance-vpn2] quit

# 配置SPE 2与SPE 1、UPE 2建立MP-IBGP对等体，并指定UPE 2为UPE。

[SPE2] bgp 100

[SPE2-bgp-default] peer 4.4.4.9 as-number 100

[SPE2-bgp-default] peer 4.4.4.9 connect-interface loopback 0

[SPE2-bgp-default] peer 2.2.2.9 as-number 100

[SPE2-bgp-default] peer 2.2.2.9 connect-interface loopback 0

[SPE2-bgp-default] address-family vpnv4

[SPE2-bgp-default-vpnv4] peer 2.2.2.9 enable

[SPE2-bgp-default-vpnv4] peer 4.4.4.9 enable

[SPE2-bgp-default-vpnv4] peer 4.4.4.9 upe

[SPE2-bgp-default-vpnv4] peer 4.4.4.9 next-hop-local

[SPE2-bgp-default-vpnv4] quit

# 为VPN实例vpn1和vpn2分别创建BGP-VPN实例，以便根据Route Target属性将学习到的VPNv4路由添加到相应VPN实例的BGP路由表中。

[SPE2-bgp-default] ip vpn-instance vpn1

[SPE2-bgp-default-vpn1] quit

[SPE2-bgp-default] ip vpn-instance vpn2

[SPE2-bgp-default-vpn2] quit

[SPE2-bgp-default] quit

# 配置SPE 2向UPE 2发送通过策略的路由信息，允许CE 1的路由发送给UPE 2。

[SPE2] ip prefix-list hope index 10 permit 10.2.1.1 24

[SPE2] route-policy hope permit node 0

[SPE2-route-policy-hope-0] if-match ip address prefix-list hope

[SPE2-route-policy-hope-0] quit

[SPE2] bgp 100

[SPE2-bgp-default] address-family vpnv4

[SPE2-bgp-default-vpnv4] peer 4.4.4.9 upe route-policy hope export

[SPE2-bgp-default-vpnv4] quit

[SPE2-bgp-default] quit

# 开启MPLS TE、RSVP-TE和OSPF TE能力，配置链路的MPLS TE属性，采用RSVP-TE信令协议建立MPLS TE隧道Tunnel1、Tunnel2，和Tunnel3、Tunnel4，目的地址为UPE 2的LSR ID（4.4.4.9）和SPE 1的LSR ID（2.2.2.9）。

