- 產品與解決方案
- 行業解決方案
- 服務
- 支持
- 合作夥伴
- BOB登陆 人才研學中心
- 關於我們
03-H3C MSR係列路由器 OSPF支持多實例典型配置舉例
本章節下載 (289.01 KB)
H3C MSR係列路由器
OSPF多實例典型配置舉例
Copyright © 2022-2023 bobty下载软件 版權所有,保留一切權利。
非經本公司書麵許可,任何單位和個人不得擅自摘抄、複製本文檔內容的部分或全部,並不得以任何形式傳播。
除bobty下载软件 的商標外,本手冊中出現的其它公司的商標、產品標識及商品名稱,由各自權利人擁有。
本文檔中的信息可能變動,恕不另行通知。
核心網接入承載網組網中,需要通過OSPF多實例隔離不同業務的路由。
如圖1所示,各設備承擔的角色分別為:
· Device A為網關設備,稱為GW。
· Device B和Device C為核心網設備,稱為CE。
· Device D和Device E為承載網設備,稱為AR。
本舉例中業務1接入VPN1,業務2接入VPN2。通過OSPF多實例隔離業務1和業務2的路由,需要做如下部署:
· GW上創建兩個VPN實例vpn1和vpn2。
· GW上創建兩個OSPF進程OSPF 15和OSPF 115。將OSPF 15與vpn1綁定,OSPF 115與vpn2綁定。
· CE和AR上分別創建兩個VPN實例vpn1和vpn2。
· CE和AR上分別創建兩個OSPF進程OSPF 15和OSPF 115。將OSPF 15與vpn1綁定,OSPF 115與vpn2綁定。
· CE上將不同業務的路由分別彙總為靜態黑洞路由,然後在OSPF中引入彙總後的靜態黑洞路由,並通過路由策略控製引入的路由。這樣可以避免CE將業務明細路由發布給AR,減少AR上的路由條目數量,降低路由震蕩的風險。
CE 1和CE 2上的業務網段分別為(本例中使用LoopBack接口模擬不同的業務網段):
¡ CE 1上vpn1業務網段為19.0.0.0/24,vpn2業務網段為20.0.0.0/24。
¡ CE 2上vpn1業務網段為21.0.0.0/24,vpn2業務網段為22.0.0.0/24。
圖1 OSPF多實例配置組網圖
|
設備 |
接口 |
IP地址 |
綁定的VPN實例 |
|
Device A |
Route-Aggregation 11.1 |
201.1.1.2/24 |
vpn1 |
|
|
Route-Aggregation 11.2 |
202.1.1.2/24 |
vpn2 |
|
|
Route-Aggregation 12.1 |
203.1.1.2/24 |
vpn1 |
|
|
Route-Aggregation 12.2 |
204.1.1.2/24 |
vpn2 |
|
|
LoopBack 1 |
1.1.1.9/32 |
vpn1 |
|
|
LoopBack 2 |
1.1.1.10/32 |
vpn2 |
|
Device B |
Route-Aggregation 1.1 |
11.1.1.2/24 |
vpn1 |
|
|
Route-Aggregation 1.2 |
12.1.1.2/24 |
vpn2 |
|
|
Route-Aggregation 2.1 |
172.168.1.1/24 |
vpn1 |
|
|
Route-Aggregation 2.2 |
192.168.1.1/24 |
vpn2 |
|
|
Route-Aggregation 11.1 |
201.1.1.1/24 |
vpn1 |
|
|
Route-Aggregation 11.2 |
202.1.1.1/24 |
vpn2 |
|
|
LoopBack 1 |
2.2.2.9/32 |
vpn1 |
|
|
LoopBack 2 |
2.2.2.10/32 |
vpn2 |
|
|
LoopBack 101 |
19.0.0.1/29 |
vpn1 |
|
|
LoopBack 102 |
20.0.0.1/29 |
vpn2 |
|
|
LoopBack 103 |
19.0.0.9/29 |
vpn1 |
|
|
LoopBack 104 |
20.0.0.9/29 |
vpn2 |
|
|
LoopBack 105 |
19.0.0.17/28 |
vpn1 |
|
|
LoopBack 106 |
20.0.0.17/28 |
vpn2 |
|
|
LoopBack 107 |
19.0.0.33/28 |
vpn1 |
|
|
LoopBack 108 |
20.0.0.33/28 |
vpn2 |
|
Device C |
Route-Aggregation 1.1 |
13.1.1.2/24 |
vpn1 |
|
|
Route-Aggregation 1.2 |
14.1.1.3/24 |
vpn2 |
|
|
Route-Aggregation 2.1 |
172.168.1.2/24 |
vpn1 |
|
|
Route-Aggregation 2.2 |
192.168.1.2/24 |
vpn2 |
|
|
Route-Aggregation 11.1 |
203.1.1.1/24 |
vpn1 |
|
|
Route-Aggregation 11.2 |
204.1.1.1/24 |
vpn2 |
|
|
LoopBack 1 |
3.3.3.9/32 |
vpn1 |
|
|
LoopBack 2 |
3.3.3.10/32 |
vpn2 |
|
|
LoopBack 101 |
21.0.0.1/29 |
vpn1 |
|
|
LoopBack 102 |
22.0.0.1/29 |
vpn2 |
|
|
LoopBack 103 |
21.0.0.9/29 |
vpn1 |
|
|
LoopBack 104 |
22.0.0.9/29 |
vpn2 |
|
|
LoopBack 105 |
21.0.0.17/28 |
vpn1 |
|
|
LoopBack 106 |
22.0.0.17/28 |
vpn2 |
|
|
LoopBack 107 |
21.0.0.33/28 |
vpn1 |
|
|
LoopBack 108 |
22.0.0.33/28 |
vpn2 |
|
Device D |
Route-Aggregation 1.1 |
11.1.1.1/24 |
vpn1 |
|
|
Route-Aggregation 1.2 |
12.1.1.1/24 |
vpn2 |
|
|
LoopBack 1 |
4.4.4.9/32 |
vpn1 |
|
|
LoopBack 2 |
4.4.4.10/32 |
vpn2 |
|
Device E |
Route-Aggregation 1.1 |
13.1.1.1/24 |
vpn1 |
|
|
Route-Aggregation 1.2 |
14.1.1.1/24 |
vpn2 |
|
|
LoopBack 1 |
5.5.5.9/32 |
vpn1 |
|
|
LoopBack 2 |
5.5.5.10/32 |
vpn2 |
# 配置設備的名稱為DeviceA。
<Sysname> system-view
[Sysname] sysname DeviceA
# 創建名稱為vpn1和vpn2的VPN實例。
[DeviceA] ip vpn-instance vpn1
[DeviceA-vpn-instance-vpn1] quit
[DeviceA] ip vpn-instance vpn2
[DeviceA-vpn-instance-vpn2] quit
# 配置Device A與Device B的互聯三層聚合口11。
[DeviceA] interface route-aggregation 11
[DeviceA-Route-Aggregation11] link-aggregation mode dynamic
[DeviceA-Route-Aggregation11] quit
# 將接口GigabitEthernet1/0/1加入聚合組11。
[DeviceA] interface gigabitethernet 1/0/1
[DeviceA-GigabitEthernet1/0/1] port link-mode route
[DeviceA-GigabitEthernet1/0/1] port link-aggregation group 11
[DeviceA-GigabitEthernet1/0/1] quit
# 配置三層聚合子接口11.1,將該接口與vpn1綁定。配置該子接口終結VLAN 10,並配置該接口的地址為201.1.1.2/24。
[DeviceA] interface route-aggregation 11.1
[DeviceA-Route-Aggregation11.1] ip binding vpn-instance vpn1
[DeviceA-Route-Aggregation11.1] vlan-type dot1q vid 10
[DeviceA-Route-Aggregation11.1] ip address 201.1.1.2 255.255.255.0
# 在三層聚合子接口11.1上設置OSPF的Hello定時器為1秒、Dead定時器為4秒。該接口的OSPF開銷值為10,並采用MD5方式對報文進行驗證。
[DeviceA-Route-Aggregation11.1] ospf timer hello 1
[DeviceA-Route-Aggregation11.1] ospf timer dead 4
[DeviceA-Route-Aggregation11.1] ospf cost 10
[DeviceA-Route-Aggregation11.1] ospf authentication-mode md5 1 plain 12345
[DeviceA-Route-Aggregation11.1] quit
# 配置三層聚合子接口11.2,將該接口與vpn2綁定。配置該子接口終結VLAN 20,並配置該接口的地址為202.1.1.2/24。
[DeviceA] interface route-aggregation 11.2
[DeviceA-Route-Aggregation11.2] ip binding vpn-instance vpn2
[DeviceA-Route-Aggregation11.2] vlan-type dot1q vid 20
[DeviceA-Route-Aggregation11.2] ip address 202.1.1.2 255.255.255.0
# 在三層聚合子接口11.2上設置OSPF的Hello定時器為1秒、Dead定時器為4秒。該接口的OSPF開銷值為10,並采用MD5方式對報文進行驗證。
[DeviceA-Route-Aggregation11.2] ospf timer hello 1
[DeviceA-Route-Aggregation11.2] ospf timer dead 4
[DeviceA-Route-Aggregation11.2] ospf cost 10
[DeviceA-Route-Aggregation11.2] ospf authentication-mode md5 1 plain 12345
[DeviceA-Route-Aggregation11.2] quit
# 配置Device A與Device C的互聯三層聚合口12。
[DeviceA] interface route-aggregation 12
[DeviceA-Route-Aggregation12] link-aggregation mode dynamic
[DeviceA-Route-Aggregation12] quit
# 將接口GigabitEthernet1/0/2加入聚合組12。
[DeviceA] interface gigabitethernet 1/0/2
[DeviceA-GigabitEthernet1/0/2] port link-mode route
[DeviceA-GigabitEthernet1/0/2] port link-aggregation group 12
[DeviceA-GigabitEthernet1/0/2] quit
# 配置三層聚合子接口12.1,將該接口與vpn1綁定。配置該子接口終結VLAN 10,並配置該接口的地址為203.1.1.2/24。
[DeviceA] interface route-aggregation 12.1
[DeviceA-Route-Aggregation12.1] ip binding vpn-instance vpn1
[DeviceA-Route-Aggregation12.1] vlan-type dot1q vid 10
[DeviceA-Route-Aggregation12.1] ip address 203.1.1.2 255.255.255.0
# 在三層聚合子接口12.1上設置OSPF的Hello定時器為1秒、Dead定時器為4秒。該接口的OSPF開銷值為10,並采用MD5方式對報文進行驗證。
[DeviceA-Route-Aggregation12.1] ospf timer hello 1
[DeviceA-Route-Aggregation12.1] ospf timer dead 4
[DeviceA-Route-Aggregation12.1] ospf cost 10
[DeviceA-Route-Aggregation12.1] ospf authentication-mode md5 1 plain 12345
[DeviceA-Route-Aggregation12.1] quit
# 配置三層聚合子接口12.2,將該接口與vpn2綁定。配置該子接口終結VLAN 20,並配置該接口的地址為202.1.1.2/24。
[DeviceA] interface route-aggregation 12.2
[DeviceA-Route-Aggregation12.2] ip binding vpn-instance vpn2
[DeviceA-Route-Aggregation12.2] vlan-type dot1q vid 20
[DeviceA-Route-Aggregation12.2] ip address 204.1.1.2 255.255.255.0
# 在三層聚合子接口12.2上設置OSPF的Hello定時器為1秒、Dead定時器為4秒。該接口的OSPF開銷值為10,並采用MD5方式對報文進行驗證。
[DeviceA-Route-Aggregation12.2] ospf timer hello 1
[DeviceA-Route-Aggregation12.2] ospf timer dead 4
[DeviceA-Route-Aggregation12.2] ospf cost 10
[DeviceA-Route-Aggregation12.2] ospf authentication-mode md5 1 plain 12345
[DeviceA-Route-Aggregation12.2] quit
# 配置Loopback 1的地址為1.1.1.9/32,此地址作為OSPF進程15的Router ID。
[DeviceA] interface loopback 1
[DeviceA-LoopBack1] ip binding vpn-instance vpn1
[DeviceA-LoopBack1] ip address 1.1.1.9 32
[DeviceA-LoopBack1] quit
