Cisco VPN Solutions Center: MPLS Solution プロビジョニング ガイド
Cisco VPN Solutions Center コンフィ ギュレーション ファイルの例
Cisco VPN Solutions Center コンフィギュレーション ファイルの例
発行日;2012/02/03 | ドキュメントご利用ガイド | ダウンロード ; この章pdf | フィードバック

目次

Cisco VPN Solutions Center コンフィギュレーション ファイルの例

VPN 内のハブとして構成されている CE

サンプル ハブアンドスポーク トポロジ

管理 VPN 構成例

多重 VPN のメンバとして構成されている CE

PE-CE リンクの OSPF ルーティング

IP 番号未指定プロビジョニングを使用した OSPF ルーティング

スタティック ルーティングの例

PE から CE への EBGP ルーティング

IP 番号未指定方式を使用した EBGP ルーティングのプロビジョニング

ケーブル ネットワークの例

番号指定アクセス リスト エントリから名前付きアクセスリスト エントリへの移行プロセスの例

番号指定エントリを持つ VPNSC 1.x を使用した新しいサービス要求用のコンフィグレット

名前付きエントリを持つ VPNSC2.x を使用した新しいサービス要求用のコンフィグレット

1.x コンフィグレットを VPN Solutions Center 2.2 で再展開した例

Cisco VPN Solutions Center コンフィギュレーション ファイルの例

この章では、VPN Solutions Center: MPLS Solution Release 2.2 によって生成されるコンフィギュレーション ファイルの例をいくつか紹介します。これらの例に含まれる IP アドレスおよびネットワーク デバイス名は仮称で、実際のネットワークでの使用を意図していません。


ヒント これらのコンフィギュレーション ファイル例を実際のネットワークで使用する場合は、例の中で使用されている IP アドレスを必ず適切な IP アドレスに置き換えてください。