[SPE2] mpls te

[SPE2-te] quit

[SPE2] rsvp

[SPE2-rsvp] quit

[SPE2] interface Vlan-interface 11

[SPE2-Vlan-interface11] mpls te enable

[SPE2-Vlan-interface11] mpls te max-link-bandwidth 10000

[SPE2-Vlan-interface11] mpls te max-reservable-bandwidth 8000

[SPE2-Vlan-interface11] rsvp enable

[SPE2-Vlan-interface11] quit

[SPE2] interface Vlan-interface 12

[SPE2-Vlan-interface12] mpls te enable

[SPE2-Vlan-interface12] mpls te max-link-bandwidth 10000

[SPE2-Vlan-interface12] mpls te max-reservable-bandwidth 8000

[SPE2-Vlan-interface12] rsvp enable

[SPE2-Vlan-interface12] quit

[SPE2] ospf 1

[SPE2-ospf-1] area 0

[SPE2-ospf-1-area-0.0.0.0] mpls te enable

[SPE2-ospf-1] quit

[SPE2] interface tunnel 1 mode mpls-te

[SPE2-Tunnel1] ip address unnumbered interface LoopBack0

[SPE2-Tunnel1] destination 4.4.4.9

[SPE2-Tunnel1] mpls te signaling rsvp-te

[SPE2-Tunnel1] mpls te bandwidth 1000

[SPE2-Tunnel1] quit

[SPE2] interface tunnel 2 mode mpls-te

[SPE2-Tunnel2] ip address unnumbered interface LoopBack0

[SPE2-Tunnel2] destination 4.4.4.9

[SPE2-Tunnel2] mpls te signaling rsvp-te

[SPE2-Tunnel2] mpls te bandwidth 1500

[SPE2-Tunnel2] quit

[SPE2] interface tunnel 3 mode mpls-te

[SPE2-Tunnel3] ip address unnumbered interface LoopBack0

[SPE2-Tunnel3] destination 2.2.2.9

[SPE2-Tunnel3] mpls te signaling rsvp-te

[SPE2-Tunnel3] mpls te bandwidth 2000

[SPE2-Tunnel3] quit

[SPE2] interface tunnel 4 mode mpls-te

[SPE2-Tunnel4] ip address unnumbered interface LoopBack0

[SPE2-Tunnel4] destination 2.2.2.9

[SPE2-Tunnel4] mpls te signaling rsvp-te

[SPE2-Tunnel4] mpls te bandwidth 2500

[SPE2-Tunnel4] quit

# 配置前缀列表pt1、pt2、pt3和pt4。

[SPE2] ip prefix-list pt1 index 10 permit 10.1.1.1 24

[SPE2] ip prefix-list pt2 index 10 permit 10.3.1.1 24

[SPE2] ip prefix-list pt3 index 10 permit 10.2.1.1 24

[SPE2] ip prefix-list pt4 index 10 permit 10.4.1.1 24

# 创建隧道策略tp1、tp2、tp3和tp4。

[SPE2] tunnel-policy tp1

[SPE2-tunnel-policy-tp1] preferred-path tunnel 1

[SPE2-tunnel-policy-tp1] quit

[SPE2] tunnel-policy tp2

[SPE2-tunnel-policy-tp2] preferred-path tunnel 2

[SPE2-tunnel-policy-tp2] quit

[SPE2] tunnel-policy tp3

[SPE2-tunnel-policy-tp3] preferred-path tunnel 3

[SPE2-tunnel-policy-tp3] quit

[SPE2] tunnel-policy tp4

[SPE2-tunnel-policy-tp4] preferred-path tunnel 4

[SPE2-tunnel-policy-tp4] quit

# 创建隧道迭代器ts1、ts2。

[SPE2] tunnel-selector ts1 permit node 1

[SPE2-tunnel-selector-ts1-1] if-match ip address prefix-list pt1

[SPE2-tunnel-selector-ts1-1] apply tunnel-policy tp1

[SPE2-tunnel-selector-ts1-1] quit

[SPE2] tunnel-selector ts1 permit node 2

[SPE2-tunnel-selector-ts1-2] if-match ip address prefix-list pt3

[SPE2-tunnel-selector-ts1-2] apply tunnel-policy tp3

[SPE2-tunnel-selector-ts1-2] quit

[SPE2] tunnel-selector ts2 permit node 1

[SPE2-tunnel-selector-ts2-1] if-match ip address prefix-list pt2

[SPE2-tunnel-selector-ts2-1] apply tunnel-policy tp2

[SPE2-tunnel-selector-ts2-1] quit

[SPE2] tunnel-selector ts2 permit node 2

[SPE2-tunnel-selector-ts2-2] if-match ip address prefix-list pt4

[SPE2-tunnel-selector-ts2-2] apply tunnel-policy tp4

[SPE2-tunnel-selector-ts2-2] quit

# 在BGP-VPN IPv4单播地址族视图下应用隧道迭代器。

[SPE2] bgp 100

[SPE2-bgp-default] ip vpn-instance vpn1

[SPE2-bgp-default-vpn1] address-family ipv4

[SPE2-bgp-default-ipv4-vpn1] apply tunnel-selector ts1

[SPE2-bgp-default-ipv4-vpn1] quit

[SPE2-bgp-default-vpn1] quit

[SPE2-bgp-default] ip vpn-instance vpn2

[SPE2-bgp-default-vpn2] address-family ipv4

[SPE2-bgp-default-ipv4-vpn2] apply tunnel-selector ts2

[SPE2-bgp-default-ipv4-vpn2] quit

[SPE2-bgp-default-vpn2] quit

[SPE2-bgp-default] quit

4. 验证配置

# CE 1和CE 3能够学习到对方的接口路由，CE 1和CE 3能够相互ping通；CE 2和CE 4不能学习到对方的接口路由，CE 2和CE 4不能相互ping通。

[CE1] ping 10.1.1.1

Ping 10.1.1.1 (10.1.1.1): 56 data bytes, press CTRL+C to break

56 bytes from 10.1.1.1: icmp_seq=0 ttl=253 time=3.000 ms

56 bytes from 10.1.1.1: icmp_seq=1 ttl=253 time=4.000 ms

56 bytes from 10.1.1.1: icmp_seq=2 ttl=253 time=2.000 ms

56 bytes from 10.1.1.1: icmp_seq=3 ttl=253 time=3.000 ms

56 bytes from 10.1.1.1: icmp_seq=4 ttl=253 time=1.000 ms

--- Ping statistics for 10.1.1.1 ---

5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss

round-trip min/avg/max/std-dev = 1.000/2.600/4.000/1.020 ms

# 在UPE 1上查看VPN实例vpn1的路由表，可以看出到达CE 3的VPN流量通过MPLS TE隧道转发。UPE 2上与此类似。

[UPE1] display ip routing-table vpn-instance vpn1

Destinations : 11 Routes : 11

Destination/Mask Proto Pre Cost NextHop Interface

0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

10.1.1.0/24 BGP 255 0 2.2.2.9 Tun1

BGP 255 0 2.2.2.9 Tun2

10.2.1.0/24 Direct 0 0 10.2.1.2 Vlan12

10.2.1.2/32 Direct 0 0 127.0.0.1 InLoop0

10.2.1.255/32 Direct 0 0 10.2.1.2 Vlan12

127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0

127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0

127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

224.0.0.0/4 Direct 0 0 0.0.0.0 NULL0

224.0.0.0/24 Direct 0 0 0.0.0.0 NULL0

255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

# 在SPE 1上查看VPN实例vpn1和vpn2的路由表，可以看出不同网段的流量通过不同的MPLS TE隧道转发。SPE 2上与此类似。

[SPE1] display ip routing-table vpn-instance vpn1

Destinations : 9 Routes : 9

Destination/Mask Proto Pre Cost NextHop Interface

0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

10.1.1.0/24 BGP 255 0 3.3.3.9 Tun3

10.2.1.0/24 BGP 255 0 1.1.1.9 Tun1

127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0

127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0

127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

224.0.0.0/4 Direct 0 0 0.0.0.0 NULL0

224.0.0.0/24 Direct 0 0 0.0.0.0 NULL0

255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

