VRF
Virtual routing forwarding,虛擬路由轉發表,簡稱VPN。他能在兩個site之間建立兩個不用的路由表,相互隔離,把每台交換機邏輯上分成多台虛擬交換機,即多VPN路由轉發實力。一般用於區分不同業務流量,不同的業務走不同的路由表,從而互相獨立,達到控制設備全局路由流量走向的目的。
Vlan1960:10.130.229.X
實例:5560做管理網段網關(全局,254),7510將VPN流量轉全局;廠商設備管理地址為該網段任意地址(全局.X)
廠商:
Vlan 1960
#
interface Vlan-interface1960
ip address 10.130.229.1 255.255.255.0
#
ip route-static 10.130.229.0 24 10.130.229.254
#
interface GigabitEthernet1/0/1
port access vlan 1960
#
7510
#
#
interface Vlan-interface1960
ip binding vpn-instance DMZ
ip address 10.130.229.253 255.255.255.0
#
ip vpn-instance DMZ
route-distinguisher 100:1
#
interface Vlan-interface1960
ip binding vpn-instance DMZ
ip address 10.130.229.253 255.255.255.0
#
ip route-static vpn-instance DMZ 10.130.229.0 24 10.130.229.254
#
interface range GigabitEthernet1/0/1 GigabitEthernet1/0/3
port access vlan 1960
#
5560:
#
interface Vlan-interface1960
ip address 10.130.229.254 255.255.255.0
#
interface GigabitEthernet1/0/1
port access vlan 1960
#
驗證:
7510:
<H3C>dis arp vpn-instance DMZ
Type: S-Static D-Dynamic O-Openflow R-Rule M-Multiport I-Invalid
IP address MAC address SVLAN/VSI Interface/Link ID Aging Type
10.130.229.1 a230-20b1-0302 1960 GE1/0/3 20 D
10.130.229.254 a22e-6fd3-0202 1960 GE1/0/1 3 D
<H3C>dis arp
Type: S-Static D-Dynamic O-Openflow R-Rule M-Multiport I-Invalid
IP address MAC address SVLAN/VSI Interface/Link ID Aging Type
10.130.229.1 a230-20b1-0302 1960 GE1/0/3 20 D
10.130.229.254 a22e-6fd3-0202 1960 GE1/0/1 3 D
<H3C>ping -vpn-instance DMZ 10.130.229.254
Ping 10.130.229.254 (10.130.229.254): 56 data bytes, press CTRL_C to break
56 bytes from 10.130.229.254: icmp_seq=0 ttl=255 time=1.000 ms
56 bytes from 10.130.229.254: icmp_seq=1 ttl=255 time=1.000 ms
56 bytes from 10.130.229.254: icmp_seq=2 ttl=255 time=1.000 ms
56 bytes from 10.130.229.254: icmp_seq=3 ttl=255 time=0.000 ms
56 bytes from 10.130.229.254: icmp_seq=4 ttl=255 time=0.000 ms