# 配置Loopback 2的地址為1.1.1.10/32,此地址作為OSPF進程115的Router ID。
[DeviceB] interface loopback 2
[DeviceB-LoopBack2] ip binding vpn-instance vpn2
[DeviceB-LoopBack2] ip address 1.1.1.10 32
[DeviceB-LoopBack2] quit
# 創建OSPF進程15,指定該進程的Router ID為1.1.1.9,並將該進程與vpn1綁定。
[DeviceA] ospf 15 router-id 1.1.1.9 vpn-instance vpn1
# 通告vpn1業務路由201.1.1.0/24和203.1.1.0/24。
[DeviceA-ospf-15] area 0.0.0.0
[DeviceA-ospf-15-area-0.0.0.0] network 201.1.1.0 0.0.0.255
[DeviceA-ospf-15-area-0.0.0.0] network 203.1.1.0 0.0.0.255
[DeviceA-ospf-15-area-0.0.0.0] quit
[DeviceA-ospf-15] quit
# 創建OSPF進程115,指定該進程的Router ID為1.1.1.10,並將該進程與vpn2綁定。
[DeviceA] ospf 115 router-id 1.1.1.10 vpn-instance vpn2
# 通告vpn1業務路由202.1.1.0/24和204.1.1.0/24。
[DeviceA-ospf-115] area 0.0.0.0
[DeviceA-ospf-115-area-0.0.0.0] network 202.1.1.0 0.0.0.255
[DeviceA-ospf-115-area-0.0.0.0] network 204.1.1.0 0.0.0.255
[DeviceA-ospf-115-area-0.0.0.0] quit
[DeviceA-ospf-115] quit
# 配置設備的名稱為DeviceB。
<Sysname> system-view
[Sysname] sysname DeviceB
# 創建名稱為vpn1和vpn2的VPN實例。
[DeviceB] ip vpn-instance vpn1
[DeviceB-vpn-instance-vpn1] quit
[DeviceB] ip vpn-instance vpn2
[DeviceB-vpn-instance-vpn2] quit
# 將接口LoopBack101、LoopBack103、LoopBack105、LoopBack107與名為vpn1的VPN實例關聯,並配置上述接口的IP地址,使其處於19.0.0.0/24網段。
[DeviceB] interface loopback 101
[DeviceB-LoopBack101] ip binding vpn-instance vpn1
[DeviceB-LoopBack101] ip address 19.0.0.1 255.255.255.248
[DeviceB-LoopBack101] quit
[DeviceB] interface loopback 103
[DeviceB-LoopBack103] ip binding vpn-instance vpn1
[DeviceB-LoopBack103] ip address 19.0.0.9 255.255.255.248
[DeviceB-LoopBack103] quit
[DeviceB] interface loopback 105
[DeviceB-LoopBack105] ip binding vpn-instance vpn1
[DeviceB-LoopBack105] ip address 19.0.0.17 255.255.255.240
[DeviceB-LoopBack105] quit
[DeviceB] interface loopback 107
[DeviceB-LoopBack107] ip binding vpn-instance vpn1
[DeviceB-LoopBack107] ip address 19.0.0.33 255.255.255.240
[DeviceB-LoopBack107] quit
# 將接口LoopBack102、LoopBack104、LoopBack106、LoopBack108與名為vpn2的VPN實例關聯,並配置上述接口的IP地址,使其處於20.0.0.0/24網段。
[DeviceB] interface loopback 102
[DeviceB-LoopBack102] ip binding vpn-instance vpn2
[DeviceB-LoopBack102] ip address 20.0.0.1 255.255.255.248
[DeviceB-LoopBack102] quit
[DeviceB] interface loopback 104
[DeviceB-LoopBack104] ip binding vpn-instance vpn2
[DeviceB-LoopBack104] ip address 20.0.0.9 255.255.255.248
[DeviceB-LoopBack104] quit
[DeviceB] interface loopback 106
[DeviceB-LoopBack106] ip binding vpn-instance vpn2
[DeviceB-LoopBack106] ip address 20.0.0.17 255.255.255.240
[DeviceB-LoopBack106] quit
[DeviceB] interface loopback 108
[DeviceB-LoopBack108] ip binding vpn-instance vpn2
[DeviceB-LoopBack108] ip address 20.0.0.33 255.255.255.240
[DeviceB-LoopBack108] quit
# 配置Device B與Device D的互聯三層聚合口1。
[DeviceB] interface route-aggregation 1
[DeviceB-Route-Aggregation1] link-aggregation mode dynamic
[DeviceB-Route-Aggregation1] quit
# 將接口GigabitEthernet1/0/1加入聚合組1。
[DeviceB] interface gigabitethernet 1/0/1
[DeviceB-GigabitEthernet1/0/1] port link-mode route
[DeviceB-GigabitEthernet1/0/1] port link-aggregation group 1
[DeviceB-GigabitEthernet1/0/1] quit
# 配置三層聚合子接口1.1,將該接口與vpn1綁定。配置該子接口終結VLAN 10,並配置該接口的地址為11.1.1.2/24。
[DeviceB] interface route-aggregation 1.1
[DeviceB-Route-Aggregation1.1] ip binding vpn-instance vpn1
[DeviceB-Route-Aggregation1.1] vlan-type dot1q vid 10
[DeviceB-Route-Aggregation1.1] ip address 11.1.1.2 255.255.255.0
# 在三層聚合子接口1.1上設置OSPF的Hello定時器為1秒、Dead定時器為4秒。該接口的OSPF開銷值為10,並采用MD5方式對報文進行驗證。
[DeviceB-Route-Aggregation1.1] ospf timer hello 1
[DeviceB-Route-Aggregation1.1] ospf timer dead 4
[DeviceB-Route-Aggregation1.1] ospf cost 10
[DeviceB-Route-Aggregation1.1] ospf authentication-mode md5 1 plain 12345
[DeviceB-Route-Aggregation1.1] quit
# 配置三層聚合子接口1.2,將該接口與vpn2綁定。配置該子接口終結VLAN 20,並配置該接口的地址為12.1.1.2/24。
[DeviceB] interface Route-Aggregation1.2
[DeviceB-Route-Aggregation1.1] ip binding vpn-instance vpn2
[DeviceB-Route-Aggregation1.1] vlan-type dot1q vid 20
[DeviceB-Route-Aggregation1.1] ip address 12.1.1.2 255.255.255.0
# 在三層聚合子接口1.2上設置OSPF的Hello定時器為1秒、Dead定時器為4秒。該接口的OSPF開銷值為10,並采用MD5方式對報文進行驗證。
[DeviceB-Route-Aggregation1.1] ospf timer hello 1
[DeviceB-Route-Aggregation1.1] ospf timer dead 4
[DeviceB-Route-Aggregation1.1] ospf cost 10
[DeviceB-Route-Aggregation1.1] ospf authentication-mode md5 1 plain 12345
[DeviceB-Route-Aggregation1.1] quit
# 配置Device B與Device C的互聯三層聚合口2。
[DeviceB] interface route-aggregation 2
[DeviceB-Route-Aggregation2] link-aggregation mode dynamic
[DeviceB-Route-Aggregation2] quit
# 將接口GigabitEthernet1/0/2加入聚合組2。
[DeviceB] interface gigabitethernet 1/0/2
[DeviceB-GigabitEthernet1/0/2] port link-mode route
[DeviceB-GigabitEthernet1/0/2] port link-aggregation group 2
[DeviceB-GigabitEthernet1/0/2] quit
# 配置三層聚合子接口2.1,將該接口與vpn1綁定。配置該子接口終結VLAN 10,並配置該接口的地址為172.168.1.1/24。
[DeviceB] interface route-aggregation 2.1
[DeviceB-Route-Aggregation2.1] ip binding vpn-instance vpn1
[DeviceB-Route-Aggregation2.1] vlan-type dot1q vid 10
[DeviceB-Route-Aggregation2.1] ip address 172.168.1.1 255.255.255.0
# 在三層聚合子接口2.1上設置OSPF的Hello定時器為1秒、Dead定時器為4秒。該接口的OSPF開銷值為10,並采用MD5方式對報文進行驗證。
[DeviceB-Route-Aggregation2.1] ospf timer hello 1
[DeviceB-Route-Aggregation2.1] ospf timer dead 4
[DeviceB-Route-Aggregation2.1] ospf cost 10
[DeviceB-Route-Aggregation2.1] ospf authentication-mode md5 1 plain 12345
[DeviceB-Route-Aggregation2.1] quit
# 配置三層聚合子接口2.2,將該接口與vpn2綁定。配置該子接口終結VLAN 20,並配置該接口的地址為192.168.1.1/24。
[DeviceB] interface route-aggregation 2.2
[DeviceB-Route-Aggregation2.2] ip binding vpn-instance vpn2
[DeviceB-Route-Aggregation2.2] vlan-type dot1q vid 20
[DeviceB-Route-Aggregation2.2] ip address 192.168.1.1 255.255.255.0
# 在三層聚合子接口2.2上設置OSPF的Hello定時器為1秒、Dead定時器為4秒。該接口的OSPF開銷值為10,並采用MD5方式對報文進行驗證。
[DeviceB-Route-Aggregation2.2] ospf timer hello 1
[DeviceB-Route-Aggregation2.2] ospf timer dead 4
[DeviceB-Route-Aggregation2.2] ospf cost 10
[DeviceB-Route-Aggregation2.2] ospf authentication-mode md5 1 plain 12345
[DeviceB-Route-Aggregation2.2] quit
# 配置Device B與Device A的互聯聚合口11。
[DeviceB] interface route-aggregation 11
[DeviceB-Route-Aggregation11] link-aggregation mode dynamic
[DeviceB-Route-Aggregation11] quit
# 將接口GigabitEthernet1/0/3加入聚合組11。
[DeviceB] interface gigabitethernet 1/0/3
[DeviceB-GigabitEthernet1/0/3] port link-mode route
[DeviceB-GigabitEthernet1/0/3] port link-aggregation group 11
[DeviceB-GigabitEthernet1/0/3] quit
# 配置三層聚合子接口11.1,將該接口與vpn1綁定。配置該子接口終結VLAN 10,並配置該接口的地址為201.1.1.1/24。
[DeviceB] interface route-aggregation 11.1
[DeviceB-Route-Aggregation11.1] ip binding vpn-instance vpn1
[DeviceB-Route-Aggregation11.1] vlan-type dot1q vid 10
[DeviceB-Route-Aggregation11.1] ip address 201.1.1.1 255.255.255.0
# 在三層聚合子接口11.1上設置OSPF的Hello定時器為1秒、Dead定時器為4秒。該接口的OSPF開銷值為10,並采用MD5方式對報文進行驗證。
[DeviceB-Route-Aggregation11.1] ospf timer hello 1
[DeviceB-Route-Aggregation11.1] ospf timer dead 4
[DeviceB-Route-Aggregation11.1] ospf cost 10