[SPE1] display ip routing-table vpn-instance vpn2

Destinations : 9 Routes : 9

Destination/Mask Proto Pre Cost NextHop Interface

0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0

10.3.1.0/24 BGP 255 0 3.3.3.9 Tun4

10.4.1.0/24 BGP 255 0 1.1.1.9 Tun2

127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0

127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0

127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

224.0.0.0/4 Direct 0 0 0.0.0.0 NULL0

224.0.0.0/24 Direct 0 0 0.0.0.0 NULL0

255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0

5. 配置文件

· UPE 1：

sysname UPE1

ip vpn-instance vpn1

route-distinguisher 100:1

tnl-policy tpolicy1

vpn-target 100:1 import-extcommunity

vpn-target 100:1 export-extcommunity

ip vpn-instance vpn2

route-distinguisher 100:2

vpn-target 100:2 import-extcommunity

vpn-target 100:2 export-extcommunity

ospf 1

area 0.0.0.0

network 1.1.1.9 0.0.0.0

network 172.1.1.0 0.0.0.255

mpls te enable

mpls lsr-id 1.1.1.9

vlan 11 to 13

mpls ldp

mpls te

rsvp

tunnel-policy tpolicy1

select-seq cr-lsp load-balance-number 2

interface LoopBack0

ip address 1.1.1.9 255.255.255.255

interface Vlan-interface11

ip address 172.1.1.1 255.255.255.0

mpls enable

mpls ldp enable

mpls te enable

mpls te max-link-bandwidth 10000

mpls te max-reservable-bandwidth 8000

rsvp enable

interface Vlan-interface12

ip binding vpn-instance vpn1

ip address 10.2.1.2 255.255.255.0

interface Vlan-interface13

ip binding vpn-instance vpn2

ip address 10.4.1.2 255.255.255.0

interface Ten-GigabitEthernet1/0/1

port link-mode bridge

port access vlan 11

interface Ten-GigabitEthernet1/0/2

port link-mode bridge

port access vlan 12

interface Ten-GigabitEthernet1/0/3

port link-mode bridge

port access vlan 13

interface Tunnel1 mode mpls-te

ip address unnumbered interface LoopBack0

mpls te bandwidth ct0 2000

destination 2.2.2.9

interface Tunnel2 mode mpls-te

ip address unnumbered interface LoopBack0

mpls te bandwidth ct0 2500

destination 2.2.2.9

bgp 100

peer 2.2.2.9 as-number 100

peer 2.2.2.9 connect-interface LoopBack0

address-family vpnv4

peer 2.2.2.9 enable

ip vpn-instance vpn1

peer 10.2.1.1 as-number 65410

address-family ipv4 unicast

peer 10.2.1.1 enable

ip vpn-instance vpn2

peer 10.4.1.1 as-number 65420

address-family ipv4 unicast

peer 10.4.1.1 enable

return

· CE 1：

sysname CE1

vlan 12

interface Vlan-interface12

ip address 10.2.1.1 255.255.255.0

interface Ten-GigabitEthernet1/0/1

port link-mode bridge

port access vlan 12

bgp 65410

peer 10.2.1.2 as-number 100

address-family ipv4 unicast

import-route direct

peer 10.2.1.2 enable

return

· CE 2：

sysname CE2

vlan 13

interface Vlan-interface13

ip address 10.4.1.1 255.255.255.0

interface Ten-GigabitEthernet1/0/1

port link-mode bridge

port access vlan 13

bgp 65420

peer 10.4.1.2 as-number 100

address-family ipv4 unicast

import-route direct

peer 10.4.1.2 enable

return

· UPE 2：

sysname UPE2

ip vpn-instance vpn1

route-distinguisher 300:1

tnl-policy tpolicy1

vpn-target 100:1 import-extcommunity

vpn-target 100:1 export-extcommunity

ip vpn-instance vpn2

route-distinguisher 400:2

vpn-target 100:2 import-extcommunity

vpn-target 100:2 export-extcommunity

ospf 1

area 0.0.0.0

network 4.4.4.9 0.0.0.0

network 172.2.1.0 0.0.0.255

mpls te enable

mpls lsr-id 4.4.4.9

vlan 11 to 13

mpls ldp

mpls te

rsvp

tunnel-policy tpolicy1

select-seq cr-lsp load-balance-number 2

interface LoopBack0

ip address 4.4.4.9 255.255.255.255

interface Vlan-interface11

ip address 172.2.1.1 255.255.255.0

mpls enable

mpls ldp enable

mpls te enable

mpls te max-link-bandwidth 10000

mpls te max-reservable-bandwidth 8000

rsvp enable

interface Vlan-interface12

ip binding vpn-instance vpn1

ip address 10.1.1.2 255.255.255.0

interface Vlan-interface13

ip binding vpn-instance vpn2

ip address 10.3.1.2 255.255.255.0

interface Ten-GigabitEthernet1/0/1

port link-mode bridge

port access vlan 11

interface Ten-GigabitEthernet1/0/2

port link-mode bridge

port access vlan 12

interface Ten-GigabitEthernet1/0/3

port link-mode bridge

port access vlan 13

interface Tunnel1 mode mpls-te

ip address unnumbered interface LoopBack0

mpls te bandwidth ct0 2000

destination 3.3.3.9

interface Tunnel2 mode mpls-te

ip address unnumbered interface LoopBack0

mpls te bandwidth ct0 2500

destination 3.3.3.9

bgp 100

peer 3.3.3.9 as-number 100

peer 3.3.3.9 connect-interface LoopBack0

address-family vpnv4

peer 3.3.3.9 enable

ip vpn-instance vpn1

peer 10.1.1.1 as-number 65430

address-family ipv4 unicast

peer 10.1.1.1 enable

ip vpn-instance vpn2

peer 10.3.1.1 as-number 65440

address-family ipv4 unicast

peer 10.3.1.1 enable

return

· CE 3：

sysname CE3

vlan 12

interface Vlan-interface12

ip address 10.1.1.1 255.255.255.0

interface Ten-GigabitEthernet1/0/1

port link-mode bridge

port access vlan 12

bgp 65430

peer 10.1.1.2 as-number 100

address-family ipv4 unicast

import-route direct

peer 10.1.1.2 enable

return

· CE 4：

sysname CE4

vlan 13

interface Vlan-interface13

ip address 10.3.1.1 255.255.255.0

interface Ten-GigabitEthernet1/0/1

port link-mode bridge

port access vlan 13

bgp 65440

peer 10.3.1.2 as-number 100

address-family ipv4 unicast

import-route direct

peer 10.3.1.2 enable

return

· SPE 1：

sysname SPE1

ip vpn-instance vpn1

route-distinguisher 500:1

vpn-target 100:1 import-extcommunity

vpn-target 100:1 export-extcommunity

ip vpn-instance vpn2

route-distinguisher 700:1

vpn-target 100:2 import-extcommunity

vpn-target 100:2 export-extcommunity

ospf 1

area 0.0.0.0

network 2.2.2.9 0.0.0.0

network 172.1.1.0 0.0.0.255

network 180.1.1.0 0.0.0.255