この付録には、次のコンフィギュレーション ファイル例が含まれます。

「VPN 内のハブとして構成されている CE」

「サンプル ハブアンドスポーク トポロジ」

「管理 VPN 構成例」

「多重 VPN のメンバとして構成されている CE」

「PE-CE リンクの OSPF ルーティング」

「IP 番号未指定プロビジョニングを使用した OSPF ルーティング」

「スタティック ルーティングの例」

「PE から CE への EBGP ルーティング」

「IP 番号未指定方式を使用した EBGP ルーティングのプロビジョニング」

「ケーブル ネットワークの例」

「番号指定アクセス リスト エントリから名前付きアクセス リスト エントリへの移行プロセスの例」

VPN 内のハブとして構成されている CE

このコンフィギュレーション ファイルは、VPN 内のハブとして構成されている CE の例です。この例では、各 VRF に対して一意の RD 値が設定されます。

!!
!! Topology:
!!
!! CE1---PE==PE1---CE2
!
!! --------------------------------
!! Provider Edge router PE is a member of the Blue VPN without
!! Management VPN connectivity.
!! CE1 is provisioned as a hub in the Blue VPN.
!
! Hostname: PE
!
! Version 12.0
!
!! Provisioned routing forwarding instance for Blue VPN--vrf V9:blue
!! Route target 200:5 is used for hub-to-hub routing connectivity.
!! Route-target 200:6 is used for spoke routing connectivity.
!
ip vrf V6:blue
rd 200:6
route-target import 200:5
route-target import 200:6
route-target export 200:5
!
!! The subinterface on the PE faces the CE. The address is from the VPNSC
!! IP address Pool.
!
interface Serial2/3.333 point-to-point
description Serial2/3.333 fr dlci=333 : Provisioned by VPNSC: Service Request Id# = 14
ip vrf forwarding V6:blue
ip address 209.165.201.17 255.255.255.252
frame-relay interface-dlci 333
no shutdown
!
!! The routing protocol for the PE-to-CE link is RIP.
!! Definition for a RIP routing instance for VRF Blue.
!! Routes from the IBGP core that are associated with route-targets 200:5 or 200:6
!! are redistributed into RIP.
!
router rip
address-family ipv4 vrf V6:blue
redistribute bgp 200 metric transparent
network 209.165.201.0
exit-address-family
no auto-summary
version 2
!
!! Definition for the core-facing IBGP routing protocol routing instance for VRF Blue
!! VRF blue RIP routes are redistributed into the IBGP core.
!! Exported RIP routes are associated with route target 200:5.
!
router bgp 200
address-family ipv4 vrf V6:blue
redistribute rip
exit-address-family
!
!! --------------------------------
!! Customer Edge router CE1 is provisioned as a hub in the Blue VPN.
!
! Hostname: CE1
!
! Version 12.0
!
interface Serial0
encapsulation frame-relay
!
!! The subinterface on the CE is facing the PE. The IP address is from the VPNSC Pool.
!
interface Serial0.333 point-to-point
description Serial0.333 fr dlci=333 : Provisioned By VPNSC: Service Request Id# = 14
ip address 209.165.201.21 255.255.255.252
frame-relay interface-dlci 333
no shutdown
!
!! The routing protocol for the PE-to-CE1 link is RIP.
!
router rip
network 209.165.201.0
no auto-summary
version 2
!
!! --------------------------------
!! Provider Edge router PE1 is a member of the Blue VPN without
!! Management VPN connectivity.
!
! Hostname: PE1
!
! Version 12.0
!
!! Provisioned routing forwarding instance for Blue VPN--vrf V9:blue
!! Route target 200:5 is used for hub-to-hub routing connectivity.
!! Route-target 200:6 is used for spoke routing connectivity.
!
ip vrf V9:blue
rd 200:9
route-target import 200:5
route-target import 200:6
route-target export 200:5
!
!! The subinterface on the PE is facing the CE. The IP address is from the VPNSC Pool.
!
interface Serial2/0.334 point-to-point
description Serial2/0.334 fr dlci=334 : Provisioned by VPNSC: Service Request Id# = 15
ip vrf forwarding V9:blue
ip address 209.165.201.21 255.255.255.252
frame-relay interface-dlci 334
no shutdown
!
!! The routing protocol for the PE-to-CE link is RIP.
!! Definition for a RIP routing instance for VRF Blue.
!! Routes associated with route-targets from the BGP core that are associated
!! with route-targets 200:5 or 200:6 are redistributed into RIP.
!
router rip
address-family ipv4 vrf V9:blue
redistribute bgp 200 metric transparent
network 209.165.201.0
exit-address-family
no auto-summary
version 2
!
!! Definition for the core-facing IBGP routing protocol routing instance for VRF Blue.
!! VRF Blue RIP routes are redistributed into the IBGP core.
!! Exported RIP routes are associated with route target 200:5.
!
router bgp 200
address-family ipv4 vrf V9:blue
redistribute rip
exit-address-family
!
!! --------------------------------
!! Customer Edge router CE2 is provisioned as a hub in the Blue VPN.
!
! Hostname: CE2
!
! Version 12.0
!
!! The subinterface on the CE is facing the PE. The IP address is from the VPNSC Pool.
!
interface Serial0.334 point-to-point
description Serial0.334 fr dlci=334 : Provisioned by VPNSC: Service Request Id# = 15
ip address 209.165.201.22 255.255.255.252
frame-relay interface-dlci 334
no shutdown
!
!! The routing protocol for the PE1-to-CE2 link is RIP.
!
router rip
network 209.165.201.0
no auto-summary
version 2


 

サンプル ハブアンドスポーク トポロジ

このコンフィギュレーション ファイルは、3 つの CE を持つサンプル ハブアンドスポーク トポロジを示しています。CE1 が VPN のハブで、CE2 および CE3 は同じ VPN のスポークです。VRF 名に付加された -s は、この VRF がスポーク接続に関連付けられていることを示します。1 つまたはそれ以上の PE が使用される場合、VRF の命名と RD/RT の割り当ては変更されません。