[DeviceB-Route-Aggregation11.1] ospf authentication-mode md5 1 plain 12345
[DeviceB-Route-Aggregation11.1] quit
# 配置三層聚合子接口11.2,將該接口與vpn2綁定。配置該子接口終結VLAN 20,並配置該接口的地址為202.1.1.1/24。
[DeviceB] interface route-aggregation 11.2
[DeviceB-Route-Aggregation11.2] ip binding vpn-instance vpn2
[DeviceB-Route-Aggregation11.2] vlan-type dot1q vid 20
[DeviceB-Route-Aggregation11.2] ip address 202.1.1.1 255.255.255.0
# 在三層聚合子接口11.2上設置OSPF的Hello定時器為1秒、Dead定時器為4秒。該接口的OSPF開銷值為10,並采用MD5方式對報文進行驗證。
[DeviceB-Route-Aggregation11.2] ospf timer hello 1
[DeviceB-Route-Aggregation11.2] ospf timer dead 4
[DeviceB-Route-Aggregation11.2] ospf cost 10
[DeviceB-Route-Aggregation11.2] ospf authentication-mode md5 1 plain 12345
[DeviceB-Route-Aggregation11.2] quit
# 配置名稱為list1的前綴列表,其中序號10的表項僅允許201.1.1.0/24網段通過過濾;序號20的表項僅允許19.0.0.0/24網段通過過濾。
[DeviceB] ip prefix-list list1 index 10 permit 201.1.1.0 24
[DeviceB] ip prefix-list list1 index 20 permit 19.0.0.0 24
# 配置名稱為list2的前綴列表,其中序號10的表項僅允許202.1.1.0/24網段通過過濾;序號20的表項僅允許20.0.0.0/24網段通過過濾。
[DeviceB] ip prefix-list list2 index 10 permit 202.1.1.0 24
[DeviceB] ip prefix-list list2 index 20 permit 20.0.0.0 24
# 配置路由策略p1。
[DeviceB] route-policy p1 permit node 10
[DeviceB-route-policy-p1-10] if-match ip address prefix-list list1
[DeviceB-route-policy-p1-10] quit
# 配置路由策略p2。
[DeviceB] route-policy p2 permit node 10
[DeviceB-route-policy-p2-10] if-match ip address prefix-list list2
[DeviceB-route-policy-p2-10] quit
# 靜態彙總vpn1的業務黑洞路由。
[DeviceB] ip route-static vpn-instance vpn1 19.0.0.0 24 null0
# 靜態彙總vpn2的業務黑洞路由。
[DeviceB] ip route-static vpn-instance vpn2 20.0.0.0 24 null0
# 配置Loopback 1的地址為2.2.2.9/32,此地址作為OSPF進程15的Router ID。
[DeviceB] interface loopback 1
[DeviceB-LoopBack1] ip binding vpn-instance vpn1
[DeviceB-LoopBack1] ip address 2.2.2.9 32
[DeviceB-LoopBack1] quit
# 配置Loopback 2的地址為2.2.2.10/32,此地址作為OSPF進程115的Router ID。
[DeviceB] interface loopback 2
[DeviceB-LoopBack2] ip binding vpn-instance vpn2
[DeviceB-LoopBack2] ip address 2.2.2.10 32
[DeviceB-LoopBack2] quit
# 創建OSPF進程15,指定該進程的Router ID為2.2.2.9,並將該進程與vpn1綁定。
[DeviceB] ospf 15 router-id 2.2.2.9 vpn-instance vpn1
# 在OSPF進程15中通告vpn1業務路由11.1.1.0/24、172.168.1.0/24和201.1.1.0/24。
[DeviceB-ospf-15] area 0.0.0.0
[DeviceB-ospf-15-area-0.0.0.0] network 11.1.1.0 0.0.0.255
[DeviceB-ospf-15-area-0.0.0.0] network 172.168.1.0 0.0.0.255
[DeviceB-ospf-15-area-0.0.0.0] network 201.1.1.0 0.0.0.255
[DeviceB-ospf-15-area-0.0.0.0] quit
# 在OSPF進程15中引入直連路由和靜態彙總後的業務路由,並通過路由策略對引入的路由進行過濾,避免Device B將業務1的明細路由發布給Device D。
[DeviceB-ospf-15] import-route direct route-policy p1
[DeviceB-ospf-15] import-route static route-policy p1
[DeviceB-ospf-15] quit
# 創建OSPF進程115,將該進程與vpn2綁定。並指定該進程的Router ID為2.2.2.10。
[DeviceB] ospf 115 router-id 2.2.2.10 vpn-instance vpn2
# 在OSPF進程115中通告vpn2業務路由12.1.1.0/24、192.168.1.0/24和202.1.1.0/24。
[DeviceB-ospf-115] area 0.0.0.0
[DeviceB-ospf-115-area-0.0.0.0] network 12.1.1.0 0.0.0.255
[DeviceB-ospf-115-area-0.0.0.0] network 192.168.1.0 0.0.0.255
[DeviceB-ospf-115-area-0.0.0.0] network 202.1.1.0 0.0.0.255
[DeviceB-ospf-115-area-0.0.0.0] quit
# 在OSPF進程115中引入直連路由和靜態彙總後的業務路由,並通過路由策略對引入的路由進行過濾,避免Device B將業務2的明細路由發布給Device D。
[DeviceB-ospf-115] import-route direct route-policy p2
[DeviceB-ospf-115] import-route static route-policy p2
[DeviceB-ospf-115] quit
# 配置設備的名稱為DeviceC。
<Sysname> system-view
[Sysname] sysname DeviceC
# 創建名稱為vpn1和vpn2的VPN實例。
[DeviceC] ip vpn-instance vpn1
[DeviceC-vpn-instance-vpn1] quit
[DeviceC] ip vpn-instance vpn2
[DeviceC-vpn-instance-vpn2] quit
# 將接口LoopBack101、LoopBack103、LoopBack105、LoopBack107與名為vpn1的VPN實例關聯,並配置上述接口的IP地址,使其處於21.0.0.0/24網段。
[DeviceC] interface loopback 101
[DeviceC-LoopBack101] ip binding vpn-instance vpn1
[DeviceC-LoopBack101] ip address 21.0.0.1 255.255.255.248
[DeviceC-LoopBack101] quit
[DeviceC] interface loopback 103
[DeviceC-LoopBack103] ip binding vpn-instance vpn1
[DeviceC-LoopBack103] ip address 21.0.0.9 255.255.255.248
[DeviceC-LoopBack103] quit
[DeviceC] interface loopback 105
[DeviceC-LoopBack105] ip binding vpn-instance vpn1
[DeviceC-LoopBack105] ip address 21.0.0.17 255.255.255.240
[DeviceC-LoopBack105] quit
[DeviceC] interface loopback 107
[DeviceC-LoopBack107] ip binding vpn-instance vpn1
[DeviceC-LoopBack107] ip address 21.0.0.33 255.255.255.240
[DeviceC-LoopBack107] quit
# 將接口LoopBack102、LoopBack104、LoopBack106、LoopBack108與名為vpn2的VPN實例關聯,並配置上述接口的IP地址,使其處於22.0.0.0/24網段。
[DeviceC] interface loopback 102
[DeviceC-LoopBack102] ip binding vpn-instance vpn2
[DeviceC-LoopBack102] ip address 22.0.0.1 255.255.255.248
[DeviceC-LoopBack102] quit
[DeviceC] interface loopback 104
[DeviceC-LoopBack104] ip binding vpn-instance vpn2
[DeviceC-LoopBack104] ip address 22.0.0.9 255.255.255.248
[DeviceC-LoopBack104] quit
[DeviceC] interface loopback 106
[DeviceC-LoopBack106] ip binding vpn-instance vpn2
[DeviceC-LoopBack106] ip address 22.0.0.17 255.255.255.240
[DeviceC-LoopBack106] quit
[DeviceC] interface loopback 108
[DeviceC-LoopBack108] ip binding vpn-instance vpn2
[DeviceC-LoopBack108] ip address 22.0.0.33 255.255.255.240
[DeviceC-LoopBack108] quit
# 配置Device C與Device E的互聯聚合口1。
[DeviceC] interface route-aggregation1
[DeviceC-Route-Aggregation1] link-aggregation mode dynamic
[DeviceC-Route-Aggregation1] quit
# 將接口GigabitEthernet1/0/1加入聚合組1。
[DeviceC] interface gigabitethernet 1/0/1
[DeviceC-GigabitEthernet1/0/1] port link-mode route
[DeviceC-GigabitEthernet1/0/1] port link-aggregation group 1
[DeviceC-GigabitEthernet1/0/1] quit
# 配置三層聚合子接口1.1,將該接口與vpn1綁定。配置該子接口終結VLAN 10,並配置該接口的地址為13.1.1.2/24。
[DeviceC] interface route-aggregation 1.1
[DeviceC-Route-Aggregation1.1] ip binding vpn-instance vpn1
[DeviceC-Route-Aggregation1.1] vlan-type dot1q vid 10
[DeviceC-Route-Aggregation1.1] ip address 13.1.1.2 255.255.255.0
# 在三層聚合子接口1.1上設置OSPF的Hello定時器為1秒、Dead定時器為4秒。該接口的OSPF開銷值為10,並采用MD5方式對報文進行驗證。
[DeviceC-Route-Aggregation1.1] ospf timer hello 1
[DeviceC-Route-Aggregation1.1] ospf timer dead 4
[DeviceC-Route-Aggregation1.1] ospf cost 10
[DeviceC-Route-Aggregation1.1] ospf authentication-mode md5 1 plain 12345
[DeviceC-Route-Aggregation1.1] quit
# 配置三層聚合子接口1.2,將該接口與vpn2綁定。配置該子接口終結VLAN 20,並配置該接口的地址為14.1.1.2/24。
[DeviceC] interface route-aggregation 1.2
[DeviceC-Route-Aggregation1.2] ip binding vpn-instance vpn2
[DeviceC-Route-Aggregation1.2] vlan-type dot1q vid 20
[DeviceC-Route-Aggregation1.2] ip address 14.1.1.2 255.255.255.0
# 在三層聚合子接口1.2上設置OSPF的Hello定時器為1秒、Dead定時器為4秒。該接口的OSPF開銷值為10,並采用MD5方式對報文進行驗證。
[DeviceC-Route-Aggregation1.2] ospf timer hello 1
[DeviceC-Route-Aggregation1.2] ospf timer dead 4
[DeviceC-Route-Aggregation1.2] ospf cost 10
[DeviceC-Route-Aggregation1.2] ospf authentication-mode md5 1 plain 12345
[DeviceC-Route-Aggregation1.2] quit
# 配置Device C與Device B的互聯聚合口2。
[DeviceC] interface route-aggregation 2
[DeviceC-Route-Aggregation2] link-aggregation mode dynamic
[DeviceC-Route-Aggregation2] quit
