VRF间的通信(AR路由器)
基础配置
[AR1]dis version
Huawei Versatile Routing Platform Software
VRP (R) software, Version 5.130 (AR2200 V200R003C00)
# AR1配置
ip vpn-instance a
route-dist 1:1
int g0/0/0
ip binding vpn-instance a
ip add 192.168.10.1 24
--------------
ip vpn-instance b
route-dist 2:2
int g0/0/1
ip binding vpn-instance b
ip add 192.168.20.1 24
第一种方法
# 直接将下一跳指向对方所在物理接口
[AR1]ip route-static vpn-instance a 192.168.20.0 24 GigabitEthernet 0/0/1
[AR1]ip route-static vpn-instance b 192.168.10.0 24 GigabitEthernet 0/0/0
[AR1]dis ip routing vpn-instance a
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: a
Destinations : 5 Routes : 5
Destination/Mask Proto Pre Cost Flags NextHop Interface
192.168.10.0/24 Direct 0 0 D 192.168.10.1 GigabitEthernet0/0/0
192.168.10.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0
192.168.10.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0
**192.168.20.0/24 Static 60 0 D 192.168.20.1 GigabitEthernet0/0/1**
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
[AR1]dis ip routing vpn-instance b
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: b
Destinations : 5 Routes : 5
Destination/Mask Proto Pre Cost Flags NextHop Interface
**192.168.10.0/24 Static 60 0 D 192.168.10.1 GigabitEthernet0/0/0**
192.168.20.0/24 Direct 0 0 D 192.168.20.1 GigabitEthernet0/0/1
192.168.20.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/1
192.168.20.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/1
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
[AR1]
第二种方法
[AR1]ip route-static vpn-instance a 192.168.20.2 32 vpn-instance b 192.168.20.2
[AR1]ip route-static vpn-instance b 192.168.10.2 32 vpn-instance a 192.168.10.2
# 查看路由表
[AR1]dis ip routing-table vpn-instance a
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: a
Destinations : 5 Routes : 5
Destination/Mask Proto Pre Cost Flags NextHop Interface
192.168.10.0/24 Direct 0 0 D 192.168.10.1 GigabitEthernet0/0/0
192.168.10.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0
192.168.10.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0
**192.168.20.2/32 Static 60 0 RD 192.168.20.2 GigabitEthernet0/0/1**
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
[AR1]dis ip routing-table vpn-instance b
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: b
Destinations : 5 Routes : 5
Destination/Mask Proto Pre Cost Flags NextHop Interface
**192.168.10.2/32 Static 60 0 RD 192.168.10.2 GigabitEthernet0/0/0**
192.168.20.0/24 Direct 0 0 D 192.168.20.1 GigabitEthernet0/0/1
192.168.20.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/1
192.168.20.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/1
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
VRF间的通信(CE交换机)
基础配置
# CE1
ip vpn-instance a
route-dist 1:1
ip vpn-instance b
route-dist 2:2
int g1/0/0
undo shutdown
undo portsw
ip binding vpn-instance a
ip add 192.168.10.1 24
int g1/0/2
undo shutdown
undo portsw
ip binding vpn-instance b
ip add 192.168.20.1 24
路由配置
# CE1 VRF互通配置
# 这一步配置方法不行,失败
ip route-static vpn-instance a 192.168.20.0 24 vpn-instance b
ip route-static vpn-instance b 192.168.10.0 24 vpn-instance a
# 下面这一种可以
ip route-static vpn-instance a 192.168.20.0 24 GE 1/0/2
ip route-static vpn-instance b 192.168.10.0 24 ge 1/0/0
VRF与PUBLIC(CE交换机)
基础配置
# LSW2的配置
sys
sysn LSW2
vlan batch 10 20
int g0/0/2
port link-type access
port default vlan 10
int g0/0/3
port link-type access
port default vlan 20
int g0/0/1
port link-t trunk
port trunk allow vlan 10 20
# AR4,外部网络的配置
sys
sysn AR4
int l0
ip add 8.8.8.8 32
int g0/0/0
ip add 10.0.14.4 24
ip route-static 192.168.10.0 24 10.0.14.1
ip route-static 192.168.20.0 24 10.0.14.1
ospf 1
a 0
network 10.0.14.4 0.0.0.0
network 8.8.8.8 0.0.0.0
quit
CE1 关键配置
# CE1
## 创建两个VRF
sys i
sysn CE1
ip vpn-instance RD
route-dist 1:1
## 接口配置
vlan batch 10 20
int g1/0/1
undo shutdown
port link-type trunk
port trunk allow vlan 10 20
int vlan 10
ip binding vpn-instance RD
ip add 192.168.10.1 24
int vlan 20
ip binding vpn-instance RD
ip add 192.168.20.1 24
## 与外部网络对接
int g1/0/0
undo shutdown
undo portsw
ip add 10.0.14.1 24
ospf 1
a 0
network 10.0.14.1 0.0.0.0
## RD上的路由,注意看这个写法,10.0.14.4不是本机的IP
ip route-static vpn-instance RD 0.0.0.0 0 10.0.14.4 public
# 回包是个麻烦,估计是ENSP CE12800的问题
# 10.10和20.20是PC的地址
# 目前只找到这种写法,直接写网段不行
ip route-static 192.168.10.10 32 vpn-instance RD 192.168.10.10
ip route-static 192.168.20.20 32 vpn-instance RD 192.168.20.20
或者这样
ip route-static 192.168.10.0 24 vpn-instance RD 192.168.10.10
ip route-static 192.168.20.0 24 vpn-instance RD 192.168.20.20
# 按理说这样的应该可以,但是不行,打上之后不生效
ip route-static 192.168.10.0 24 vpn-instance RD
ip route-static 192.168.20.0 24 vpn-instance RD