!! Topology:
!!
!! CE1---PE---CE2
!! |
!! CE3----
!!
!! This configuration would not change if the CEs were attached to the same
!! or different PEs.
!
!! --------------------------------
!! Provider Edge router: the PE is a member of the Blue VPN without
!! Management VPN connectivity.
!! CE1 is provisioned as a hub; CE2 and CE3 are provisioned as spokes in the Blue VPN.
!
!Hostname: PE
!
! Version 12.0
!
!! Provisioned routing forwarding instance for Blue VPN--vrf V6:blue
!! for CE1 hub connectivity.
!! Route target 200:5 is used for hub-to-hub routing connectivity.
!! Route-target 200:6 is used for spoke routing connectivity.
!
ip vrf V6:blue
rd 200:6
route-target import 200:5
route-target import 200:6
route-target export 200:5
!
!! Provisioned routing forwarding instance for Blue VPN--vrf V7:blue-s
!! for CE2 spoke connectivity.
!! The "-s" appended to the VRF name indicates that this VRF is associated with
!! spoke connectivity.
!! Route target 200:5 is used for hub routing connectivity.
!! Route-target 200:6 is used for spoke routing connectivity.
!
ip vrf V7:blue-s
rd 200:7
route-target import 200:5
route-target export 200:6
!
!! Provisioned routing forwarding instance for Blue VPN--vrf V8:blue-s
!! for CE3 spoke connectivity.
!! The "-s" indicates that this VRF is associated with spoke connectivity.
!! Route target 200:5 is used for hub routing connectivity.
!! Route-target 200:6 is used for spoke routing connectivity.
!
ip vrf V8:blue-s
rd 200:8
route-target import 200:5
route-target export 200:6
!
!! The subinterface on the PE faces CE1; the address is from the VPNSC IP address Pool.
!
interface Serial2/0.122 point-to-point
description Serial2/0.122 fr dlci=122 : Provisioned by VPNSC: Service Request Id# = 11
ip vrf forwarding V6:blue
ip address 209.165.201.1 255.255.255.252
frame-relay interface-dlci 122
no shutdown
!
!! The subinterface on the PE faces CE2; the address is from the VPNSC IP address pool.
!
interface Serial2/1.123 point-to-point
description Serial2/1.123 fr dlci=123 : Provisioned by VPNSC: Service Request Id# = 12
ip vrf forwarding V7:blue-s
ip address 209.165.201.5 255.255.255.252
frame-relay interface-dlci 123
no shutdown
!
!! The subinterface on the PE faces CE3; the address is from the VPNSC IP address pool.
!
interface Serial2/2.124 point-to-point
description Serial2/2.124 fr dlci=124 : Provisioned by VPNSC: Service Request Id# = 13
ip vrf forwarding V8:blue-s
ip address 209.165.201.9 255.255.255.252
frame-relay interface-dlci 124
no shutdown
!
!! The routing protocol is RIP on the PE-CE link.
!!
router rip
!
!! Definition for RIP routing instance for VPN Blue.
!! Routes from the IBGP core that are associated with route-targets 200:5 or 200:6
!! are redistributed into RIP.
!! Provides hub VRF definition.
!
address-family ipv4 vrf V6:blue
redistribute bgp 200 metric transparent
network 209.165.201.0
exit-address-family
!
!! Definition for RIP routing instance for VRF Blue-s (spoke)
!! Routes from the IBGP core that are associated with route-targets 200:5
!! are redistributed into RIP.
!!
address-family ipv4 vrf V7:blue-s
redistribute bgp 200 metric transparent
network 209.165.201.0
exit-address-family
!
!! Definition for RIP routing instance for VRF Blue-s (spoke)
!! Routes from the IBGP core that are associated with route-targets 200:5
!! are redistributed into RIP.
!!
address-family ipv4 vrf V8:blue-s
redistribute bgp 200 metric transparent
network 209.165.201.0
exit-address-family
!
no auto-summary
version 2
!
!! Definition for the core-facing IBGP routing protocol routing instance for VRF Blue.
!! VRF Blue RIP routes are redistributed into the IBGP core.
!
router bgp 200
!
!! Exported RIP routes are associated with route target 200:5.
!
address-family ipv4 vrf V6:blue
redistribute rip
exit-address-family
!
!! Exported RIP routes are associated with route target 200:6.
!
address-family ipv4 vrf V7:blue-s
redistribute rip
exit-address-family
!
!! Exported RIP routes are associated with route target 200:6.
!
address-family ipv4 vrf V8:blue-s
redistribute rip
exit-address-family
!
!! --------------------------------
!! Customer Edge router CE1 is provisioned as a hub in the Blue VPN.
!
! Hostname: CE1
!
! Version 12.0
!
!! The CE subinterface faces the PE; the address is from the VPNSC IP address pool.
!
interface Serial0
encapsulation frame-relay
!
interface Serial0.122 point-to-point
description Serial0.122 fr dlci=122 : Provisioned by VPNSC: Service Request Id# = 11
ip address 209.165.201.2 255.255.255.252
frame-relay interface-dlci 122
no shutdown
!
!! The routing protocol for the PE-to-CE1 link is RIP.
!! Provides optional redistribution of the customer routing protocol EIGRP into the VPN.
!
router rip
network 209.165.201.0
redistribute eigrp 11 metric 1
no auto-summary
version 2
!
router eigrp 11
redistribute rip metric 1544 2000 255 1 1500
!
!! --------------------------------
!! Customer Edge router CE2 is provisioned as a spoke in the Blue VPN.
!
! Hostname: CE2
!
! Version 12.0
!
!! The CE subinterface faces the PE; the address is from the VPNSC IP address pool.
!
interface Serial0.123 point-to-point
description Serial0.123 fr dlci=123 : Provisioned by VPNSC: Service Request Id# = 12
ip address 209.165.201.6 255.255.255.252
frame-relay interface-dlci 123
no shutdown
!
!! The routing protocol for the PE-to-CE2 link is RIP.
!
router rip
network 209.165.201.0
no auto-summary
version 2
!
!! --------------------------------
!! Customer Edge router CE3 is provisioned as a spoke in the Blue VPN.
!!
! Hostname: CE3
!
! Version 12.0
!
!! The subinterface on the CE is facing the PE, the IP address is from the VPNSC Pool.
!
interface Serial0.124 point-to-point
description Serial0.124 fr dlci=124 : Provisioned By VPNSC: Service Request Id# = 13
ip address 209.165.201.6 255.255.255.224
frame-relay interface-dlci 124
no shutdown
!
!! The routing protocol for the PE-to-CE3 link is RIP.
!
router rip
network 209.165.201.0
no auto-summary
version 2


