Example for Configuring BGP/MPLS IP VPN (Manually Create A VPN Instance)
This section describes how to configure the basic BGP/MPLS IP VPN, which involves the configurations of MPLS LSPs, VPNv4 peers, and VPN instances.
Networking Requirements
On the network shown in Figure 1:
CE1 and CE3 are in vpna.
CE2 and CE4 are in vpnb.
The VPN target attribute of vpna is 111:1, and that of vpnb is 222:2.
Users in different VPN cannot access each other.
Configuration Roadmap
The configuration roadmap is as follows:
Configure OSPF on the backbone network to enable interworking between PEs.
Configure the basic MPLS functions and MPLS LDP on the PEs, and establish the MPLS LSPs between the PEs.
Configure MP IBGP to exchange the VPN routing information between the PEs.
Configure the VPN instance on the PE connected to the CE in the backbone network, and bind the PE interface connected to the CE to the corresponding VPN instance.
Configure EBGP between the CE and the PE to exchange VPN routing information.
Data Planning
To configure BGP/MPLS IP VPN, you need the following data:
MPLS LSR-IDs on the PEs and the Ps
RDs of vpna and vpnb
VPN targets of vpna and vpnb
Procedure
- Configure an IGP on the MPLS backbone to allow the PEs
and the Ps to reach each other.
# Configure PE1.
<FW> system-view [FW] sysname PE1 [PE1] interface loopback 1 [PE1-LoopBack1] ip address 1.1.1.9 32 [PE1-LoopBack1] quit [PE1] interface GigabitEthernet 0/0/2 [PE1-GigabitEthernet0/0/2] ip address 172.1.1.1 24 [PE1-GigabitEthernet0/0/2] quit [PE1] firewall zone untrust [PE1-zone-untrust] add interface GigabitEthernet 0/0/2 [PE1-zone-untrust] quit [PE1] ospf [PE1-ospf-1] area 0 [PE1-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255 [PE1-ospf-1-area-0.0.0.0] network 1.1.1.9 0.0.0.0 [PE1-ospf-1-area-0.0.0.0] quit [PE1-ospf-1] quit
# Configure a security policy for PE1.
[PE1] security-policy [PE1-policy-security] rule name policy_sec_1 [PE1-policy-security-rule-policy_sec_1] source-zone trust [PE1-policy-security-rule-policy_sec_1] destination-zone untrust [PE1-policy-security-rule-policy_sec_1] action permit [PE1-policy-security-rule-policy_sec_1] quit
# Configure the P.
<Router> system-view [Router] sysname P [P] interface loopback 1 [P-LoopBack1] ip address 2.2.2.9 32 [P-LoopBack1] quit [P] interface GigabitEthernet 0/0/0 [P-GigabitEthernet0/0/0] ip address 172.1.1.2 24 [P-GigabitEthernet0/0/0] quit [P] interface GigabitEthernet 0/0/1 [P-GigabitEthernet0/0/1] ip address 172.2.1.1 24 [P-GigabitEthernet0/0/1] quit [P] ospf [P-ospf-1] area 0 [P-ospf-1-area-0.0.0.0] network 172.1.1.0 0.0.0.255 [P-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255 [P-ospf-1-area-0.0.0.0] network 2.2.2.9 0.0.0.0 [P-ospf-1-area-0.0.0.0] quit [P-ospf-1] quit
# Configure PE2.
<FW> system-view [FW] sysname PE2 [PE2] interface loopback 1 [PE2-LoopBack1] ip address 3.3.3.9 32 [PE2-LoopBack1] quit [PE2] interface GigabitEthernet 0/0/2 [PE2-GigabitEthernet0/0/2] ip address 172.2.1.2 24 [PE2-GigabitEthernet0/0/2] quit [PE2] firewall zone untrust [PE2-zone-untrust] add interface GigabitEthernet 0/0/2 [PE2-zone-untrust] quit [PE2] ospf [PE2-ospf-1] area 0 [PE2-ospf-1-area-0.0.0.0] network 172.2.1.0 0.0.0.255 [PE2-ospf-1-area-0.0.0.0] network 3.3.3.9 0.0.0.0 [PE2-ospf-1-area-0.0.0.0] quit [PE2-ospf-1] quit
# Configure a security policy for PE2.
[PE2] security-policy [PE2-policy-security] rule name policy_sec_1 [PE2-policy-security-rule-policy_sec_1] source-zone trust [PE2-policy-security-rule-policy_sec_1] destination-zone untrust [PE2-policy-security-rule-policy_sec_1] action permit [PE2-policy-security-rule-policy_sec_1] quit
After the configuration, an OSPF neighbor relationship should be established between PE1 and the P and between the P and PE2. Run the display ospf peer command. The command output shows that the OSPF neighbor relationship is in Full state. Run the display ip routing-table command on the PEs. The command output shows that the PEs have learned the routes of the Loopback1 interface of each other.