# 將接口GigabitEthernet1/0/2加入聚合組2。
[DeviceC] interface gigabitethernet 1/0/2
[DeviceC-GigabitEthernet1/0/2] port link-mode route
[DeviceC-GigabitEthernet1/0/2] port link-aggregation group 2
[DeviceC-GigabitEthernet1/0/2] quit
# 配置三層聚合子接口2.1,將該接口與vpn1綁定。配置該子接口終結VLAN 10,並配置該接口的地址為172.168.1.2/24。
[DeviceC] interface route-aggregation 2.1
[DeviceC-Route-Aggregation2.1] ip binding vpn-instance vpn1
[DeviceC-Route-Aggregation2.1] vlan-type dot1q vid 10
[DeviceC-Route-Aggregation2.1] ip address 172.168.1.2 255.255.255.0
# 在三層聚合子接口2.1上設置OSPF的Hello定時器為1秒、Dead定時器為4秒。該接口的OSPF開銷值為10,並采用MD5方式對報文進行驗證。
[DeviceC-Route-Aggregation2.1] ospf timer hello 1
[DeviceC-Route-Aggregation2.1] ospf timer dead 4
[DeviceC-Route-Aggregation2.1] ospf cost 10
[DeviceC-Route-Aggregation2.1] ospf authentication-mode md5 1 plain 12345
[DeviceC-Route-Aggregation2.1] quit
# 配置三層聚合子接口2.2,將該接口與vpn2綁定。配置該子接口終結VLAN 20,並配置該接口的地址為192.168.1.2/24。
[DeviceC] interface route-aggregation 2.2
[DeviceC-Route-Aggregation2.2] ip binding vpn-instance vpn2
[DeviceC-Route-Aggregation2.2] vlan-type dot1q vid 20
[DeviceC-Route-Aggregation2.2] ip address 192.168.1.2 255.255.255.0
# 在三層聚合子接口2.2上設置OSPF的Hello定時器為1秒、Dead定時器為4秒。該接口的OSPF開銷值為10,並采用MD5方式對報文進行驗證。
[DeviceC-Route-Aggregation2.2] ospf timer hello 1
[DeviceC-Route-Aggregation2.2] ospf timer dead 4
[DeviceC-Route-Aggregation2.2] ospf cost 10
[DeviceC-Route-Aggregation2.2] ospf authentication-mode md5 1 plain 12345
[DeviceC-Route-Aggregation2.2] quit
# 配置Device C與Device A的互聯聚合口11。
[DeviceC] interface route-aggregation 11
[DeviceC-Route-Aggregation11] link-aggregation mode dynamic
[DeviceC-Route-Aggregation11] quit
# 將接口GigabitEthernet1/0/3加入聚合組11。
[DeviceC] interface gigabitethernet 1/0/3
[DeviceC-GigabitEthernet1/0/3] port link-mode route
[DeviceC-GigabitEthernet1/0/3] port link-aggregation group 11
[DeviceC-GigabitEthernet1/0/3] quit
# 配置三層聚合子接口11.1,將該接口與vpn1綁定。配置該子接口終結VLAN 10,並配置該接口的地址為203.1.1.1/24。
[DeviceC] interface route-aggregation 11.1
[DeviceC-Route-Aggregation11.1] ip binding vpn-instance vpn1
[DeviceC-Route-Aggregation11.1] vlan-type dot1q vid 10
[DeviceC-Route-Aggregation11.1] ip address 203.1.1.1 255.255.255.0
# 在三層聚合子接口11.1上設置OSPF的Hello定時器為1秒、Dead定時器為4秒。該接口的OSPF開銷值為10,並采用MD5方式對報文進行驗證。
[DeviceC-Route-Aggregation11.1] ospf timer hello 1
[DeviceC-Route-Aggregation11.1] ospf timer dead 4
[DeviceC-Route-Aggregation11.1] ospf cost 10
[DeviceC-Route-Aggregation11.1] ospf authentication-mode md5 1 plain 12345
[DeviceC-Route-Aggregation11.1] quit
# 配置三層聚合子接口11.2,將該接口與vpn2綁定。配置該子接口終結VLAN 20,並配置該接口的地址為204.1.1.1/24。
[DeviceC] interface route-aggregation 11.2
[DeviceC-Route-Aggregation11.2] ip binding vpn-instance vpn2
[DeviceC-Route-Aggregation11.2] vlan-type dot1q vid 20
[DeviceC-Route-Aggregation11.2] ip address 204.1.1.1 255.255.255.0
# 在三層聚合子接口11.2上設置OSPF的Hello定時器為1秒、Dead定時器為4秒。該接口的OSPF開銷值為10,並采用MD5方式對報文進行驗證。
[DeviceC-Route-Aggregation11.2] ospf timer hello 1
[DeviceC-Route-Aggregation11.2] ospf timer dead 4
[DeviceC-Route-Aggregation11.2] ospf cost 10
[DeviceC-Route-Aggregation11.2] ospf authentication-mode md5 1 plain 12345
[DeviceC-Route-Aggregation11.2] quit
# 配置名稱為list1的前綴列表,其中序號10的表項僅允許203.1.1.0/24網段通過過濾;序號20的表項僅允許21.0.0.0/24網段通過過濾。
[DeviceC] ip prefix-list list1 index 10 permit 203.1.1.0 24
[DeviceC] ip prefix-list list1 index 20 permit 21.0.0.0 24
# 配置名稱為list2的前綴列表,其中序號10的表項僅允許204.1.1.0/24網段通過過濾;序號20的表項僅允許22.0.0.0/24網段通過過濾。
[DeviceC] ip prefix-list list2 index 10 permit 204.1.1.0 24
[DeviceC] ip prefix-list list2 index 20 permit 22.0.0.0 24
# 配置路由策略p1。
[DeviceC] route-policy p1 permit node 10
[DeviceC-route-policy-p1-10] if-match ip address prefix-list list1
[DeviceC-route-policy-p1-10] quit
# 配置路由策略p2。
[DeviceC] route-policy p2 permit node 10
[DeviceC-route-policy-p2-10] if-match ip address prefix-list list2
[DeviceC-route-policy-p2-10] quit
# 靜態彙總vpn1的業務黑洞路由。
[DevicC] ip route-static vpn-instance vpn1 21.0.0.0 24 null0
# 靜態彙總vpn2的業務黑洞路由。
[DeviceC] ip route-static vpn-instance vpn2 22.0.0.0 24 null0
# 配置Loopback 1的地址為3.3.3.9/32,此地址作為OSPF進程15的Router ID。
[DeviceC] interface loopback 1
[DeviceC-LoopBack1] ip binding vpn-instance vpn1
[DeviceC-LoopBack1] ip address 3.3.3.9 32
[DeviceC-LoopBack1] quit
# 配置Loopback 2的地址為3.3.3.10/32,此地址作為OSPF進程115的Router ID。
[DeviceC] interface loopback 2
[DeviceC-LoopBack2] ip binding vpn-instance vpn2
[DeviceC-LoopBack2] ip address 3.3.3.10 32
[DeviceC-LoopBack2] quit
# 創建OSPF進程15,指定該進程的Router ID為3.3.3.9,並將該進程與vpn1綁定。
[DeviceC] ospf 15 router-id 3.3.3.9 vpn-instance vpn1
# 通告vpn1業務路由13.1.1.0/24、172.168.1.0/24和203.1.1.0/24。
[DeviceC-ospf-15] area 0.0.0.0
[DeviceC-ospf-15-area-0.0.0.0] network 13.1.1.0 0.0.0.255
[DeviceC-ospf-15-area-0.0.0.0] network 172.168.1.0 0.0.0.255
[DeviceC-ospf-15-area-0.0.0.0] network 203.1.1.0 0.0.0.255
[DeviceC-ospf-15-area-0.0.0.0] quit
# 在OSPF進程15中引入直連路由和靜態彙總後的業務路由,通過路由策略對引入的路由進行過濾,避免Device C將業務1的明細路由發布給Device E。
[DeviceC-ospf-15] import-route direct route-policy p1
[DeviceC-ospf-15] import-route static route-policy p1
[DeviceC-ospf-15] quit
# 創建OSPF進程115,指定該進程的Router ID為3.3.3.10,並將該進程與vpn2綁定。
[DeviceC] ospf 115 router-id 3.3.3.10 vpn-instance vpn2
# 通告vpn2業務路由14.1.1.0/24、192.168.1.0/24和204.1.1.0/24。
[DeviceC-ospf-115] area 0.0.0.0
[DeviceC-ospf-115-area-0.0.0.0] network 14.1.1.0 0.0.0.255
[DeviceC-ospf-115-area-0.0.0.0] network 192.168.1.0 0.0.0.255
[DeviceC-ospf-115-area-0.0.0.0] network 204.1.1.0 0.0.0.255
[DeviceC-ospf-115-area-0.0.0.0] quit
# 在OSPF 115中引入直連路由和靜態彙總後的業務路由,並通過路由策略對引入的路由進行過濾,避免Device C將業務2的明細路由發布給Device E。
[DeviceC-ospf-115] import-route direct route-policy p2
[DeviceC-ospf-115] import-route static route-policy p2
[DeviceC-ospf-115] quit
# 配置設備的名稱為DeviceD。
<Sysname> system-view
[Sysname] sysname DeviceD
# 創建名稱為vpn1和vpn2的VPN實例。
[DeviceD] ip vpn-instance vpn1
[DeviceD-vpn-instance-vpn1] quit
[DeviceD] ip vpn-instance vpn2
[DeviceD-vpn-instance-vpn2] quit
# 配置Device D與Device B的互聯三層聚合口1。
[DeviceD] interface route-aggregation1
[DeviceD-Route-Aggregation1] link-aggregation mode dynamic
[DeviceD-Route-Aggregation1] quit
# 將接口GigabitEthernet1/0/1加入聚合組1。
[DeviceD] interface gigabitethernet 1/0/1
[DeviceD-GigabitEthernet1/0/1] port link-mode route
[DeviceD-GigabitEthernet1/0/1] port link-aggregation group 1
[DeviceD-GigabitEthernet1/0/1] quit
# 配置三層聚合子接口1.1,將該接口與vpn1綁定。配置該子接口終結VLAN 10,並配置該接口的地址為11.1.1.1/24。
[DeviceD] interface route-aggregation 1.1
[DeviceD-Route-Aggregation1.1] ip binding vpn-instance vpn1
[DeviceD-Route-Aggregation1.1] vlan-type dot1q vid 10
[DeviceD-Route-Aggregation1.1] ip address 11.1.1.1 255.255.255.0
# 在三層聚合子接口1.1上設置OSPF的Hello定時器為1秒、Dead定時器為4秒。該接口的OSPF開銷值為10,並采用MD5方式對報文進行驗證。
[DeviceD-Route-Aggregation1.1] ospf timer hello 1
[DeviceD-Route-Aggregation1.1] ospf timer dead 4
[DeviceD-Route-Aggregation1.1] ospf cost 10
[DeviceD-Route-Aggregation1.1] ospf authentication-mode md5 1 plain 12345