mpls te enable

mpls lsr-id 2.2.2.9

vlan 11 to 12

mpls ldp

mpls te

rsvp

tunnel-policy tp1

preferred-path tunnel 1

tunnel-policy tp2

preferred-path tunnel 2

tunnel-policy tp3

preferred-path tunnel 3

tunnel-policy tp4

preferred-path tunnel 4

interface LoopBack0

ip address 2.2.2.9 255.255.255.255

interface Vlan-interface11

ip address 172.1.1.2 255.255.255.0

mpls enable

mpls ldp enable

mpls te enable

mpls te max-link-bandwidth 10000

mpls te max-reservable-bandwidth 8000

rsvp enable

interface Vlan-interface12

ip address 180.1.1.1 255.255.255.0

mpls enable

mpls ldp enable

mpls te enable

mpls te max-link-bandwidth 10000

mpls te max-reservable-bandwidth 8000

rsvp enable

interface Ten-GigabitEthernet1/0/1

port link-mode bridge

port access vlan 11

interface Ten-GigabitEthernet1/0/2

port link-mode bridge

port access vlan 12

interface Tunnel1 mode mpls-te

ip address unnumbered interface LoopBack0

mpls te bandwidth ct0 1000

destination 1.1.1.9

interface Tunnel2 mode mpls-te

ip address unnumbered interface LoopBack0

mpls te bandwidth ct0 1500

destination 1.1.1.9

interface Tunnel3 mode mpls-te

ip address unnumbered interface LoopBack0

mpls te bandwidth ct0 2000

destination 3.3.3.9

interface Tunnel4 mode mpls-te

ip address unnumbered interface LoopBack0

mpls te bandwidth ct0 2500

destination 3.3.3.9

bgp 100

peer 1.1.1.9 as-number 100

peer 1.1.1.9 connect-interface LoopBack0

peer 3.3.3.9 as-number 100

peer 3.3.3.9 connect-interface LoopBack0

address-family vpnv4

peer 1.1.1.9 enable

peer 1.1.1.9 next-hop-local

peer 1.1.1.9 upe

peer 1.1.1.9 upe route-policy hope export

peer 3.3.3.9 enable

ip vpn-instance vpn1

address-family ipv4 unicast

apply tunnel-selector ts1

ip vpn-instance vpn2

address-family ipv4 unicast

apply tunnel-selector ts2

route-policy hope permit node 0

if-match ip address prefix-list hope

tunnel-selector ts1 permit node 1

if-match ip address prefix-list pt1

apply tunnel-policy tp1

tunnel-selector ts1 permit node 2

if-match ip address prefix-list pt3

apply tunnel-policy tp3

tunnel-selector ts2 permit node 1

if-match ip address prefix-list pt2

apply tunnel-policy tp2

tunnel-selector ts2 permit node 2

if-match ip address prefix-list pt4

apply tunnel-policy tp4

ip prefix-list hope index 10 permit 10.1.1.0 24

ip prefix-list pt1 index 10 permit 10.2.1.0 24

ip prefix-list pt2 index 10 permit 10.4.1.0 24

ip prefix-list pt3 index 10 permit 10.1.1.0 24

ip prefix-list pt4 index 10 permit 10.3.1.0 24

return

· SPE 2：

sysname SPE2

ip vpn-instance vpn1

route-distinguisher 600:1

vpn-target 100:1 import-extcommunity

vpn-target 100:1 export-extcommunity

ip vpn-instance vpn2

route-distinguisher 800:1

vpn-target 100:2 import-extcommunity

vpn-target 100:2 export-extcommunity

ospf 1

area 0.0.0.0

network 3.3.3.9 0.0.0.0

network 172.2.1.0 0.0.0.255

network 180.1.1.0 0.0.0.255

mpls te enable

mpls lsr-id 3.3.3.9

vlan 11 to 12

mpls ldp

mpls te

rsvp

tunnel-policy tp1

preferred-path tunnel 1

tunnel-policy tp2

preferred-path tunnel 2

tunnel-policy tp3

preferred-path tunnel 3

tunnel-policy tp4

preferred-path tunnel 4

interface LoopBack0

ip address 3.3.3.9 255.255.255.255

interface Vlan-interface11

ip address 172.2.1.2 255.255.255.0

mpls enable

mpls ldp enable

mpls te enable

mpls te max-link-bandwidth 10000

mpls te max-reservable-bandwidth 8000

rsvp enable

interface Vlan-interface12

ip address 180.1.1.2 255.255.255.0

mpls enable

mpls ldp enable

mpls te enable

mpls te max-link-bandwidth 10000

mpls te max-reservable-bandwidth 8000

rsvp enable

interface Ten-GigabitEthernet1/0/1

port link-mode bridge

port access vlan 11

interface Ten-GigabitEthernet1/0/2

port link-mode bridge

port access vlan 12

interface Tunnel1 mode mpls-te

ip address unnumbered interface LoopBack0

mpls te bandwidth ct0 1000

destination 4.4.4.9

interface Tunnel2 mode mpls-te

ip address unnumbered interface LoopBack0

mpls te bandwidth ct0 1500

destination 4.4.4.9

interface Tunnel3 mode mpls-te

ip address unnumbered interface LoopBack0

mpls te bandwidth ct0 2000

destination 2.2.2.9

interface Tunnel4 mode mpls-te

ip address unnumbered interface LoopBack0

mpls te bandwidth ct0 2500

destination 2.2.2.9

bgp 100

peer 2.2.2.9 as-number 100

peer 2.2.2.9 connect-interface LoopBack0

peer 4.4.4.9 as-number 100

peer 4.4.4.9 connect-interface LoopBack0

address-family vpnv4

peer 2.2.2.9 enable

peer 4.4.4.9 enable

peer 4.4.4.9 next-hop-local

peer 4.4.4.9 upe

peer 4.4.4.9 upe route-policy hope export

ip vpn-instance vpn1

address-family ipv4 unicast

apply tunnel-selector ts1

ip vpn-instance vpn2

address-family ipv4 unicast

apply tunnel-selector ts2

route-policy hope permit node 0

if-match ip address prefix-list hope

tunnel-selector ts1 permit node 1

if-match ip address prefix-list pt1

apply tunnel-policy tp1

tunnel-selector ts1 permit node 2

if-match ip address prefix-list pt3

apply tunnel-policy tp3

tunnel-selector ts2 permit node 1

if-match ip address prefix-list pt2

apply tunnel-policy tp2

tunnel-selector ts2 permit node 2

if-match ip address prefix-list pt4

apply tunnel-policy tp4

ip prefix-list hope index 10 permit 10.2.1.0 24

ip prefix-list pt1 index 10 permit 10.1.1.0 24

ip prefix-list pt2 index 10 permit 10.3.1.0 24

ip prefix-list pt3 index 10 permit 10.2.1.0 24

ip prefix-list pt4 index 10 permit 10.4.1.0 24

return

2.8.3 配置IPv6跨域VPN-OptionB方式隧道迭代器示例

1. 组网需求

· Site 1和Site 2属于同一个VPN，Site 1的CE 1通过AS 100的PE 1接入，Site 2的CE 2通过AS 600的PE 2接入；

· 同一自治系统内的PE设备之间运行IS-IS作为IGP；

· PE 1与ASBR-PE 1间通过MP-IBGP交换VPNv6路由，并分别通过隧道策略和隧道迭代器，使得PE 1与ASBR-PE 1间的流量通过MPLS TE隧道Tunnel1转发；