Use PE1 as an example.
[PE1] display ip routing-table Route Flags: R - relay, D - download to fib ------------------------------------------------------------------------------ Routing Tables: Public Destinations : 8 Routes : 8 Destination/Mask Proto Pre Cost Flags NextHop Interface 1.1.1.9/32 Direct 0 0 D 127.0.0.1 LoopBack1 2.2.2.9/32 OSPF 10 1 D 172.1.1.2 GigabitEthernet0/0/2 3.3.3.9/32 OSPF 10 2 D 172.1.1.2 GigabitEthernet0/0/2 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 172.1.1.0/24 Direct 0 0 D 172.1.1.1 GigabitEthernet0/0/2 172.1.1.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/2 172.2.1.0/24 OSPF 10 2 D 172.1.1.2 GigabitEthernet0/0/2[PE1] display ospf peer OSPF Process 1 with Router ID 1.1.1.9 Neighbors Area 0.0.0.0 interface 172.1.1.1(GigabitEthernet0/0/2)'s neighbors Router ID: 172.1.1.2 Address: 172.1.1.2 State: Full Mode:Nbr is Master Priority: 1 DR: None BDR: None MTU: 1500 Dead timer due in 38 sec Neighbor is up for 00:02:44 Authentication Sequence: [ 0 ] - Configure basic MPLS capabilities and MPLS LDP on the MPLS
backbone network to set up the LDP LSP.
# Configure PE1.
[PE1] mpls lsr-id 1.1.1.9 [PE1] mpls [PE1-mpls] quit [PE1] mpls ldp [PE1-mpls-ldp] quit [PE1] interface GigabitEthernet 0/0/2 [PE1-GigabitEthernet0/0/2] mpls [PE1-GigabitEthernet0/0/2] mpls ldp [PE1-GigabitEthernet0/0/2] quit
# Configure the P.
[P] mpls lsr-id 2.2.2.9 [P] mpls [P-mpls] quit [P] mpls ldp [P-mpls-ldp] quit [P] interface GigabitEthernet 0/0/0 [P-GigabitEthernet0/0/0] mpls [P-GigabitEthernet0/0/0] mpls ldp [P-GigabitEthernet0/0/0] quit [P] interface GigabitEthernet 0/0/1 [P-GigabitEthernet0/0/1] mpls [P-GigabitEthernet0/0/1] mpls ldp [P-GigabitEthernet0/0/1] quit
# Configure PE2.
[PE2] mpls lsr-id 3.3.3.9 [PE2] mpls [PE2-mpls] quit [PE2] mpls ldp [PE2-mpls-ldp] quit [PE2] interface GigabitEthernet 0/0/2 [PE2-GigabitEthernet0/0/2] mpls [PE2-GigabitEthernet0/0/2] mpls ldp [PE2-GigabitEthernet0/0/2] quit
After the configuration, LDP sessions are set up between PE1 and the P and between the P and PE2. Run the display mpls ldp session command on the devices. The command output shows that the status of the session is Operational in the display result. Run the display mpls ldp lsp command, and view the status of the LDP LSP.
Use PE1 as an example.
[PE1] display mpls ldp session LDP Session(s) in Public Network Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM) A '*' before a session means the session is being deleted. ------------------------------------------------------------------------- PeerID Status LAM SsnRole SsnAge KASent/Rcv ------------------------------------------------------------------------- 2.2.2.9:0 Operational DU Passive 0000:00:01 5/5 ------------------------------------------------------------------------- TOTAL: 1 session(s) Found.