[DeviceD-Route-Aggregation1.1] quit
# 配置三層聚合子接口1.2,將該接口與vpn2綁定。配置該子接口終結VLAN 20,並配置該接口的地址為12.1.1.1/24。
[DeviceD] interface route-aggregation 1.2
[DeviceD-Route-Aggregation1.2] ip binding vpn-instance vpn2
[DeviceD-Route-Aggregation1.2] vlan-type dot1q vid 20
[DeviceD-Route-Aggregation1.2] ip address 12.1.1.1 255.255.255.0
# 在三層聚合子接口1.2上設置OSPF的Hello定時器為1秒、Dead定時器為4秒。該接口的OSPF開銷值為10,並采用MD5方式對報文進行驗證。
[DeviceD-Route-Aggregation1.2] ospf timer hello 1
[DeviceD-Route-Aggregation1.2] ospf timer dead 4
[DeviceD-Route-Aggregation1.2] ospf cost 10
[DeviceD-Route-Aggregation1.2] ospf authentication-mode md5 1 plain 12345
[DeviceD-Route-Aggregation1.2] quit
# 配置Loopback 1的地址為4.4.4.9/32,此地址作為OSPF進程15的Router ID。
[DeviceD] interface loopback 1
[DeviceD-LoopBack1] ip binding vpn-instance vpn1
[DeviceD-LoopBack1] ip address 4.4.4.9 32
[DeviceD-LoopBack1] quit
# 配置Loopback 2的地址為4.4.4.10/32,此地址作為OSPF進程115的Router ID。
[DeviceD] interface loopback 2
[DeviceD-LoopBack1] ip binding vpn-instance vpn2
[DeviceD-LoopBack1] ip address 4.4.4.10 32
[DeviceD-LoopBack1] quit
# 創建OSPF進程15,指定該進程的Router ID為4.4.4.9,並將該進程與vpn1綁定。
[DeviceD] ospf 15 router-id 4.4.4.9 vpn-instance vpn1
# 通告vpn1網段路由11.1.1.0/24。
[DeviceD-ospf-15] area 0.0.0.0
[DeviceD-ospf-15-area-0.0.0.0] network 11.1.1.0 0.0.0.255
[DeviceD-ospf-15-area-0.0.0.0] quit
[DeviceD-ospf-15] quit
# 創建OSPF進程115,指定該進程的Router ID為4.4.4.10,並將該進程與vpn2綁定。
[DeviceD] ospf 115 router-id 4.4.4.10 vpn-instance vpn2
# 通告vpn2網段路由12.1.1.0/24。
[DeviceD-ospf-115] area 0.0.0.0
[DeviceD-ospf-115-area-0.0.0.0] network 12.1.1.0 0.0.0.255
[DeviceD-ospf-115-area-0.0.0.0] quit
# 配置設備的名稱為DeviceE。
<Sysname> system-view
[Sysname] sysname DeviceE
# 創建名稱為vpn1和vpn2的實例。
[DeviceE] ip vpn-instance vpn1
[DeviceE-vpn-instance-vpn1] quit
[DeviceE] ip vpn-instance vpn2
[DeviceE-vpn-instance-vpn2] quit
# 配置Device D與Device C的互聯三層聚合口1。
[DeviceE] interface route-aggregation 1
[DeviceE-Route-Aggregation1] link-aggregation mode dynamic
[DeviceE-Route-Aggregation1] quit
# 將接口GigabitEthernet1/0/1加入聚合組1。
[DeviceE] interface gigabitethernet 1/0/1
[DeviceE-GigabitEthernet1/0/1] port link-mode route
[DeviceE-GigabitEthernet1/0/1] port link-aggregation group 1
[DeviceE-GigabitEthernet1/0/1] quit
# 配置三層聚合子接口1.1,將該接口與vpn1綁定。配置該子接口終結VLAN 10,並配置該接口的地址為13.1.1.1/24。
[DeviceE] interface route-aggregation 1.1
[DeviceE-Route-Aggregation1.1] ip binding vpn-instance vpn1
[DeviceE-Route-Aggregation1.1] vlan-type dot1q vid 10
[DeviceE-Route-Aggregation1.1] ip address 13.1.1.1 255.255.255.0
# 在三層聚合子接口1.1上設置OSPF的Hello定時器為1秒、Dead定時器為4秒。該接口的OSPF開銷值為10,並采用MD5方式對報文進行驗證。
[DeviceE-Route-Aggregation1.1] ospf timer hello 1
[DeviceE-Route-Aggregation1.1] ospf timer dead 4
[DeviceE-Route-Aggregation1.1] ospf cost 10
[DeviceE-Route-Aggregation1.1] ospf authentication-mode md5 1 plain 12345
[DeviceE-Route-Aggregation1.1] quit
# 配置三層聚合子接口1.2,將該接口與vpn2綁定。配置該子接口終結VLAN 20,並配置該接口的地址為14.1.1.1/24。
[DeviceE] interface route-aggregation 1.2
[DeviceE-Route-Aggregation1.2] ip binding vpn-instance vpn2
[DeviceE-Route-Aggregation1.2] vlan-type dot1q vid 20
[DeviceE-Route-Aggregation1.2] ip address 14.1.1.1 255.255.255.0
# 在三層聚合子接口1.2上設置OSPF的Hello定時器為1秒、Dead定時器為4秒。該接口的OSPF開銷值為10,並采用MD5方式對報文進行驗證。
[DeviceE-Route-Aggregation1.2] ospf timer hello 1
[DeviceE-Route-Aggregation1.2] ospf timer dead 4
[DeviceE-Route-Aggregation1.2] ospf cost 10
[DeviceE-Route-Aggregation1.2] ospf authentication-mode md5 1 plain 12345
[DeviceE-Route-Aggregation1.2] quit
# 配置Loopback 1的地址為5.5.5.9/32,此地址作為OSPF進程15的Router ID。
[DeviceE] interface loopback 1
[DeviceE-LoopBack1] ip binding vpn-instance vpn1
[DeviceE-LoopBack1] ip address 5.5.5.9 32
[DeviceE-LoopBack1] quit
# 配置Loopback 2的地址為5.5.5.10/32,此地址作為OSPF進程115的Router ID。
[DeviceE] interface loopback 2
[DeviceE-LoopBack2] ip binding vpn-instance vpn2
[DeviceE-LoopBack2] ip address 5.5.5.10 32
[DeviceE-LoopBack2] quit
# 創建OSPF進程15,指定該進程的Router ID為5.5.5.9,並將該進程與vpn1的實例綁定。
[DeviceE] ospf 15 router-id 5.5.5.9 vpn-instance vpn1
# 通告vpn1網段路由13.1.1.0/24。
[DeviceE-ospf-15] area 0.0.0.0
[DeviceE-ospf-15-area-0.0.0.0] network 13.1.1.0 0.0.0.255
[DeviceE-ospf-15-area-0.0.0.0] quit
[DeviceE-ospf-15] quit
# 創建OSPF進程115,指定該進程的Router ID為5.5.5.10,並將該進程與vpn2的實例綁定。
[DeviceE] ospf 115 router-id 5.5.5.10 vpn-instance vpn2
# 通告vpn2網段路由14.1.1.0/24。
[DeviceE-ospf-115] area 0.0.0.0
[DeviceE-ospf-115-area-0.0.0.0] network 14.1.1.0 0.0.0.255
[DeviceE-ospf-115-area-0.0.0.0] quit
[DeviceE-ospf-115] quit
# 在Device B上執行display ip routing-table vpn-instance命令,查看路由表信息,業務1和業務2的路由相互隔離。同時,Device B上擁有19.0.0.0/24和20.0.0.0/24網段的明細路由。
[DeviceB] display ip routing-table vpn-instance vpn1
Destinations : 36 Routes : 37
Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
2.2.2.9/32 Direct 0 0 127.0.0.1 InLoop0
11.1.1.0/24 Direct 0 0 11.1.1.2 RAGG1.1
11.1.1.0/32 Direct 0 0 11.1.1.2 RAGG1.1
11.1.1.2/32 Direct 0 0 127.0.0.1 InLoop0
11.1.1.255/32 Direct 0 0 11.1.1.2 RAGG1.1
13.1.1.0/24 O_INTRA 10 20 172.168.1.2 RAGG2.1
19.0.0.0/24 Static 60 0 0.0.0.0 NULL0
19.0.0.0/29 Direct 0 0 19.0.0.1 Loop101
19.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
19.0.0.7/32 Direct 0 0 19.0.0.1 Loop101
19.0.0.8/29 Direct 0 0 19.0.0.9 Loop103
19.0.0.8/32 Direct 0 0 19.0.0.9 Loop103
19.0.0.9/32 Direct 0 0 127.0.0.1 InLoop0
19.0.0.15/32 Direct 0 0 19.0.0.9 Loop103
19.0.0.16/28 Direct 0 0 19.0.0.17 Loop105
19.0.0.16/32 Direct 0 0 19.0.0.17 Loop105
19.0.0.17/32 Direct 0 0 127.0.0.1 InLoop0
19.0.0.31/32 Direct 0 0 19.0.0.17 Loop105
19.0.0.32/28 Direct 0 0 19.0.0.33 Loop107
19.0.0.32/32 Direct 0 0 19.0.0.33 Loop107
19.0.0.33/32 Direct 0 0 127.0.0.1 InLoop0
19.0.0.47/32 Direct 0 0 19.0.0.33 Loop107
21.0.0.0/24 O_ASE2 150 1 172.168.1.2 RAGG2.1
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
172.168.1.0/24 Direct 0 0 172.168.1.1 RAGG2.1
172.168.1.0/32 Direct 0 0 172.168.1.1 RAGG2.1
172.168.1.1/32 Direct 0 0 127.0.0.1 InLoop0
172.168.1.255/32 Direct 0 0 172.168.1.1 RAGG2.1
201.1.1.0/24 Direct 0 0 201.1.1.1 RAGG11.1
201.1.1.0/32 Direct 0 0 201.1.1.1 RAGG11.1
201.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0
201.1.1.255/32 Direct 0 0 201.1.1.1 RAGG11.1
203.1.1.0/24 O_INTRA 10 20 172.168.1.2 RAGG2.1
O_INTRA 10 20 201.1.1.2 RAGG11.1
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
[DeviceB] display ip routing-table vpn-instance vpn2
Destinations : 36 Routes : 37
Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
2.2.2.10/32 Direct 0 0 127.0.0.1 InLoop0
12.1.1.0/24 Direct 0 0 12.1.1.2 RAGG1.2
12.1.1.0/32 Direct 0 0 12.1.1.2 RAGG1.2
12.1.1.2/32 Direct 0 0 127.0.0.1 InLoop0
12.1.1.255/32 Direct 0 0 12.1.1.2 RAGG1.2
14.1.1.0/24 O_INTRA 10 20 192.168.1.2 RAGG2.2
20.0.0.0/24 Static 60 0 0.0.0.0 NULL0
20.0.0.0/29 Direct 0 0 20.0.0.1 Loop102
20.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
20.0.0.7/32 Direct 0 0 20.0.0.1 Loop102
20.0.0.8/29 Direct 0 0 20.0.0.9 Loop104
20.0.0.8/32 Direct 0 0 20.0.0.9 Loop104