· PE 2与ASBR-PE 2间通过MP-IBGP交换VPNv6路由，并分别通过隧道策略和隧道迭代器，使得PE 2与ASBR-PE 2间的流量通过MPLS TE隧道Tunnel1转发；

· ASBR-PE 1与ASBR-PE 2间通过MP-EBGP交换VPNv6路由；

· ASBR上不对接收的VPNv6路由进行Route Target过滤。

2. 组网图

图2-3 配置IPv6跨域VPN-OptionB方式组网图

设备	接口	IP地址	设备	接口	IP地址
PE 1	Loop0	2.2.2.9/32	PE 2	Loop0	5.5.5.9/32
	Vlan-int12	30::1/64		Vlan-int12	20::1/64
	Vlan-int11	1.1.1.2/8		Vlan-int11	9.1.1.2/8
ASBR-PE 1	Loop0	3.3.3.9/32	ASBR-PE 2	Loop0	4.4.4.9/32
	Vlan-int11	1.1.1.1/8		Vlan-int11	9.1.1.1/8
	Vlan-int12	11.0.0.2/8		Vlan-int12	11.0.0.1/8
CE 1	Vlan-int12	30::2/64	CE 2	Vlan-int12	20::2/64

3. 配置步骤

(1) 配置CE 1

# 配置接口的IP地址。

<Sysname> system-view

[Sysname] sysname CE1

[CE1] vlan 12

[CE1-vlan12] quit

[CE1] interface ten-gigabitethernet 1/0/1

[CE1-Ten-GigabitEthernet1/0/1] port link-type trunk

[CE1-Ten-GigabitEthernet1/0/1] port trunk permit vlan 12

[CE1-Ten-GigabitEthernet1/0/1] quit

[CE1] interface vlan-interface 12

[CE1-Vlan-interface12] ipv6 address 30::2 64

[CE1-Vlan-interface12] quit

# 在PE与CE之间建立EBGP对等体，并引入直连路由。

[CE1] bgp 65001

[CE1-bgp-default] router-id 6.6.6.6

[CE1-bgp-default] peer 30::1 as-number 100

[CE1-bgp-default] address-family ipv6 unicast

[CE1-bgp-default-ipv6] peer 30::1 enable

[CE1-bgp-default-ipv6] import-route direct

[CE1-bgp-default-ipv6] quit

[CE1-bgp-default] quit

(2) 配置PE 1

# 在PE 1上运行IS-IS。

<Sysname> system-view

[Sysname] sysname PE1

[PE1] isis 1

[PE1-isis-1] network-entity 10.111.111.111.111.00

[PE1-isis-1] quit

# 配置LSR ID，使能MPLS和LDP。

[PE1] mpls lsr-id 2.2.2.9

[PE1] mpls ldp

[PE1-ldp] quit

# 创建VLAN，并将端口加入到VLAN。

[PE1] vlan 11

[PE1-vlan11] quit

[PE1] vlan 12

[PE1-vlan12] quit

[PE1] interface ten-gigabitethernet 1/0/1

[PE1-Ten-GigabitEthernet1/0/1] port link-type trunk

[PE1-Ten-GigabitEthernet1/0/1] port trunk permit vlan 11

[PE1-Ten-GigabitEthernet1/0/1] quit

[PE1] interface ten-gigabitethernet 1/0/2

[PE1-Ten-GigabitEthernet1/0/2] port link-type trunk

[PE1-Ten-GigabitEthernet1/0/2] port trunk permit vlan 12

[PE1-Ten-GigabitEthernet1/0/2] quit

# 配置Vlan-interface11，在接口上运行IS-IS，并使能MPLS和LDP。

[PE1] interface vlan-interface 11

[PE1-Vlan-interface11] ip address 1.1.1.2 255.0.0.0

[PE1-Vlan-interface11] isis enable 1

[PE1-Vlan-interface11] mpls enable

[PE1-Vlan-interface11] mpls ldp enable

[PE1-Vlan-interface11] quit

# 创建Loopback0接口，在接口上运行IS-IS。

[PE1] interface loopback 0

[PE1-LoopBack0] ip address 2.2.2.9 32

[PE1-LoopBack0] isis enable 1

[PE1-LoopBack0] quit

# 创建一个VPN实例，名为vpn1，配置RD和Route Target属性。

[PE1] ip vpn-instance vpn1

[PE1-vpn-instance-vpn1] route-distinguisher 11:11

[PE1-vpn-instance-vpn1] vpn-target 1:1 2:2 3:3 import-extcommunity

[PE1-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity

[PE1-vpn-instance-vpn1] quit

# 将连接CE 1的接口绑定到创建的VPN实例。

[PE1] interface vlan-interface 12

[PE1-Vlan-interface12] ip binding vpn-instance vpn1

[PE1-Vlan-interface12] ipv6 address 30::1 64

[PE1-Vlan-interface12] quit

# 在PE 1上运行BGP。

[PE1] bgp 100

# 配置IBGP对等体3.3.3.9为VPNv6对等体。

[PE1-bgp-default] peer 3.3.3.9 as-number 100

[PE1-bgp-default] peer 3.3.3.9 connect-interface loopback 0

[PE1-bgp-default] address-family vpnv6

[PE1-bgp-default-vpnv6] peer 3.3.3.9 enable

[PE1-bgp-default-vpnv6] quit

# 配置PE 1与CE 1建立EBGP对等体，将学习到的BGP路由添加到VPN实例的路由表中。

[PE1-bgp-default] ip vpn-instance vpn1

[PE1-bgp-default-vpn1] peer 30::2 as-number 65001

[PE1-bgp-default-vpn1] address-family ipv6 unicast

[PE1-bgp-default-ipv6-vpn1] peer 30::2 enable

[PE1-bgp-default-ipv6-vpn1] quit

[PE1-bgp-default-vpn1] quit

[PE1-bgp-default] quit

[PE1] mpls te

[PE1-te] quit

[PE1] rsvp

[PE1-rsvp] quit

[PE1] interface vlan-interface 11

[PE1-Vlan-interface11] mpls enable

[PE1-Vlan-interface11] mpls te enable

[PE1-Vlan-interface11] mpls te max-link-bandwidth 10000

[PE1-Vlan-interface11] mpls te max-reservable-bandwidth 5000

[PE1-Vlan-interface11] rsvp enable

[PE1-Vlan-interface11] quit

[PE1] isis 1

[PE1-isis-1] cost-style wide

[PE1-isis-1] mpls te enable level-2

[PE1-isis-1] quit

[PE1] interface tunnel 1 mode mpls-te

[PE1-Tunnel1] ip address unnumbered interface LoopBack0

[PE1-Tunnel1] destination 3.3.3.9

[PE1-Tunnel1] mpls te signaling rsvp-te

[PE1-Tunnel1] mpls te bandwidth 2000

[PE1-Tunnel1] quit

# 创建隧道策略tpolicy1并在名为vpn1的VPN实例内应用隧道策略tpolicy1。

[PE1] tunnel-policy tpolicy1

[PE1-tunnel-policy-tpolicy1] preferred-path tunnel 1

[PE1-tunnel-policy-tpolicy1] quit

[PE1] ip vpn-instance vpn1

[PE1-vpn-instance-vpn1] tnl-policy tpolicy1

[PE1-vpn-instance-vpn1] quit

(3) 配置ASBR-PE 1

# 在ASBR-PE 1上运行IS-IS。

<Sysname> system-view

[Sysname] sysname ASBR-PE1

[ASBR-PE1] isis 1

[ASBR-PE1-isis-1] network-entity 10.222.222.222.222.00

[ASBR-PE1-isis-1] quit

# 配置LSR ID，使能MPLS和LDP。

[ASBR-PE1] mpls lsr-id 3.3.3.9

[ASBR-PE1] mpls ldp

[ASBR-PE1-ldp] quit

# 创建VLAN，并将端口加入到VLAN。

[ASBR-PE1] vlan 11

[ASBR-PE1-vlan11] quit

[ASBR-PE1] vlan 12

[ASBR-PE1-vlan12] quit

[ASBR-PE1] interface ten-gigabitethernet 1/0/1

[ASBR-PE1-Ten-GigabitEthernet1/0/1] port link-type trunk

[ASBR-PE1-Ten-GigabitEthernet1/0/1] port trunk permit vlan 11

[ASBR-PE1-Ten-GigabitEthernet1/0/1] quit

[ASBR-PE1] interface ten-gigabitethernet 1/0/2

[ASBR-PE1-Ten-GigabitEthernet1/0/2] port link-type trunk

[ASBR-PE1-Ten-GigabitEthernet1/0/2] port trunk permit vlan 12

[ASBR-PE1-Ten-GigabitEthernet1/0/2] quit

# 配置接口Vlan-interface11，在接口上运行IS-IS，并使能MPLS和LDP。

[ASBR-PE1] interface vlan-interface11

[ASBR-PE1-Vlan-interface11] ip address 1.1.1.1 255.0.0.0

[ASBR-PE1-Vlan-interface11] isis enable 1

[ASBR-PE1-Vlan-interface11] mpls enable

[ASBR-PE1-Vlan-interface11] mpls ldp enable

[ASBR-PE1-Vlan-interface11] quit

# 配置接口Vlan-interface12，使能MPLS。

[ASBR-PE1] interface vlan-interface 12