[PE1] display mpls ldp lsp LDP LSP Information ------------------------------------------------------------------------------- DestAddress/Mask In/OutLabel UpstreamPeer NextHop OutInterface ------------------------------------------------------------------------------- 1.1.1.9/32 3/NULL 2.2.2.9 127.0.0.1 InLoop0 *1.1.1.9/32 Liberal DS/2.2.2.9 2.2.2.9/32 NULL/3 - 172.1.1.2 GigabitEthernet0/0/2 2.2.2.9/32 1024/3 2.2.2.9 172.1.1.2 GigabitEthernet0/0/2 3.3.3.9/32 NULL/1025 - 172.1.1.2 GigabitEthernet0/0/2 3.3.3.9/32 1025/1025 2.2.2.9 172.1.1.2 GigabitEthernet0/0/2 ------------------------------------------------------------------------------- TOTAL: 5 Normal LSP(s) Found. TOTAL: 1 Liberal LSP(s) Found. TOTAL: 0 Frr LSP(s) Found. A '*' before an LSP means the LSP is not established A '*' before a Label means the USCB or DSCB is stale A '*' before a UpstreamPeer means the session is in GR state A '*' before a DS means the session is in GR state A '*' before a NextHop means the LSP is FRR LSP
- Establish an MP-IBGP peer relationship between the PEs.
# Configure PE1.
[PE1] bgp 100 [PE1-bgp] peer 3.3.3.9 as-number 100 [PE1-bgp] peer 3.3.3.9 connect-interface loopback 1 [PE1-bgp] ipv4-family vpnv4 [PE1-bgp-af-vpnv4] peer 3.3.3.9 enable [PE1-bgp-af-vpnv4] quit [PE1-bgp] quit
# Configure PE2.
[PE2] bgp 100 [PE2-bgp] peer 1.1.1.9 as-number 100 [PE2-bgp] peer 1.1.1.9 connect-interface loopback 1 [PE2-bgp] ipv4-family vpnv4 [PE2-bgp-af-vpnv4] peer 1.1.1.9 enable [PE2-bgp-af-vpnv4] quit [PE2-bgp] quit
After the configuration, run the display bgp peer command or the display bgp vpnv4 all peer command. The command output shows that the BGP peer relationship is set up between the PE and the CE, and the peer status is Established.
[PE1] display bgp vpnv4 all peer BGP local router ID : 1.1.1.9 Local AS number : 100 Total number of peers : 3 Peers in established state : 3 Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv 3.3.3.9 4 100 12 18 0 00:09:38 Established 0
- Configure VPN instances on PEs and bind the instances to
the CE interfaces.
# Configure PE1.
[PE1] ip vpn-instance vpna [PE1-vpn-instance-vpna] ipv4-family [PE1-vpn-instance-vpna-af-ipv4] route-distinguisher 100:1 [PE1-vpn-instance-vpna-af-ipv4] vpn-target 111:1 both [PE1-vpn-instance-vpna-af-ipv4] quit [PE1-vpn-instance-vpna] quit [PE1] ip vpn-instance vpnb [PE1-vpn-instance-vpnb] ipv4-family [PE1-vpn-instance-vpnb-af-ipv4] route-distinguisher 100:2 [PE1-vpn-instance-vpnb-af-ipv4] vpn-target 222:2 both [PE1-vpn-instance-vpnb-af-ipv4] quit [PE1-vpn-instance-vpnb] quit [PE1] interface GigabitEthernet 0/0/0 [PE1-GigabitEthernet0/0/0] ip binding vpn-instance vpna [PE1-GigabitEthernet0/0/0] ip address 10.1.1.2 24 [PE1-GigabitEthernet0/0/0] quit [PE1] firewall zone trust [PE1-zone-trust] add interface GigabitEthernet 0/0/0 [PE1-zone-trust] quit [PE1] interface GigabitEthernet 0/0/1 [PE1-GigabitEthernet0/0/1] ip binding vpn-instance vpnb [PE1-GigabitEthernet0/0/1] ip address 10.2.1.2 24 [PE1-GigabitEthernet0/0/1] quit [PE1] firewall zone trust [PE1-zone-trust] add interface GigabitEthernet 0/0/1 [PE1-zone-trust] quit