20.0.0.9/32 Direct 0 0 127.0.0.1 InLoop0
20.0.0.15/32 Direct 0 0 20.0.0.9 Loop104
20.0.0.16/28 Direct 0 0 20.0.0.17 Loop106
20.0.0.16/32 Direct 0 0 20.0.0.17 Loop106
20.0.0.17/32 Direct 0 0 127.0.0.1 InLoop0
20.0.0.31/32 Direct 0 0 20.0.0.17 Loop106
20.0.0.32/28 Direct 0 0 20.0.0.33 Loop108
20.0.0.32/32 Direct 0 0 20.0.0.33 Loop108
20.0.0.33/32 Direct 0 0 127.0.0.1 InLoop0
20.0.0.47/32 Direct 0 0 20.0.0.33 Loop108
22.0.0.0/24 O_ASE2 150 1 192.168.1.2 RAGG2.2
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
192.168.1.0/24 Direct 0 0 192.168.1.1 RAGG2.2
192.168.1.0/32 Direct 0 0 192.168.1.1 RAGG2.2
192.168.1.1/32 Direct 0 0 127.0.0.1 InLoop0
192.168.1.255/32 Direct 0 0 192.168.1.1 RAGG2.2
202.1.1.0/24 Direct 0 0 202.1.1.1 RAGG11.2
202.1.1.0/32 Direct 0 0 202.1.1.1 RAGG11.2
202.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0
202.1.1.255/32 Direct 0 0 202.1.1.1 RAGG11.2
204.1.1.0/24 O_INTRA 10 20 192.168.1.2 RAGG2.2
O_INTRA 10 20 202.1.1.2 RAGG11.2
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
# 在Device C上執行display ip routing-table vpn-instance命令,查看路由表信息,業務1和業務2的路由相互隔離。同時,Device C上擁有21.0.0.0/24和22.0.0.0/24網段的明細路由。
[DeviceC] display ip routing-table vpn-instance vpn1
Destinations : 32 Routes : 33
Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
3.3.3.9/32 Direct 0 0 127.0.0.1 InLoop0
11.1.1.0/24 O_INTRA 10 20 172.168.1.1 RAGG2.1
13.1.1.0/24 Direct 0 0 13.1.1.2 RAGG1.1
13.1.1.0/32 Direct 0 0 13.1.1.2 RAGG1.1
13.1.1.2/32 Direct 0 0 127.0.0.1 InLoop0
13.1.1.255/32 Direct 0 0 13.1.1.2 RAGG1.1
19.0.0.0/24 O_ASE2 150 1 172.168.1.1 RAGG2.1
21.0.0.0/24 Static 60 0 0.0.0.0 NULL0
21.0.0.0/29 Direct 0 0 21.0.0.1 Loop101
21.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
21.0.0.7/32 Direct 0 0 21.0.0.1 Loop101
21.0.0.8/29 Direct 0 0 21.0.0.9 Loop103
21.0.0.8/32 Direct 0 0 21.0.0.9 Loop103
21.0.0.9/32 Direct 0 0 127.0.0.1 InLoop0
21.0.0.15/32 Direct 0 0 21.0.0.9 Loop103
21.0.0.32/28 Direct 0 0 21.0.0.33 Loop107
21.0.0.32/32 Direct 0 0 21.0.0.33 Loop107
21.0.0.33/32 Direct 0 0 127.0.0.1 InLoop0
21.0.0.47/32 Direct 0 0 21.0.0.33 Loop107
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
172.168.1.0/24 Direct 0 0 172.168.1.2 RAGG2.1
172.168.1.0/32 Direct 0 0 172.168.1.2 RAGG2.1
172.168.1.2/32 Direct 0 0 127.0.0.1 InLoop0
172.168.1.255/32 Direct 0 0 172.168.1.2 RAGG2.1
201.1.1.0/24 O_INTRA 10 20 172.168.1.1 RAGG2.1
O_INTRA 10 20 203.1.1.2 RAGG11.1
203.1.1.0/24 Direct 0 0 203.1.1.1 RAGG11.1
203.1.1.0/32 Direct 0 0 203.1.1.1 RAGG11.1
203.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0
203.1.1.255/32 Direct 0 0 203.1.1.1 RAGG11.1
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
[DeviceC] display ip routing-table vpn-instance vpn2
Destinations : 32 Routes : 33
Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
3.3.3.10/32 Direct 0 0 127.0.0.1 InLoop0
12.1.1.0/24 O_INTRA 10 20 192.168.1.1 RAGG2.2
14.1.1.0/24 Direct 0 0 14.1.1.2 RAGG1.2
14.1.1.0/32 Direct 0 0 14.1.1.2 RAGG1.2
14.1.1.2/32 Direct 0 0 127.0.0.1 InLoop0
14.1.1.255/32 Direct 0 0 14.1.1.2 RAGG1.2
20.0.0.0/24 O_ASE2 150 1 192.168.1.1 RAGG2.2
22.0.0.0/24 Static 60 0 0.0.0.0 NULL0
22.0.0.0/29 Direct 0 0 22.0.0.1 Loop102
22.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
22.0.0.7/32 Direct 0 0 22.0.0.1 Loop102
22.0.0.8/29 Direct 0 0 22.0.0.9 Loop104
22.0.0.8/32 Direct 0 0 22.0.0.9 Loop104
22.0.0.9/32 Direct 0 0 127.0.0.1 InLoop0
22.0.0.15/32 Direct 0 0 22.0.0.9 Loop104
22.0.0.16/28 Direct 0 0 22.0.0.17 Loop106
22.0.0.16/32 Direct 0 0 22.0.0.17 Loop106
22.0.0.17/32 Direct 0 0 127.0.0.1 InLoop0
22.0.0.31/32 Direct 0 0 22.0.0.17 Loop106
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
192.168.1.0/24 Direct 0 0 192.168.1.2 RAGG2.2
192.168.1.0/32 Direct 0 0 192.168.1.2 RAGG2.2
192.168.1.2/32 Direct 0 0 127.0.0.1 InLoop0
192.168.1.255/32 Direct 0 0 192.168.1.2 RAGG2.2
202.1.1.0/24 O_INTRA 10 20 192.168.1.1 RAGG2.2
O_INTRA 10 20 204.1.1.2 RAGG11.2
204.1.1.0/24 Direct 0 0 204.1.1.1 RAGG11.2
204.1.1.0/32 Direct 0 0 204.1.1.1 RAGG11.2
204.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0
204.1.1.255/32 Direct 0 0 204.1.1.1 RAGG11.2
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
# 在Device D上執行display ip routing-table vpn-instance命令,查看路由表信息。業務1和業務2的路由相互隔離。同時,Device D上僅有vpn1的業務網段19.0.0.0/24和21.0.0.0/24、vpn2的業務網段20.0.0.0/24和22.0.0.0/24的聚合路由,不存在上述網段的明細路由。
[DeviceD] display ip routing-table vpn-instance vpn1
Destinations : 14 Routes : 14
Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
4.4.4.9/32 Direct 0 0 127.0.0.1 InLoop0
11.1.1.0/24 Direct 0 0 11.1.1.1 RAGG1.1
11.1.1.0/32 Direct 0 0 11.1.1.1 RAGG1.1
11.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0
11.1.1.255/32 Direct 0 0 11.1.1.1 RAGG1.1
13.1.1.0/24 O_INTRA 10 30 11.1.1.2 RAGG1.1
19.0.0.0/24 O_ASE2 150 1 11.1.1.2 RAGG1.1
21.0.0.0/24 O_ASE2 150 1 11.1.1.2 RAGG1.1
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
172.168.1.0/24 O_INTRA 10 20 11.1.1.2 RAGG1.1
201.1.1.0/24 O_INTRA 10 20 11.1.1.2 RAGG1.1
203.1.1.0/24 O_INTRA 10 30 11.1.1.2 RAGG1.1
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
[DeviceD] display ip routing-table vpn-instance vpn2
Destinations : 14 Routes : 14
Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
4.4.4.10/32 Direct 0 0 127.0.0.1 InLoop0
12.1.1.0/24 Direct 0 0 12.1.1.1 RAGG1.2
12.1.1.0/32 Direct 0 0 12.1.1.1 RAGG1.2
12.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0
12.1.1.255/32 Direct 0 0 12.1.1.1 RAGG1.2
14.1.1.0/24 O_INTRA 10 30 12.1.1.2 RAGG1.2
20.0.0.0/24 O_ASE2 150 1 12.1.1.2 RAGG1.2
22.0.0.0/24 O_ASE2 150 1 12.1.1.2 RAGG1.2
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
192.168.1.0/24 O_INTRA 10 20 12.1.1.2 RAGG1.2
202.1.1.0/24 O_INTRA 10 20 12.1.1.2 RAGG1.2
204.1.1.0/24 O_INTRA 10 30 12.1.1.2 RAGG1.2
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
# 在Device E上執行display ip routing-table vpn-instance命令,查看路由表信息。可以看到業務1和業務2的路由相互隔離。同時,Device E上僅有vpn1的業務網段19.0.0.0/24和21.0.0.0/24、vpn2的業務網段20.0.0.0/24和22.0.0.0/24的聚合路由,不存在上述網段的明細路由。
[DeviceE] display ip routing-table vpn-instance vpn1
Destinations : 14 Routes : 14
Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
5.5.5.9/32 Direct 0 0 127.0.0.1 InLoop0
11.1.1.0/24 O_INTRA 10 30 13.1.1.2 RAGG1.1
13.1.1.0/24 Direct 0 0 13.1.1.1 RAGG1.1
13.1.1.0/32 Direct 0 0 13.1.1.1 RAGG1.1
13.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0
13.1.1.255/32 Direct 0 0 13.1.1.1 RAGG1.1
19.0.0.0/24 O_ASE2 150 1 13.1.1.2 RAGG1.1
21.0.0.0/24 O_ASE2 150 1 13.1.1.2 RAGG1.1
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
172.168.1.0/24 O_INTRA 10 20 13.1.1.2 RAGG1.1
201.1.1.0/24 O_INTRA 10 30 13.1.1.2 RAGG1.1
203.1.1.0/24 O_INTRA 10 20 13.1.1.2 RAGG1.1
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
[DeviceE] display ip routing-table vpn-instance vpn2
Destinations : 14 Routes : 14
Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