[ASBR-PE1-Vlan-interface12] ip address 11.0.0.2 255.0.0.0

[ASBR-PE1-Vlan-interface12] mpls enable

[ASBR-PE1-Vlan-interface12] quit

# 创建Loopback0接口，并运行IS-IS。

[ASBR-PE1] interface loopback 0

[ASBR-PE1-LoopBack0] ip address 3.3.3.9 32

[ASBR-PE1-LoopBack0] isis enable 1

[ASBR-PE1-LoopBack0] quit

# 在ASBR-PE 1上运行BGP

[ASBR-PE1] bgp 100

[ASBR-PE1-bgp-default] peer 2.2.2.9 as-number 100

[ASBR-PE1-bgp-default] peer 2.2.2.9 connect-interface loopback 0

[ASBR-PE1-bgp-default] peer 11.0.0.1 as-number 600

[ASBR-PE1-bgp-default] peer 11.0.0.1 connect-interface vlan-interface 12

# 不对接收的VPNv6路由进行Route target过滤。

[ASBR-PE1-bgp-default] address-family vpnv6

[ASBR-PE1-bgp-default-vpnv6] undo policy vpn-target

# 将IBGP对等体2.2.2.9和EBGP对等体11.0.0.1都配置为VPNv6对等体。

[ASBR-PE1-bgp-default-vpnv6] peer 11.0.0.1 enable

[ASBR-PE1-bgp-default-vpnv6] peer 2.2.2.9 enable

[ASBR-PE1-bgp-default-vpnv6] quit

[ASBR-PE1-bgp-default] quit

[ASBR-PE1] mpls te

[ASBR-PE1-te] quit

[ASBR-PE1] rsvp

[ASBR-PE1-rsvp] quit

[ASBR-PE1] interface vlan-interface 11

[ASBR-PE1-Vlan-interface11] mpls enable

[ASBR-PE1-Vlan-interface11] mpls te enable

[ASBR-PE1-Vlan-interface11] mpls te max-link-bandwidth 10000

[ASBR-PE1-Vlan-interface11] mpls te max-reservable-bandwidth 5000

[ASBR-PE1-Vlan-interface11] rsvp enable

[ASBR-PE1-Vlan-interface11] quit

[ASBR-PE1] isis 1

[ASBR-PE1-isis-1] cost-style wide

[ASBR-PE1-isis-1] mpls te enable level-2

[ASBR-PE1-isis-1] quit

[ASBR-PE1] interface tunnel 1 mode mpls-te

[ASBR-PE1-Tunnel1] ip address unnumbered interface LoopBack0

[ASBR-PE1-Tunnel1] destination 2.2.2.9

[ASBR-PE1-Tunnel1] mpls te signaling rsvp-te

[ASBR-PE1-Tunnel1] mpls te bandwidth 2000

[ASBR-PE1-Tunnel1] quit

# 创建隧道策略tpolicy1和隧道迭代器ts1，并在BGP VPNv6视图应用隧道迭代器ts1。

[ASBR-PE1] tunnel-policy tpolicy1

[ASBR-PE1-tunnel-policy-tpolicy1] preferred-path tunnel 1

[ASBR-PE1-tunnel-policy-tpolicy1] quit

[ASBR-PE1] tunnel-selector ts1 permit node 1

[ASBR-PE1-tunnel-selector-ts1-1] apply tunnel-policy tpolicy1

[ASBR-PE1-tunnel-selector-ts1-1] quit

[ASBR-PE1] bgp 100

[ASBR-PE1-bgp-default] address-family vpnv6

[ASBR-PE1-bgp-default-vpnv6] apply tunnel-selector ts1

[ASBR-PE1-bgp-default-vpnv6] quit

[ASBR-PE1-bgp-default] quit

(4) 配置ASBR-PE 2

# 在ASBR-PE 2上运行IS-IS。

<Sysname> system-view

[Sysname] sysname ASBR-PE2

[ASBR-PE2] isis 1

[ASBR-PE2-isis-1] network-entity 10.222.222.222.222.00

[ASBR-PE2-isis-1] quit

# 配置LSR ID，使能MPLS和LDP。

[ASBR-PE2] mpls lsr-id 4.4.4.9

[ASBR-PE2] mpls ldp

[ASBR-PE2-ldp] quit

# 创建VLAN，并将端口加入到VLAN。

[ASBR-PE2] vlan 11

[ASBR-PE2-vlan11] quit

[ASBR-PE2] vlan 12

[ASBR-PE2-vlan12] quit

[ASBR-PE2] interface ten-gigabitethernet 1/0/1

[ASBR-PE2-Ten-GigabitEthernet1/0/1] port link-type trunk

[ASBR-PE2-Ten-GigabitEthernet1/0/1] port trunk permit vlan 11

[ASBR-PE2-Ten-GigabitEthernet1/0/1] quit

[ASBR-PE2] interface ten-gigabitethernet 1/0/2

[ASBR-PE2-Ten-GigabitEthernet1/0/2] port link-type trunk

[ASBR-PE2-Ten-GigabitEthernet1/0/2] port trunk permit vlan 12

[ASBR-PE2-Ten-GigabitEthernet1/0/2] quit

# 配置接口Vlan-interface11，在接口上运行IS-IS，并使能MPLS和LDP。

[ASBR-PE2] interface vlan-interface 11

[ASBR-PE2-Vlan-interface11] ip address 9.1.1.1 255.0.0.0

[ASBR-PE2-Vlan-interface11] isis enable 1

[ASBR-PE2-Vlan-interface11] mpls enable

[ASBR-PE2-Vlan-interface11] mpls ldp enable

[ASBR-PE2-Vlan-interface11] quit

# 配置接口Vlan-interface12，使能MPLS。

[ASBR-PE2] interface vlan-interface 12

[ASBR-PE2-Vlan-interface12] ip address 11.0.0.1 255.0.0.0

[ASBR-PE2-Vlan-interface12] mpls enable

[ASBR-PE2-Vlan-interface12] quit

# 创建Loopback0接口，并运行IS-IS。

[ASBR-PE2] interface loopback 0

[ASBR-PE2-LoopBack0] ip address 4.4.4.9 32

[ASBR-PE2-LoopBack0] isis enable 1

[ASBR-PE2-LoopBack0] quit

# 在ASBR-PE 2上运行BGP。

[ASBR-PE2] bgp 600

[ASBR-PE2-bgp-default] peer 11.0.0.2 as-number 100

[ASBR-PE2-bgp-default] peer 11.0.0.2 connect-interface vlan-interface 12

[ASBR-PE2-bgp-default] peer 5.5.5.9 as-number 600

[ASBR-PE2-bgp-default] peer 5.5.5.9 connect-interface loopback 0

# 不对接收的VPNv6路由进行Route target过滤。

[ASBR-PE2-bgp-default] address-family vpnv6

[ASBR-PE2-bgp-default-vpnv6] undo policy vpn-target

# 将IBGP对等体5.5.5.9和EBGP对等体11.0.0.2都配置为VPNv6对等体。

[ASBR-PE2-bgp-default-vpnv6] peer 11.0.0.2 enable

[ASBR-PE2-bgp-default-vpnv6] peer 5.5.5.9 enable

[ASBR-PE2-bgp-default-vpnv6] quit

[ASBR-PE2-bgp-default] quit

[ASBR-PE2] mpls te

[ASBR-PE2-te] quit

[ASBR-PE2] rsvp

[ASBR-PE2-rsvp] quit

[ASBR-PE2] interface vlan-interface 11

[ASBR-PE2-Vlan-interface11] mpls enable

[ASBR-PE2-Vlan-interface11] mpls te enable

[ASBR-PE2-Vlan-interface11] mpls te max-link-bandwidth 10000

[ASBR-PE2-Vlan-interface11] mpls te max-reservable-bandwidth 5000

[ASBR-PE2-Vlan-interface11] rsvp enable

[ASBR-PE2-Vlan-interface11] quit

[ASBR-PE2] isis 1

[ASBR-PE2-isis-1] cost-style wide

[ASBR-PE2-isis-1] mpls te enable level-2

[ASBR-PE2-isis-1] quit

[ASBR-PE2] interface tunnel 1 mode mpls-te

[ASBR-PE2-Tunnel1] ip address unnumbered interface LoopBack0

[ASBR-PE2-Tunnel1] destination 5.5.5.9

[ASBR-PE2-Tunnel1] mpls te signaling rsvp-te

[ASBR-PE2-Tunnel1] mpls te bandwidth 2000

[ASBR-PE2-Tunnel1] quit

# 创建隧道策略tpolicy1和隧道迭代器ts1，并在BGP VPNv6视图应用隧道迭代器ts1。

[ASBR-PE2] tunnel-policy tpolicy1

[ASBR-PE2-tunnel-policy-tpolicy1] preferred-path tunnel 1

[ASBR-PE2-tunnel-policy-tpolicy1] quit

[ASBR-PE2] tunnel-selector ts1 permit node 1

[ASBR-PE2-tunnel-selector-ts1-1] apply tunnel-policy tpolicy1

[ASBR-PE2-tunnel-selector-ts1-1] quit

[ASBR-PE2] bgp 600

[ASBR-PE2-bgp-default] address-family vpnv6

[ASBR-PE2-bgp-default-vpnv6] apply tunnel-selector ts1

[ASBR-PE2-bgp-default-vpnv6] quit