# Configure PE2.
[PE2] ip vpn-instance vpna [PE2-vpn-instance-vpna] ipv4-family [PE2-vpn-instance-vpna-af-ipv4] route-distinguisher 200:1 [PE2-vpn-instance-vpna-af-ipv4] vpn-target 111:1 both [PE2-vpn-instance-vpna-af-ipv4] quit [PE2-vpn-instance-vpna] quit [PE2] ip vpn-instance vpnb [PE2-vpn-instance-vpnb] ipv4-family [PE2-vpn-instance-vpnb-af-ipv4] route-distinguisher 200:2 [PE2-vpn-instance-vpnb-af-ipv4] vpn-target 222:2 both [PE2-vpn-instance-vpnb-af-ipv4] quit [PE2-vpn-instance-vpnb] quit [PE2] interface GigabitEthernet 0/0/0 [PE2-GigabitEthernet0/0/0] ip binding vpn-instance vpna [PE2-GigabitEthernet0/0/0] ip address 10.3.1.2 24 [PE2-GigabitEthernet0/0/0] quit [PE2] firewall zone trust [PE2-zone-trust] add interface GigabitEthernet 0/0/0 [PE2-zone-trust] quit [PE2] interface GigabitEthernet 0/0/1 [PE2-GigabitEthernet0/0/1] ip binding vpn-instance vpnb [PE2-GigabitEthernet0/0/1] ip address 10.4.1.2 24 [PE2-GigabitEthernet0/0/1] quit [PE2] firewall zone trust [PE2-zone-trust] add interface GigabitEthernet 0/0/1 [PE2-zone-trust] quit
# Configure an IP address for the CE interface based on Figure 1. Details for the configuration procedure are not provided here.
After the configuration, check the configuration of VPN instances by running the display ip vpn-instance verbose command on the PEs. Each PE can successfully ping its own CE.
When the interfaces on a PE are bound to the same VPN, specify the source IP address when you use the ping -vpn-instance command to ping the CE connected to the peer PE. To ensure the success of this procedure, specify -a source-ip-address in the ping -vpn-instance vpn-instance-name -a source-ip-address dest-ip-address command. Otherwise, the ping fails.
Use PE1 and CE1 as an example:
[PE1] display ip vpn-instance verbose Total VPN-Instances configured : 2 Total IPv4 VPN-Instances configured : 2 Total IPv6 VPN-Instances configured : 0 VPN-Instance Name and ID : vpna, 1 Interfaces : GigabitEthernet0/0/0 Address family ipv4 Create date : 2009/01/21 11:30:35 Up time : 0 days, 00 hours, 05 minutes and 19 seconds Route Distinguisher : 100:1 Export VPN Targets : 111:1 Import VPN Targets : 111:1 Label Policy : label per route The diffserv-mode Information is : uniform The ttl-mode Information is : pipe Log Interval : 5 VPN-Instance Name and ID : vpnb, 2 Interfaces : GigabitEthernet0/0/1 Address family ipv4 Create date : 2009/01/21 11:31:18 Up time : 0 days, 00 hours, 04 minutes and 36 seconds Route Distinguisher : 100:2 Export VPN Targets : 222:2 Import VPN Targets : 222:2 Label Policy : label per route The diffserv-mode Information is : uniform The ttl-mode Information is : pipe Log Interval : 5
[PE1] ping -vpn-instance vpna 10.1.1.1 PING 10.1.1.1: 56 data bytes, press CTRL_C to break Reply from 10.1.1.1: bytes=56 Sequence=1 ttl=255 time=56 ms Reply from 10.1.1.1: bytes=56 Sequence=2 ttl=255 time=4 ms Reply from 10.1.1.1: bytes=56 Sequence=3 ttl=255 time=4 ms Reply from 10.1.1.1: bytes=56 Sequence=4 ttl=255 time=52 ms Reply from 10.1.1.1: bytes=56 Sequence=5 ttl=255 time=3 ms --- 10.1.1.1 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 3/23/56 ms - Establish the EBGP peer relationship between the PE and
CE to import VPN routes.
# Configure CE1.
[CE1] bgp 65410 [CE1-bgp] peer 10.1.1.2 as-number 100 [CE1-bgp] import-route direct
The configuration procedures of CE2, CE3 and CE4 are similar to that of CE1.