5.5.5.10/32 Direct 0 0 127.0.0.1 InLoop0
12.1.1.0/24 O_INTRA 10 30 14.1.1.2 RAGG1.2
14.1.1.0/24 Direct 0 0 14.1.1.1 RAGG1.2
14.1.1.0/32 Direct 0 0 14.1.1.1 RAGG1.2
14.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0
14.1.1.255/32 Direct 0 0 14.1.1.1 RAGG1.2
20.0.0.0/24 O_ASE2 150 1 14.1.1.2 RAGG1.2
22.0.0.0/24 O_ASE2 150 1 14.1.1.2 RAGG1.2
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
192.168.1.0/24 O_INTRA 10 20 14.1.1.2 RAGG1.2
202.1.1.0/24 O_INTRA 10 30 14.1.1.2 RAGG1.2
204.1.1.0/24 O_INTRA 10 20 14.1.1.2 RAGG1.2
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
# 在Device A上執行ping命令,可以與Device D的vpn1網段、vpn2網段互通,也可以與Device E的vpn1網段、vpn2網段互通。
· Device A能ping通Device D的vpn1網段IP 11.1.1.1。
<DeviceA> ping -vpn-instance vpn1 11.1.1.1
Ping 11.1.1.1 (11.1.1.1): 56 data bytes, press CTRL+C to break
56 bytes from 11.1.1.1: icmp_seq=0 ttl=254 time=2.000 ms
56 bytes from 11.1.1.1: icmp_seq=1 ttl=254 time=2.000 ms
56 bytes from 11.1.1.1: icmp_seq=2 ttl=254 time=2.000 ms
56 bytes from 11.1.1.1: icmp_seq=3 ttl=254 time=2.000 ms
56 bytes from 11.1.1.1: icmp_seq=4 ttl=254 time=1.000 ms
--- Ping statistics for 11.1.1.1 in VPN instance vpn1 ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 1.000/1.800/2.000/0.400 ms
· Device A能ping通Device D的vpn2網段IP 12.1.1.1。
<DeviceA> ping -vpn-instance vpn2 12.1.1.1
Ping 12.1.1.1 (12.1.1.1): 56 data bytes, press CTRL+C to break
56 bytes from 12.1.1.1: icmp_seq=0 ttl=254 time=2.000 ms
56 bytes from 12.1.1.1: icmp_seq=1 ttl=254 time=1.000 ms
56 bytes from 12.1.1.1: icmp_seq=2 ttl=254 time=1.000 ms
56 bytes from 12.1.1.1: icmp_seq=3 ttl=254 time=1.000 ms
56 bytes from 12.1.1.1: icmp_seq=4 ttl=254 time=2.000 ms
--- Ping statistics for 12.1.1.1 in VPN instance vpn2 ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 1.000/1.400/2.000/0.490 ms
· Device A能ping通Device E的vpn1網段IP 13.1.1.1。
<DeviceA> ping -vpn-instance vpn1 13.1.1.1
Ping 13.1.1.1 (13.1.1.1): 56 data bytes, press CTRL+C to break
56 bytes from 13.1.1.1: icmp_seq=0 ttl=254 time=2.000 ms
56 bytes from 13.1.1.1: icmp_seq=1 ttl=254 time=2.000 ms
56 bytes from 13.1.1.1: icmp_seq=2 ttl=254 time=2.000 ms
56 bytes from 13.1.1.1: icmp_seq=3 ttl=254 time=2.000 ms
56 bytes from 13.1.1.1: icmp_seq=4 ttl=254 time=1.000 ms
--- Ping statistics for 13.1.1.1 in VPN instance vpn1 ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 1.000/1.800/2.000/0.400 ms
· Device A能ping通Device E的vpn2網段IP 14.1.1.1。
<DeviceA> ping -vpn-instance vpn2 14.1.1.1
Ping 14.1.1.1 (14.1.1.1): 56 data bytes, press CTRL+C to break
56 bytes from 14.1.1.1: icmp_seq=0 ttl=254 time=2.000 ms
56 bytes from 14.1.1.1: icmp_seq=1 ttl=254 time=1.000 ms
56 bytes from 14.1.1.1: icmp_seq=2 ttl=254 time=1.000 ms
56 bytes from 14.1.1.1: icmp_seq=3 ttl=254 time=1.000 ms
56 bytes from 14.1.1.1: icmp_seq=4 ttl=254 time=2.000 ms
--- Ping statistics for 14.1.1.1 in VPN instance vpn2 ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 1.000/1.400/2.000/0.490 ms
· Device A:
#
sysname DeviceA
#
ip vpn-instance vpn1
#
ip vpn-instance vpn2
#
ospf 15 router-id 1.1.1.9 vpn-instance vpn1
area 0.0.0.0
network 201.1.1.0 0.0.0.255
network 203.1.1.0 0.0.0.255
#
ospf 115 router-id 1.1.1.10 vpn-instance vpn2
area 0.0.0.0
network 202.1.1.0 0.0.0.255
network 204.1.1.0 0.0.0.255
#
interface Route-Aggregation11
link-aggregation mode dynamic
#
interface Route-Aggregation11.1
ip binding vpn-instance vpn1
ip address 201.1.1.2 255.255.255.0
ospf cost 10
ospf timer hello 1
ospf timer dead 4
ospf authentication-mode md5 1 plain 12345
vlan-type dot1q vid 10
#
interface Route-Aggregation11.2
ip binding vpn-instance vpn2
ip address 202.1.1.2 255.255.255.0
ospf cost 10
ospf timer hello 1
ospf timer dead 4
ospf authentication-mode md5 1 plain 12345
vlan-type dot1q vid 20
#
interface Route-Aggregation12
link-aggregation mode dynamic
#
interface Route-Aggregation12.1
ip binding vpn-instance vpn1
ip address 203.1.1.2 255.255.255.0
ospf cost 10
ospf timer hello 1
ospf timer dead 4
ospf authentication-mode md5 1 plain 12345
vlan-type dot1q vid 10
#
interface Route-Aggregation12.2
ip binding vpn-instance vpn2
ip address 204.1.1.2 255.255.255.0
ospf cost 10
ospf timer hello 1
ospf timer dead 4
ospf authentication-mode md5 1 plain 12345
vlan-type dot1q vid 20
#
interface LoopBack1
ip binding vpn-instance vpn1
ip address 1.1.1.9 255.255.255.255
#
interface LoopBack2
ip binding vpn-instance vpn2
ip address 1.1.1.10 255.255.255.255
#
interface GigabitEthernet1/0/1
port link-mode route
port link-aggregation group 11
#
interface GigabitEthernet1/0/2
port link-mode route
port link-aggregation group 12
#
· Device B:
#
sysname DeviceB
#
ip vpn-instance vpn1
#
ip vpn-instance vpn2
#
ospf 15 router-id 2.2.2.9 vpn-instance vpn1
import-route direct route-policy p1
import-route static route-policy p1
area 0.0.0.0
network 11.1.1.0 0.0.0.255
network 172.168.1.0 0.0.0.255
network 201.1.1.0 0.0.0.255
#
ospf 115 router-id 2.2.2.10 vpn-instance vpn2
import-route direct route-policy p2
import-route static route-policy p2
area 0.0.0.0
network 12.1.1.0 0.0.0.255
network 192.168.1.0 0.0.0.255
network 202.1.1.0 0.0.0.255
#
interface Route-Aggregation1
link-aggregation mode dynamic
#
interface Route-Aggregation1.1
ip binding vpn-instance vpn1
ip address 11.1.1.2 255.255.255.0
ospf cost 10
ospf timer hello 1
ospf timer dead 4
ospf authentication-mode md5 1 plain 12345
vlan-type dot1q vid 10
#
interface Route-Aggregation1.2
ip binding vpn-instance vpn2
ip address 12.1.1.2 255.255.255.0
ospf cost 10
ospf timer hello 1
ospf timer dead 4
ospf authentication-mode md5 1 plain 12345
vlan-type dot1q vid 20
#
interface Route-Aggregation2
link-aggregation mode dynamic
#
interface Route-Aggregation2.1
ip binding vpn-instance vpn1
ip address 172.168.1.1 255.255.255.0
ospf cost 10
ospf timer hello 1
ospf timer dead 4
ospf authentication-mode md5 1 plain 12345
ospf network-type p2p
vlan-type dot1q vid 10
#
interface Route-Aggregation2.2
ip binding vpn-instance vpn2
ip address 192.168.1.1 255.255.255.0
ospf cost 10
ospf timer hello 1
ospf timer dead 4
ospf authentication-mode md5 1 plain 12345
vlan-type dot1q vid 20
#
interface Route-Aggregation11
link-aggregation mode dynamic
#
interface Route-Aggregation11.1
ip binding vpn-instance vpn1
ip address 201.1.1.1 255.255.255.0
ospf cost 10
ospf timer hello 1
ospf timer dead 4
ospf authentication-mode md5 1 plain 12345
vlan-type dot1q vid 10
#
interface Route-Aggregation11.2
ip binding vpn-instance vpn2
ip address 202.1.1.1 255.255.255.0
ospf cost 10
ospf timer hello 1
ospf timer dead 4
ospf authentication-mode md5 1 plain 12345
vlan-type dot1q vid 20
#
interface LoopBack1
ip binding vpn-instance vpn1
ip address 2.2.2.9 255.255.255.255
#
interface LoopBack2
ip binding vpn-instance vpn2
ip address 2.2.2.10 255.255.255.255
#
interface LoopBack101
ip binding vpn-instance vpn1
