VRF
Virtual routing forwarding,虚拟路由转发表,简称VPN。他能在两个site之间建立两个不用的路由表,相互隔离,把每台交换机逻辑上分成多台虚拟交换机,即多VPN路由转发实力。一般用于区分不同业务流量,不同的业务走不同的路由表,从而互相独立,达到控制设备全局路由流量走向的目的。
Vlan1960:10.130.229.X
实例:5560做管理网段网关(全局,254),7510将VPN流量转全局;厂商设备管理地址为该网段任意地址(全局.X)
厂商:
Vlan 1960
interface Vlan-interface1960
ip address 10.130.229.1 255.255.255.0
ip route-static 10.130.229.0 24 10.130.229.254
interface GigabitEthernet1/0/1
port access vlan 1960
7510
interface Vlan-interface1960
ip binding vpn-instance DMZ
ip address 10.130.229.253 255.255.255.0
ip vpn-instance DMZ
route-distinguisher 100:1
#
interface Vlan-interface1960
ip binding vpn-instance DMZ
ip address 10.130.229.253 255.255.255.0
#
ip route-static vpn-instance DMZ 10.130.229.0 24 10.130.229.254
interface range GigabitEthernet1/0/1 GigabitEthernet1/0/3
port access vlan 1960
5560:
interface Vlan-interface1960
ip address 10.130.229.254 255.255.255.0
interface GigabitEthernet1/0/1
port access vlan 1960
验证:
7510:
Type: S-Static D-Dynamic O-Openflow R-Rule M-Multiport I-Invalid
IP address MAC address SVLAN/VSI Interface/Link ID Aging Type
10.130.229.1 a230-20b1-0302 1960 GE1/0/3 20 D
10.130.229.254 a22e-6fd3-0202 1960 GE1/0/1 3 D
Type: S-Static D-Dynamic O-Openflow R-Rule M-Multiport I-Invalid
IP address MAC address SVLAN/VSI Interface/Link ID Aging Type
10.130.229.1 a230-20b1-0302 1960 GE1/0/3 20 D
10.130.229.254 a22e-6fd3-0202 1960 GE1/0/1 3 D
Ping 10.130.229.254 (10.130.229.254): 56 data bytes, press CTRL_C to break
56 bytes from 10.130.229.254: icmp_seq=0 ttl=255 time=1.000 ms
56 bytes from 10.130.229.254: icmp_seq=1 ttl=255 time=1.000 ms
56 bytes from 10.130.229.254: icmp_seq=2 ttl=255 time=1.000 ms
56 bytes from 10.130.229.254: icmp_seq=3 ttl=255 time=0.000 ms
56 bytes from 10.130.229.254: icmp_seq=4 ttl=255 time=0.000 ms