# Configure PE1.
[PE1] bgp 100 [PE1-bgp] ipv4-family vpn-instance vpna [PE1-bgp-vpna] peer 10.1.1.1 as-number 65410 [PE1-bgp-vpna] import-route direct [PE1-bgp-vpna] quit [PE1-bgp] ipv4-family vpn-instance vpnb [PE1-bgp-vpnb] peer 10.2.1.1 as-number 65420 [PE1-bgp-vpnb] import-route direct [PE1-bgp-vpnb] quit
The configuration of PE2 is similar to that of PE1. Details for the configuration procedure are not provided here.
After the configuration, run the display bgp vpnv4 vpn-instance vpn-instance-name peer command on the PE. The command output shows that the BGP peer relationship is set up between the PE and the CE, and the peer status is Established.
Use the peer relationship between PE1 and CE1 as an example.
[PE1] display bgp vpnv4 vpn-instance vpna peer BGP local router ID : 1.1.1.9 Local AS number : 100 VPN-Instance vpna, Router ID 1.1.1.9: Total number of peers : 1 Peers in established state : 1 Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv 10.1.1.1 4 65410 11 9 0 00:06:37 Established 1
- Verify the configuration.
Run the display ip routing-table vpn-instance vpn-instance-name command on the PE. The command output shows the route to peer CEs.
Use PE1 as an example.
[PE1] display ip routing-table vpn-instance vpna Route Flags: R - relay, D - download to fib ------------------------------------------------------------------------------ Routing Tables: vpna Destinations : 3 Routes : 3 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/24 Direct 0 0 D 10.1.1.2 GigabitEthernet0/0/0 10.1.1.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0 10.3.1.0/24 IBGP 255 0 RD 3.3.3.9 GigabitEthernet0/0/2[PE1] display ip routing-table vpn-instance vpnb Route Flags: R - relay, D - download to fib ------------------------------------------------------------------------------ Routing Tables: vpnb Destinations : 3 Routes : 3 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.2.1.0/24 Direct 0 0 D 10.2.1.2 GigabitEthernet0/0/1 10.2.1.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/1 10.4.1.0/24 IBGP 255 0 RD 3.3.3.9 GigabitEthernet0/0/2The CEs in the same VPN can successfully ping each other whereas two CEs in different VPNs cannot ping each other.
For example, CE1 can successfully ping CE3 (10.3.1.1/24) but cannot ping CE4 (10.4.1.1/24).
[CE1] ping 10.3.1.1 PING 10.3.1.1: 56 data bytes, press CTRL_C to break Reply from 10.3.1.1: bytes=56 Sequence=1 ttl=253 time=72 ms Reply from 10.3.1.1: bytes=56 Sequence=2 ttl=253 time=34 ms Reply from 10.3.1.1: bytes=56 Sequence=3 ttl=253 time=50 ms Reply from 10.3.1.1: bytes=56 Sequence=4 ttl=253 time=50 ms Reply from 10.3.1.1: bytes=56 Sequence=5 ttl=253 time=34 ms --- 10.3.1.1 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 34/48/72 ms[CE1] ping 10.4.1.1 PING 10.4.1.1: 56 data bytes, press CTRL_C to break Request time out Request time out Request time out Request time out Request time out --- 10.4.1.1 ping statistics --- 5 packet(s) transmitted 0 packet(s) received 100.00% packet loss
Configuration Scripts
Configuration script of PE1
#
sysname PE1
#
ip vpn-instance vpna
ipv4-family
route-distinguisher 100:1
vpn-target 111:1 export-extcommunity
vpn-target 111:1 import-extcommunity
#
ip vpn-instance vpnb
ipv4-family
route-distinguisher 100:2
vpn-target 222:2 export-extcommunity
vpn-target 222:2 import-extcommunity
#
mpls lsr-id 1.1.1.9
mpls
#
mpls ldp
#
interface GigabitEthernet0/0/0ip binding vpn-instance vpna
ip address 10.1.1.2 255.255.255.0
#
interface GigabitEthernet0/0/1ip binding vpn-instance vpnb
ip address 10.2.1.2 255.255.255.0