ip address 19.0.0.1 255.255.255.248
#
interface LoopBack102
ip binding vpn-instance vpn2
ip address 20.0.0.1 255.255.255.248
#
interface LoopBack103
ip binding vpn-instance vpn1
ip address 19.0.0.9 255.255.255.248
#
interface LoopBack104
ip binding vpn-instance vpn2
ip address 20.0.0.9 255.255.255.248
#
interface LoopBack105
ip binding vpn-instance vpn1
ip address 19.0.0.17 255.255.255.240
#
interface LoopBack106
ip binding vpn-instance vpn2
ip address 20.0.0.17 255.255.255.240
#
interface LoopBack107
ip binding vpn-instance vpn1
ip address 19.0.0.33 255.255.255.240
#
interface GigabitEthernet1/0/1
port link-mode route
port link-aggregation group 1
#
interface GigabitEthernet1/0/2
port link-mode route
port link-aggregation group 2
#
interface GigabitEthernet1/0/3
port link-mode route
port link-aggregation group 11
#
route-policy p1 permit node 10
if-match ip address prefix-list list1
#
route-policy p2 permit node 10
if-match ip address prefix-list list2
#
ip prefix-list list1 index 10 permit 19.0.0.0 24
ip prefix-list list1 index 20 permit 201.1.1.0 24
ip prefix-list list2 index 10 permit 20.0.0.0 24
ip prefix-list list2 index 20 permit 202.1.1.0 24
#
ip route-static vpn-instance vpn1 19.0.0.0 24 NULL0
ip route-static vpn-instance vpn2 20.0.0.0 24 NULL0
#
· Device C:
#
sysname DeviceC
#
ip vpn-instance vpn1
#
ip vpn-instance vpn2
#
ospf 15 router-id 3.3.3.9 vpn-instance vpn1
import-route direct route-policy p1
import-route static route-policy p1
area 0.0.0.0
network 13.1.1.0 0.0.0.255
network 172.168.1.0 0.0.0.255
network 203.1.1.0 0.0.0.255
#
ospf 115 router-id 3.3.3.10 vpn-instance vpn2
import-route direct route-policy p2
import-route static route-policy p2
area 0.0.0.0
network 14.1.1.0 0.0.0.255
network 192.168.1.0 0.0.0.255
network 204.1.1.0 0.0.0.255
#
interface Route-Aggregation1.1
ip binding vpn-instance vpn1
ip address 13.1.1.2 255.255.255.0
ospf cost 10
ospf timer hello 1
ospf timer dead 4
ospf authentication-mode md5 1 plain 12345
vlan-type dot1q vid 10
#
interface Route-Aggregation1.2
ip binding vpn-instance vpn2
ip address 14.1.1.2 255.255.255.0
ospf cost 10
ospf timer hello 1
ospf timer dead 4
ospf authentication-mode md5 1 plain 12345
vlan-type dot1q vid 20
#
interface Route-Aggregation2
link-aggregation mode dynamic
#
interface Route-Aggregation2.1
ip binding vpn-instance vpn1
ip address 172.168.1.2 255.255.255.0
ospf cost 10
ospf timer hello 1
ospf timer dead 4
ospf authentication-mode md5 1 plain 12345
vlan-type dot1q vid 10
#
interface Route-Aggregation2.2
ip binding vpn-instance vpn2
ip address 192.168.1.2 255.255.255.0
ospf cost 10
ospf timer hello 1
ospf timer dead 4
ospf authentication-mode md5 1 plain 12345
vlan-type dot1q vid 20
#
interface Route-Aggregation11
link-aggregation mode dynamic
#
interface Route-Aggregation11.1
ip binding vpn-instance vpn1
ip address 203.1.1.1 255.255.255.0
ospf cost 10
ospf timer hello 1
ospf timer dead 4
ospf authentication-mode md5 1 plain 12345
vlan-type dot1q vid 10
#
interface Route-Aggregation11.2
ip binding vpn-instance vpn2
ip address 204.1.1.1 255.255.255.0
ospf cost 10
ospf timer hello 1
ospf timer dead 4
ospf authentication-mode md5 1 plain 12345
vlan-type dot1q vid 20
#
interface LoopBack1
ip binding vpn-instance vpn1
ip address 3.3.3.9 255.255.255.255
#
interface LoopBack2
ip binding vpn-instance vpn2
ip address 3.3.3.10 255.255.255.255
#
interface LoopBack101
ip binding vpn-instance vpn1
ip address 21.0.0.1 255.255.255.248
#
interface LoopBack102
ip binding vpn-instance vpn2
ip address 22.0.0.1 255.255.255.248
#
interface LoopBack103
ip binding vpn-instance vpn1
ip address 21.0.0.17 255.255.255.240
#
interface LoopBack104
ip binding vpn-instance vpn2
ip address 22.0.0.9 255.255.255.248
#
interface LoopBack105
ip address 21.0.0.33 255.255.255.240
#
interface LoopBack106
ip binding vpn-instance vpn2
ip address 22.0.0.17 255.255.255.0
#
interface LoopBack107
ip binding vpn-instance vpn1
ip address 21.0.0.9 255.255.255.0
#
interface LoopBack108
ip address 22.0.0.33 255.255.255.0
#
interface GigabitEthernet1/0/1
port link-mode route
port link-aggregation group 1
#
interface GigabitEthernet1/0/2
port link-mode route
port link-aggregation group 2
#
interface GigabitEthernet1/0/3
port link-mode route
port link-aggregation group 11
#
route-policy p1 permit node 10
if-match ip address prefix-list list1
#
route-policy p2 permit node 10
if-match ip address prefix-list list2
#
ip prefix-list list1 index 10 permit 21.0.0.0 24
ip prefix-list list1 index 20 permit 203.1.1.0 24
ip prefix-list list2 index 10 permit 22.0.0.0 24
ip prefix-list list2 index 20 permit 204.1.1.0 24
#
ip route-static vpn-instance vpn1 21.0.0.0 24 NULL0
ip route-static vpn-instance vpn2 22.0.0.0 24 NULL0
#
· Device D:
#
sysname DeviceD
#
ip vpn-instance vpn1
#
ip vpn-instance vpn2
#
ospf 15 router-id 4.4.4.9 vpn-instance vpn1
area 0.0.0.0
network 11.1.1.0 0.0.0.255
#
ospf 115 router-id 4.4.4.10 vpn-instance vpn2
area 0.0.0.0
network 11.1.1.0 0.0.0.255
network 12.1.1.0 0.0.0.255
#
interface Route-Aggregation1
link-aggregation mode dynamic
#
interface Route-Aggregation1.1
ip binding vpn-instance vpn1
ip address 11.1.1.1 255.255.255.0
ospf cost 10
ospf timer hello 1
ospf timer dead 4
ospf authentication-mode md5 1 plain 12345
vlan-type dot1q vid 10
#
interface Route-Aggregation1.2
ip binding vpn-instance vpn2
ip address 12.1.1.1 255.255.255.0
ospf cost 10
ospf timer hello 1
ospf timer dead 4
ospf authentication-mode md5 1 plain12345
vlan-type dot1q vid 20
#
interface LoopBack1
ip binding vpn-instance vpn1
ip address 4.4.4.9 255.255.255.255
#
interface LoopBack2
ip binding vpn-instance vpn2
ip address 4.4.4.10 255.255.255.255
#
interface GigabitEthernet1/0/1
port link-mode route
port link-aggregation group 1
#
· Device E:
#
sysname DeviceE
#
ip vpn-instance vpn1
#
ip vpn-instance vpn2
#
ospf 15 router-id 5.5.5.9 vpn-instance vpn1
area 0.0.0.0
network 13.1.1.0 0.0.0.255
#
ospf 115 router-id 5.5.5.10 vpn-instance vpn2
area 0.0.0.0
network 14.1.1.0 0.0.0.255
#
interface Route-Aggregation1
link-aggregation mode dynamic
#
interface Route-Aggregation1.1
ip binding vpn-instance vpn1
ip address 13.1.1.1 255.255.255.0
ospf cost 10
ospf timer hello 1
ospf timer dead 4
ospf authentication-mode md5 1 plain 12345
vlan-type dot1q vid 10
#
interface Route-Aggregation1.2
ip binding vpn-instance vpn2
ip address 14.1.1.1 255.255.255.0
ospf cost 10
ospf timer hello 1
ospf timer dead 4
ospf authentication-mode md5 1 plain 12345
vlan-type dot1q vid 20
#
interface LoopBack1
ip binding vpn-instance vpn1
ip address 5.5.5.9 255.255.255.255
#
interface LoopBack2
ip binding vpn-instance vpn2
ip address 5.5.5.10 255.255.255.255
#
interface GigabitEthernet1/0/1
port link-mode route
port link-aggregation group 1
#
不同款型規格的資料略有差異, 詳細信息請向具體銷售和400谘詢。H3C保留在沒有任何通知或提示的情況下對資料內容進行修改的權利!
支持
售前谘詢
售後谘詢
人工在線谘詢