[ASBR-PE2-bgp-default] quit

(5) 配置PE 2

# 在PE 2上运行IS-IS。

<Sysname> system-view

[Sysname] sysname PE2

[PE2] isis 1

[PE2-isis-1] network-entity 10.111.111.111.111.00

[PE2-isis-1] quit

# 配置LSR ID，使能MPLS和LDP。

[PE2] mpls lsr-id 5.5.5.9

[PE2] mpls ldp

[PE2-ldp] quit

# 创建VLAN，并将端口加入到VLAN。

[PE2] vlan 11

[PE2-vlan11] quit

[PE2] vlan 12

[PE2-vlan12] quit

[PE2] interface ten-gigabitethernet 1/0/1

[PE2-Ten-GigabitEthernet1/0/1] port link-type trunk

[PE2-Ten-GigabitEthernet1/0/1] port trunk permit vlan 11

[PE2-Ten-GigabitEthernet1/0/1] quit

[PE2] interface ten-gigabitethernet 1/0/2

[PE2-Ten-GigabitEthernet1/0/2] port link-type trunk

[PE2-Ten-GigabitEthernet1/0/2] port trunk permit vlan 12

[PE2-Ten-GigabitEthernet1/0/2] quit

# 配置接口Vlan-interface11，在接口上运行IS-IS，并使能MPLS和LDP。

[PE2] interface vlan-interface 11

[PE2-Vlan-interface11] ip address 9.1.1.2 255.0.0.0

[PE2-Vlan-interface11] isis enable 1

[PE2-Vlan-interface11] mpls enable

[PE2-Vlan-interface11] mpls ldp enable

[PE2-Vlan-interface11] quit

# 创建Loopback0接口，在接口上运行IS-IS。

[PE2] interface loopback 0

[PE2-LoopBack0] ip address 5.5.5.9 32

[PE2-LoopBack0] isis enable 1

[PE2-LoopBack0] quit

# 创建一个VPN实例，名为vpn1，配置RD和Route Target属性。

[PE2] ip vpn-instance vpn1

[PE2-vpn-instance-vpn1] route-distinguisher 12:12

[PE2-vpn-instance-vpn1] vpn-target 1:1 2:2 3:3 import-extcommunity

[PE2-vpn-instance-vpn1] vpn-target 3:3 export-extcommunity

[PE2-vpn-instance-vpn1] quit

# 将连接CE 2的接口绑定到创建的VPN实例。

[PE2] interface vlan-interface 12

[PE2-Vlan-interface12] ip binding vpn-instance vpn1

[PE2-Vlan-interface12] ipv6 address 20::1 64

[PE2-Vlan-interface12] quit

# 在PE 2上运行BGP。

[PE2] bgp 600

# 配置IBGP对等体4.4.4.9为VPNv6对等体。

[PE2-bgp-default] peer 4.4.4.9 as-number 600

[PE2-bgp-default] peer 4.4.4.9 connect-interface loopback 0

[PE2-bgp-default] address-family vpnv6

[PE2-bgp-default-vpnv6] peer 4.4.4.9 enable

[PE2-bgp-default-vpnv6] quit

# 配置PE 2与CE 2建立EBGP对等体，将学习到的BGP路由添加到VPN实例的路由表中。

[PE2-bgp-default] ip vpn-instance vpn1

[PE2-bgp-default-vpn1] peer 20::2 as-number 65002

[PE2-bgp-default-vpn1] address-family ipv6 unicast

[PE2-bgp-default-ipv6-vpn1] peer 20::2 enable

[PE2-bgp-default-ipv6-vpn1] quit

[PE2-bgp-default-vpn1] quit

[PE2-bgp-default] quit

[PE2] mpls te

[PE2-te] quit

[PE2] rsvp

[PE2-rsvp] quit

[PE2] interface vlan-interface 11

[PE2-Vlan-interface11] mpls enable

[PE2-Vlan-interface11] mpls te enable

[PE2-Vlan-interface11] mpls te max-link-bandwidth 10000

[PE2-Vlan-interface11] mpls te max-reservable-bandwidth 5000

[PE2-Vlan-interface11] rsvp enable

[PE2-Vlan-interface11] quit

[PE2] isis 1

[PE2-isis-1] cost-style wide

[PE2-isis-1] mpls te enable level-2

[PE2-isis-1] quit

[PE2] interface tunnel 1 mode mpls-te

[PE2-Tunnel1] ip address unnumbered interface LoopBack0

[PE2-Tunnel1] destination 4.4.4.9

[PE2-Tunnel1] mpls te signaling rsvp-te

[PE2-Tunnel1] mpls te bandwidth 2000

[PE2-Tunnel1] quit

# 创建隧道策略tpolicy1并在名为vpn1的VPN实例内应用隧道策略tpolicy1。

[PE2] tunnel-policy tpolicy1

[PE2-tunnel-policy-tpolicy1] preferred-path tunnel 1

[PE2-tunnel-policy-tpolicy1] quit

[PE2] ip vpn-instance vpn1

[PE2-vpn-instance-vpn1] tnl-policy tpolicy1

[PE2-vpn-instance-vpn1] quit

(6) 配置CE 2

# 配置接口的IP地址。

<Sysname> system-view

[Sysname] sysname CE2

[CE2] vlan 12

[CE2-vlan12] quit

[CE2] interface ten-gigabitethernet 1/0/1

[CE2-Ten-GigabitEthernet1/0/1] port link-type trunk

[CE2-Ten-GigabitEthernet1/0/1] port trunk permit vlan 12

[CE2-Ten-GigabitEthernet1/0/1] quit

[CE2] interface vlan-interface 12

[CE2-Vlan-interface12] ipv6 address 20::2 64

[CE2-Vlan-interface12] quit

# 在PE与CE之间建立EBGP对等体，并引入直连路由。

[CE2] bgp 65002

[CE2-bgp-default] router-id 7.7.7.7

[CE2-bgp-default] peer 20::1 as-number 600

[CE2-bgp-default] address-family ipv6 unicast

[CE2-bgp-default-ipv6] peer 20::1 enable

[CE2-bgp-default-ipv6] import-route direct

[CE2-bgp-default-ipv6] quit

[CE2-bgp-default] quit

4. 验证配置

(1) 验证连通性。

# CE 1可以ping通CE 2。

[CE1] ping ipv6 20::2

Ping6(56 data bytes) 30::2 --> 20::2, press CTRL+C to break

56 bytes from 20::2, icmp_seq=0 hlim=62 time=2.000 ms

56 bytes from 20::2, icmp_seq=1 hlim=62 time=3.000 ms

56 bytes from 20::2, icmp_seq=2 hlim=62 time=5.000 ms

56 bytes from 20::2, icmp_seq=3 hlim=62 time=4.000 ms

56 bytes from 20::2, icmp_seq=4 hlim=62 time=3.000 ms

--- Ping6 statistics for 20::2 ---

5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss

round-trip min/avg/max/std-dev = 2.000/3.400/5.000/1.020 ms

(2) 验证PE通过MPLS TE隧道将VPN流量转发给ASBR-PE。（以PE 1为例）

# 在PE 1上查看VPN实例vpn1的路由表，可以看到vpn1内到达CE 2的流量通过Tunnel1转发给ASBR-PE 1。

[PE1] display ipv6 routing-table vpn-instance vpn1

Destinations : 7 Routes : 7

Destination: ::1/128 Protocol : Direct

NextHop : ::1 Preference: 0

Interface : InLoop0 Cost : 0

Destination: ::FFFF:127.0.0.0/104 Protocol : BGP4+

NextHop : 30::2 Preference: 255

Interface : Vlan12 Cost : 0

Destination: 20::/64 Protocol : BGP4+

NextHop : ::FFFF:3.3.3.9 Preference: 255

Interface : Tun1 Cost : 0

Destination: 30::/64 Protocol : Direct

NextHop : :: Preference: 0

Interface : Vlan12 Cost : 0

Destination: 30::1/128 Protocol : Direct

NextHop : ::1 Preference: 0

Interface : InLoop0 Cost : 0

Destination: FE80::/10 Protocol : Direct

NextHop : :: Preference: 0

Interface : InLoop0 Cost : 0

Destination: FF00::/8 Protocol : Direct

NextHop : :: Preference: 0

Interface : NULL0 Cost : 0

(3) 验证ASBR-PE通过MPLS TE隧道将VPN流量转发给PE。（以ASBR-PE 1为例）

# 在PE 2上查看VPN实例vpn1的IPv6转发表，并查看MPLS转发表，可以看到vpn1内到达CE 1的流量通过Tunnel1转发给ASBR-PE 2，PE 2为报文添加的MPLS标签为600127（内层VPN标签为600127，外层公网隧道标签为隐式空标签）。

[PE2] display ipv6 fib vpn-instance vpn1

Destination count: 8 FIB entry count: 8

Flag:

U:Useable G:Gateway H:Host B:Blackhole D:Dynamic S:Static

R:Relay F:FRR

Destination: ::1 Prefix length: 128

Nexthop : ::1 Flags: UH

Time stamp : 0x6 Label: Null

Interface : InLoop0 Token: Invalid

Destination: ::FFFF:127.0.0.0 Prefix length: 104

Nexthop : 20::2 Flags: UGR

Time stamp : 0xb Label: Null

Interface : Vlan12 Token: Invalid

Destination: 20:: Prefix length: 64

Nexthop : :: Flags: U

Time stamp : 0x9 Label: Null

Interface : Vlan12 Token: Invalid

Destination: 20::1 Prefix length: 128

Nexthop : ::1 Flags: UH

Time stamp : 0x8 Label: Null

Interface : InLoop0 Token: Invalid

Destination: 20::2 Prefix length: 128

Nexthop : 20::2 Flags: UH

Time stamp : 0xa Label: Null

Interface : Vlan12 Token: Invalid

Destination: 30:: Prefix length: 64

Nexthop : ::FFFF:4.4.4.9 Flags: UGR

Time stamp : 0xc Label: 600127

Interface : NULL0 Token: 268435457

Destination: FE80:: Prefix length: 10

Nexthop : :: Flags: U

Time stamp : 0x7 Label: Null

Interface : InLoop0 Token: Invalid

Destination: FF00:: Prefix length: 8

Nexthop : :: Flags: UB

Time stamp : 0x5 Label: Null

Interface : NULL0 Token: Invalid

[PE2] display mpls forwarding nhlfe

Total NHLFE entries: 4

Flags: T - Forwarded through a tunnel

N - Forwarded through the outgoing interface to the nexthop IP address

B - Backup forwarding information

A - Active forwarding information

M - P2MP forwarding information

NID Tnl-Type Flag OutLabel Forwarding Info

--------------------------------------------------------------------------------

0 LOCAL NA - Vlan11 9.1.1.1

1 LSP NA 3 Vlan11 9.1.1.1

2 CRLSP NA 3 Vlan11 9.1.1.1

268435457 TE TA - 2

# 在ASBR-PE 2上查看MPLS转发表，可以看到ASBR-PE 2将标签600127替换为600127，即ASBR-PE 2发送给ASBR-PE 1的VPN流量携带的标签为600127。

[ASBR-PE2] display mpls forwarding ilm

Total ILM entries: 3

Flags: T - Forwarded through a tunnel

N - Forwarded through the outgoing interface to the nexthop IP address

B - Backup forwarding information

A - Active forwarding information

M - P2MP forwarding information

InLabel Oper VRF Flag SwapInfo Forwarding Info

--------------------------------------------------------------------------------

24128 SWAP 0 NA 3 Vlan11 9.1.1.2

600126 SWAP 0 TA 600127 268435457

600127 SWAP 0 TA 600127 1

[ASBR-PE2] display mpls forwarding nhlfe

Total NHLFE entries: 6

Flags: T - Forwarded through a tunnel

N - Forwarded through the outgoing interface to the nexthop IP address

B - Backup forwarding information

A - Active forwarding information

M - P2MP forwarding information

NID Tnl-Type Flag OutLabel Forwarding Info

--------------------------------------------------------------------------------

0 LOCAL NA - Vlan12 11.0.0.2

1 LSP NA - Vlan12 11.0.0.2

2 LOCAL NA - Vlan11 9.1.1.2

3 LSP NA 3 Vlan11 9.1.1.2

4 CRLSP NA 3 Vlan11 9.1.1.2

268435457 TE TA - 4

# 在ASBR-PE 1上查看MPLS转发表，可以看到ASBR-PE 1通过MPLS TE隧道将VPN流量转发给PE 1。

[ASBR-PE1] display mpls forwarding ilm

Total ILM entries: 3

Flags: T - Forwarded through a tunnel

N - Forwarded through the outgoing interface to the nexthop IP address

B - Backup forwarding information

A - Active forwarding information

M - P2MP forwarding information

InLabel Oper VRF Flag SwapInfo Forwarding Info

--------------------------------------------------------------------------------

24128 SWAP 0 NA 3 Vlan11 1.1.1.2

600126 SWAP 0 TA 600126 4

600127 SWAP 0 TA 600127 268435457

[ASBR-PE1] display mpls forwarding nhlfe

Total NHLFE entries: 6

Flags: T - Forwarded through a tunnel

N - Forwarded through the outgoing interface to the nexthop IP address

B - Backup forwarding information

A - Active forwarding information

M - P2MP forwarding information

NID Tnl-Type Flag OutLabel Forwarding Info

--------------------------------------------------------------------------------

0 LOCAL NA - Vlan11 1.1.1.2

1 LSP NA 3 Vlan11 1.1.1.2

2 CRLSP NA 3 Vlan11 1.1.1.2

3 LOCAL NA - Vlan12 11.0.0.1

4 LSP NA - Vlan12 11.0.0.1

268435457 TE TA - 2

5. 配置文件

· CE 1：

sysname CE1

vlan 12

interface Vlan-interface12

ipv6 address 30::2/64

interface Ten-GigabitEthernet1/0/1

port link-mode bridge

port link-type trunk

port trunk permit vlan 1 12

bgp 65001

router-id 6.6.6.6

peer 30::1 as-number 100

address-family ipv6 unicast

import-route direct

peer 30::1 enable

return

· PE 1：

sysname PE1

ip vpn-instance vpn1

route-distinguisher 11:11

tnl-policy tpolicy1

vpn-target 1:1 2:2 3:3 import-extcommunity

vpn-target 3:3 export-extcommunity

isis 1

cost-style wide

mpls te enable level-2

network-entity 10.1111.1111.1111.00

mpls lsr-id 2.2.2.9

vlan 11 to 12

mpls ldp

mpls te

rsvp

tunnel-policy tpolicy1

preferred-path tunnel 1

interface LoopBack0

ip address 2.2.2.9 255.255.255.255

isis enable 1

interface Vlan-interface11

ip address 1.1.1.2 255.0.0.0

isis enable 1

mpls enable

mpls ldp enable

mpls te enable

mpls te max-link-bandwidth 10000

mpls te max-reservable-bandwidth 5000

rsvp enable

interface Vlan-interface12

ip binding vpn-instance vpn1

ipv6 address 30::1/64

interface Ten-GigabitEthernet1/0/1

port link-mode bridge

port link-type trunk

port trunk permit vlan 1 11

interface Ten-GigabitEthernet1/0/2

port link-mode bridge

port link-type trunk

port trunk permit vlan 1 12

interface Tunnel1 mode mpls-te

ip address unnumbered interface LoopBack0

mpls te bandwidth ct0 2000

destination 3.3.3.9

bgp 100

peer 3.3.3.9 as-number 100

peer 3.3.3.9 connect-interface LoopBack0

address-family vpnv6

peer 3.3.3.9 enable

ip vpn-instance vpn1

peer 30::2 as-number 65001

address-family ipv6 unicast

peer 30::2 enable

return

· ASBR-PE 1：

sysname ASBR-PE1

isis 1

cost-style wide

mpls te enable level-2

network-entity 10.2222.2222.2222.00

mpls lsr-id 3.3.3.9

vlan 11 to 12

mpls ldp

mpls te

rsvp

tunnel-policy tpolicy1

preferred-path tunnel 1

interface LoopBack0

ip address 3.3.3.9 255.255.255.255

isis enable 1

interface Vlan-interface11

ip address 1.1.1.1 255.0.0.0

isis enable 1

mpls enable

mpls ldp enable

mpls te enable

mpls te max-link-bandwidth 10000

mpls te max-reservable-bandwidth 5000

rsvp enable

interface Vlan-interface12

ip address 11.0.0.2 255.0.0.0

mpls enable

interface Ten-GigabitEthernet1/0/1

port link-mode bridge

port link-type trunk

port trunk permit vlan 1 11

interface Ten-GigabitEthernet1/0/2

port link-mode bridge

port link-type trunk

port trunk permit vlan 1 12

interface Tunnel1 mode mpls-te

ip address unnumbered interface LoopBack0

mpls te bandwidth ct0 2000

destination 2.2.2.9

bgp 100

peer 2.2.2.9 as-number 100

peer 2.2.2.9 connect-interface LoopBack0

peer 11.0.0.1 as-number 600

peer 11.0.0.1 connect-interface Vlan-interface12

address-family vpnv6

undo policy vpn-target

apply tunnel-selector ts1

peer 2.2.2.9 enable

peer 11.0.0.1 enable

tunnel-selector ts1 permit node 1

apply tunnel-policy tpolicy1

return

· ASBR-PE 2：

sysname ASBR-PE2

isis 1

cost-style wide

mpls te enable level-2

network-entity 10.2222.2222.2222.00

mpls lsr-id 4.4.4.9

vlan 11 to 12

mpls ldp

mpls te

rsvp

tunnel-policy tpolicy1

preferred-path tunnel 1

interface LoopBack0

ip address 4.4.4.9 255.255.255.255

isis enable 1

interface Vlan-interface11

ip address 9.1.1.1 255.0.0.0

isis enable 1

mpls enable

mpls ldp enable

mpls te enable

mpls te max-link-bandwidth 10000

mpls te max-reservable-bandwidth 5000

rsvp enable

interface Vlan-interface12

ip address 11.0.0.1 255.0.0.0

mpls enable

interface Ten-GigabitEthernet1/0/1

port link-mode bridge

port link-type trunk

port trunk permit vlan 1 11

interface Ten-GigabitEthernet1/0/2

port link-mode bridge

port link-type trunk

port trunk permit vlan 1 12

interface Tunnel1 mode mpls-te

ip address unnumbered interface LoopBack0

mpls te bandwidth ct0 2000

destination 5.5.5.9

bgp 600

peer 5.5.5.9 as-number 600

peer 5.5.5.9 connect-interface LoopBack0

peer 11.0.0.2 as-number 100

peer 11.0.0.2 connect-interface Vlan-interface12

address-family vpnv6

undo policy vpn-target

apply tunnel-selector ts1

peer 5.5.5.9 enable

peer 11.0.0.2 enable

tunnel-selector ts1 permit node 1

apply tunnel-policy tpolicy1

return

· PE 2：

sysname PE2

ip vpn-instance vpn1

route-distinguisher 12:12

tnl-policy tpolicy1

vpn-target 1:1 2:2 3:3 import-extcommunity

vpn-target 3:3 export-extcommunity

isis 1

cost-style wide

mpls te enable level-2

network-entity 10.1111.1111.1111.00

mpls lsr-id 5.5.5.9

vlan 11 to 12

mpls ldp

mpls te

rsvp

tunnel-policy tpolicy1

preferred-path tunnel 1

interface LoopBack0

ip address 5.5.5.9 255.255.255.255

isis enable 1

interface Vlan-interface11

ip address 9.1.1.2 255.0.0.0

isis enable 1

mpls enable

mpls ldp enable

mpls te enable

mpls te max-link-bandwidth 10000

mpls te max-reservable-bandwidth 5000

rsvp enable

interface Vlan-interface12

ip binding vpn-instance vpn1

ipv6 address 20::1/64

interface Ten-GigabitEthernet1/0/1

port link-mode bridge

port link-type trunk

port trunk permit vlan 1 11

interface Ten-GigabitEthernet1/0/2

port link-mode bridge

port link-type trunk

port trunk permit vlan 1 12

interface Tunnel1 mode mpls-te

ip address unnumbered interface LoopBack0

mpls te bandwidth ct0 2000

destination 4.4.4.9

bgp 600

peer 4.4.4.9 as-number 600

peer 4.4.4.9 connect-interface LoopBack0

address-family vpnv6

peer 4.4.4.9 enable

ip vpn-instance vpn1

peer 20::2 as-number 65002

address-family ipv6 unicast

peer 20::2 enable

return

· CE 2：

sysname CE2

vlan 12

interface Vlan-interface12

ipv6 address 20::2/64

interface Ten-GigabitEthernet1/0/1

port link-mode bridge

port link-type trunk

port trunk permit vlan 1 12

bgp 65002

router-id 7.7.7.7

peer 20::1 as-number 600

address-family ipv6 unicast

import-route direct

peer 20::1 enable

return

不同款型规格的资料略有差异, 详细信息请向具体销售和400咨询。H3C保留在没有任何通知或提示的情况下对资料内容进行修改的权利!

热门推荐

热门推荐

H3C服务器

HPE服务器

热门推荐

H3C存储

HPE存储

热门推荐

商用台式机

商用笔记本

商用显示器

配件

热门推荐

热门推荐

智能终端

技术解决方案

热门推荐

热门推荐

热门推荐

热门推荐

热门推荐

热门推荐

热门推荐

专业安全服务

安全运营服务

热门推荐

热门推荐

热门推荐

热门推荐

热门推荐

技术支持

自助服务

热门推荐

热门推荐

热门推荐

热门推荐

合作伙伴培训与认证

热门推荐

热门推荐

公司刊物

加入我们

国家/地区

08-MPLS配置指导

目录

04-隧道策略配置

2 隧道迭代器

3. 团体属性列表（community-list）

4. RD属性列表（ip rd-list）

1. 功能简介

2. 配置步骤

2.4.2 配置IPv4地址前缀列表

1. 配置限制和指导

2. 配置步骤

2.4.3 配置IPv6地址前缀列表

1. 配置限制和指导

2. 配置步骤

2.4.5 配置RD属性列表

2.4.6 配置if-match子句

1. 功能简介

2. 配置限制和指导

3. 配置步骤

1. 配置限制和指导

2. 配置步骤

1. 功能简介

2. 配置限制和指导

3. 配置步骤

2.8 隧道迭代器配置举例‌

2.8.1 配置跨域VPN-OptionB方式隧道迭代器示例

1. 组网需求

2. 组网图

3. 配置步骤

4. 验证配置

5. 配置文件

2.8.2 配置HoVPN隧道迭代器示例

1. 组网需求

2. 组网图

3. 配置步骤

4. 验证配置

5. 配置文件

2.8.3 配置IPv6跨域VPN-OptionB方式隧道迭代器示例