#
interface GigabitEthernet0/0/2ip address 172.1.1.1 255.255.255.0
mpls
mpls ldp
#
interface LoopBack1
ip address 1.1.1.9 255.255.255.255
# firewall zone trust set priority 85 add interface GigabitEthernet0/0/0 add interface GigabitEthernet0/0/1
# firewall zone untrust set priority 5 add interface GigabitEthernet0/0/2# security-policy rule name policy_sec_1 source-zone trust destination-zone untrust action permit#
bgp 100
peer 3.3.3.9 as-number 100
peer 3.3.3.9 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 3.3.3.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 3.3.3.9 enable
#
ipv4-family vpn-instance vpna
peer 10.1.1.1 as-number 65410
import-route direct
#
ipv4-family vpn-instance vpnb
peer 10.2.1.1 as-number 65420
import-route direct
#
ospf 1
area 0.0.0.0
network 172.1.1.0 0.0.0.255
network 1.1.1.9 0.0.0.0
#
return
Configuration script of the P
#
sysname P
#
mpls lsr-id 2.2.2.9
mpls
#
mpls ldp
#
interface GigabitEthernet0/0/0ip address 172.1.1.2 255.255.255.0
mpls
mpls ldp
#
interface GigabitEthernet0/0/1ip address 172.2.1.1 255.255.255.0
mpls
mpls ldp
#
interface LoopBack1
ip address 2.2.2.9 255.255.255.255
#
ospf 1
area 0.0.0.0
network 172.1.1.0 0.0.0.255
network 172.2.1.0 0.0.0.255
network 2.2.2.9 0.0.0.0
#
return
Configuration script of PE2
#
sysname PE2
#
ip vpn-instance vpna
ipv4-family
route-distinguisher 200:1
vpn-target 111:1 export-extcommunity
vpn-target 111:1 import-extcommunity
#
ip vpn-instance vpnb
ipv4-family
route-distinguisher 200:2
vpn-target 222:2 export-extcommunity
vpn-target 222:2 import-extcommunity
#
mpls lsr-id 3.3.3.9
mpls
#
mpls ldp
#
interface GigabitEthernet0/0/0ip binding vpn-instance vpna
ip address 10.3.1.2 255.255.255.0
#
interface GigabitEthernet0/0/1ip binding vpn-instance vpnb
ip address 10.4.1.2 255.255.255.0
#
interface GigabitEthernet0/0/2ip address 172.2.1.2 255.255.255.0
mpls
mpls ldp
#
interface LoopBack1
ip address 3.3.3.9 255.255.255.255
# firewall zone trust set priority 85 add interface GigabitEthernet0/0/0 add interface GigabitEthernet0/0/1
# firewall zone untrust set priority 5 add interface GigabitEthernet0/0/2# security-policy rule name policy_sec_1 source-zone trust destination-zone untrust action permit#
bgp 100
peer 1.1.1.9 as-number 100
peer 1.1.1.9 connect-interface LoopBack1
#
ipv4-family unicast
undo synchronization
peer 1.1.1.9 enable
#
ipv4-family vpnv4
policy vpn-target
peer 1.1.1.9 enable
#
ipv4-family vpn-instance vpna
peer 10.3.1.1 as-number 65430
import-route direct
#
ipv4-family vpn-instance vpnb
peer 10.4.1.1 as-number 65440
import-route direct
#
ospf 1
area 0.0.0.0
network 172.2.1.0 0.0.0.255
network 3.3.3.9 0.0.0.0
#
return
Configuration script of CE1
#
sysname CE1
#
interface GigabitEthernet0/0/0ip address 10.1.1.1 255.255.255.0
#
bgp 65410
peer 10.1.1.2 as-number 100
#
ipv4-family unicast
undo synchronization
import-route direct
peer 10.1.1.2 enable
#
return
Configuration script of CE2
#
sysname CE2
#
interface GigabitEthernet0/0/0ip address 10.2.1.1 255.255.255.0
#
bgp 65420
peer 10.2.1.2 as-number 100
#
ipv4-family unicast
undo synchronization
import-route direct
peer 10.2.1.2 enable
#
return
Configuration script of CE3
#
sysname CE3
#
interface GigabitEthernet0/0/0ip address 10.3.1.1 255.255.255.0
#
bgp 65430
peer 10.3.1.2 as-number 100
#
ipv4-family unicast
undo synchronization
import-route direct
peer 10.3.1.2 enable
#
return
Configuration script of CE4
#
sysname CE4
#
interface GigabitEthernet0/0/0ip address 10.4.1.1 255.255.255.0
#
bgp 65440
peer 10.4.1.2 as-number 100
#
ipv4-family unicast
undo synchronization
import-route direct
peer 10.4.1.2 enable
#
return