juniper MPLS VPN 实验.docx
《juniper MPLS VPN 实验.docx》由会员分享,可在线阅读,更多相关《juniper MPLS VPN 实验.docx(16页珍藏版)》请在冰豆网上搜索。
juniperMPLSVPN实验
工作太忙的关系,有一段时间没搞JUNIPER实验。
近期由于要整理一些实验文档的关系,趁假期的时间又重新做了一遍juniper的MPLSVPN的实验。
实验拓扑:
实验说明:
实验是用OLIVE的逻辑路由器来实现的。
模拟7台路由器,r1,r5,r6,r7分别模拟CE1,CE2,CE3,CE4,中间三台路由器模拟ISP的核心网络。
配置:
showconfiguration|no-more
##Lastcommit:
2010-02-1422:
57:
09UTCbylin
version8.5R1.14;
system{
host-nameMPLS-VPN;
domain-name;
authentication-order[radiuspassword];
root-authentication{
encrypted-password"$1$7ZQaCQps$EqPR2y83tbGr6XRDo/WMD/";##SECRET-DATA
}
radius-server{
192.168.1.129{
port1812;
secret"$9$k.Tzn/CuBI6/vWX7Vb";##SECRET-DATA
}
}
login{
classops{
idle-timeout5;
permissionsnetwork;
allow-commands"showinterface";
deny-commands"traceroute|telnet|ssh";
}
userhmily{
uid2008;
classsuper-user;
authentication{
encrypted-password"$1$UUI.FWPe$bSYWxLRreVza1jc9P4LGd/";##SECRET-DATA
}
}
userlin{
uid2000;
classsuper-user;
authentication{
encrypted-password"$1$IbVuXUgf$mDrmX.SRr3mjpFOMfqgYo/";##SECRET-DATA
}
}
userops{
uid2001;
classops;
authentication{
encrypted-password"$1$W31PgUWw$d667i1B0agPAzbvO4hiFd1";##SECRET-DATA
}
}
}
services{
ftp;
ssh;
telnet;
web-management{
http;
}
}
syslog{
user*{
anyemergency;
}
filemessages{
anynotice;
}
fileinteractive-commands{
interactive-commandsany;
}
fileauth{
authorizationinfo;
archive{
size5m;
files5;
}
}
}
ntp{
authentication-key101typemd5value"$9$H.fz1IcylM";##SECRET-DATA
server10.0.200.2key101;##SECRET-DATA
trusted-key101;
}
}
logical-routers{
r1{
interfaces{
em1{
unit12{
vlan-id12;
familyinet{
address133.10.12.1/24;
}
}
}
lo0{
unit1{
familyinet{
address1.1.1.1/32;
}
}
}
}
protocols{
bgp{
groupto-pe{
typeexternal;
exportdirect;
neighbor133.10.12.2{
peer-as200;
}
}
}
}
policy-options{
policy-statementdirect{
term1{
fromprotocoldirect;
thenaccept;
}
}
}
routing-options{
router-id1.1.1.1;
autonomous-system100;
}
}
r2{
interfaces{
em1{
unit61{
vlan-id61;
familyinet{
address133.10.61.1/24;
}
}
}
em2{
unit12{
vlan-id12;
familyinet{
address133.10.12.2/24;
}
familympls;
}
unit23{
vlan-id23;
familyinet{
address133.10.23.2/24;
}
familyiso;
familympls;
}
}
lo0{
unit2{
familyinet{
address2.2.2.2/32;
}
familyiso{
address47.0000.0000.0000.0002.00;
}
}
}
}
protocols{
mpls{
interfaceem2.12;
interfaceem2.23;
interfacelo0.2;
}
bgp{
groupibgp{
typeinternal;
local-address2.2.2.2;
familyinet-vpn{
unicast;
}
neighbor4.4.4.4{
peer-as65000;
}
}
}
isis{
interfaceem2.23;
interfacelo0.2;
}
ldp{
interfaceem2.23;
interfacelo0.2;
}
}
routing-instances{
vpn1{
instance-typevrf;
interfaceem2.12;
route-distinguisher65000:
1;
vrf-targettarget:
65000:
1;
vrf-table-label;
routing-options{
router-id2.2.2.2;
autonomous-system200;
}
protocols{
bgp{
groupto-ce{
typeexternal;
neighbor133.10.12.1{
peer-as100;
}
}
}
}
}
vpn2{
instance-typevrf;
interfaceem1.61;
route-distinguisher65000:
2;
vrf-targettarget:
65000:
2;
vrf-table-label;
routing-options{
static{
route6.6.6.6/32next-hop133.10.61.2;
}
}
}
}
routing-options{
router-id2.2.2.2;
autonomous-system65000;
}
}
r3{
interfaces{
em1{
unit23{
vlan-id23;
familyinet{
address133.10.23.1/24;
}
familyiso;
familympls;
}
unit34{
vlan-id34;
familyinet{
address133.10.34.3/24;
}
familyiso;
familympls;
}
}
lo0{
unit3{
familyinet{
address3.3.3.3/32;
}
familyiso{
address47.0000.0000.0000.0003.00;
}
}
}
}
protocols{
mpls{
interfaceem1.23;
interfaceem1.34;
interfacelo0.3;
}
isis{
interfaceem1.23;
interfaceem1.34;
interfacelo0.3;
}
ldp{
interfaceall;
}
}
}
r4{
interfaces{
em1{
unit47{
vlan-id47;
familyinet{
address133.10.47.1/24;
}
}
}
em2{
unit34{
vlan-id34;
familyinet{
address133.10.34.4/24;
}
familyiso;
familympls;
}
unit45{
vlan-id45;
familyinet{
address133.10.45.4/24;
}
familympls;
}
}
lo0{
unit4{
familyinet{
address4.4.4.4/32;
}
familyiso{
address47.0000.0000.0000.0004.00;
}
}
}
}
protocols{
mpls{
interfaceem2.34;
interfacelo0.4;
}
bgp{
groupibgp{
typeinternal;
local-address4.4.4.4;
familyinet-vpn{
unicast;
}
neighbor2.2.2.2{
peer-as65000;
}
}
}
isis{
interfaceem2.34;
interfacelo0.4;
}
ldp{
interfaceall;
}
}
policy-options{
policy-statementbgp-ospf{
fromprotocolbgp;
thenaccept;
}
}
routing-instances{
vpn1{
instance-typevrf;
interfaceem2.45;
route-distinguisher65000:
1;
vrf-targettarget:
65000:
1;
vrf-table-label;
routing-options{
router-id4.4.4.4;
autonomous-system2000;
}
protocols{
bgp{
升级会员 