 

管理 VPN 構成例

このコンフィギュレーション ファイルは、管理 VPN のプロビジョニング例と、MCE および MPE のプロビジョニング例です。関連情報については、「管理 VPN 技術」および「管理 VPN 技術の実装」を参照してください。

!! Topology:

!!
!! CE1---PE==MPE---MCE
!
!! --------------------------------
!! Provider Edge router: PE
!! CE1 is provisioned as a hub in the Blue VPN and as a spoke in the Management VPN.
!
! Hostname: PE
!
! Version 12.0
!
!! Provisioned routing forwarding instance for Blue VPN--vrf V6:blue.
!! The route-target 200:5 is for customer-hub connectivity.
!! The route-target 200:6 is for customer-spoke connectivity.
!! The route-target 200:1 is to import a route from the MCE into the VRF.
!! The export map exports only the PE-to-CE link subnet from the blue VRF.
!! The export map exports the management route-target 200:2 and exports the
!! Blue VPN target 200:5.
!! The CE attached to the Blue VPN is a spoke in the Management VPN.
!
ip vrf V6:blue
rd 200:6
route-target import 200:5
route-target import 200:6
route-target import 200:1
route-target export 200:5
export map grey_mgmt_vpn_VpnsRus_V6:blue
!
!! The subinterface on the PE faces CE1. The IP address is from the VPNSC Pool.
!
interface Serial2/1.555 point-to-point
description Serial2/1.555 fr dlci=555 : Provisioned by VPNSC: Service Request Id# = 16
ip vrf forwarding V6:blue
ip address 209.165.202.129 255.255.255.252
frame-relay interface-dlci 555
no shutdown
!
!! The routing protocol for the PE-to-CE link is RIP.
!! Definition for a RIP routing instance for VRF Blue.
!! Routes from IBGP core that are associated with route-targets 200:5, or 200:6,
!! or 200:1 are redistributed into RIP.
!
router rip
address-family ipv4 vrf V6:blue
redistribute bgp 200 metric transparent
network 209.165.202.0
exit-address-family
!
no auto-summary
version 2
!
!! Definition for the core-facing IBGP routing protocol routing instance for VRF Blue.
!! VRF Blue RIP routes are redistributed into the IBGP core.
!! Exported RIP routes are associated with route target 200:5 and 200:2.
!
router bgp 200
address-family ipv4 vrf V6:blue
redistribute rip
exit-address-family
!
!! The route map is used by the export map in the Blue VRF for filtering
!! routes to the Management VPN.
!! The match matches the PE-to-CE subnet with access-list VPNSC_GREY_MGMT_ACL.
!! Route-targets for Management 200:2 and Blue VPN route-target 200:5 are exported.
!
route-map grey_mgmt_vpn_VpnsRus_V6:blue permit 10
match ip address VPNSC_GREY_MGMT_ACL
set extcommunity rt 200:2 200:5
!
ip access-list extended VPNSC_GREY_MGMT_ACL
permit 209.165.202.128 0.0.0.3 255.255.255.255
!
!! Customer Edge router CE1 is provisioned as a hub in the Blue VPN
!! and as a spoke in the Management VPN.
!
! Hostname: CE1
!
! Version 12.0
!
interface Serial0.510 point-to-point
description Serial0.510 fr dlci=510 : Provisioned by VPNSC: Service Request Id# = 14
ip address 209.165.209.29 255.255.255.252
frame-relay interface-dlci 110
no shutdown
!
interface Serial0.555 point-to-point
description Serial0.555 fr dlci=555 : Provisioned By VPNSC: Service Request Id# = 16
ip address 209.165.202.130 255.255.255.224
frame-relay interface-dlci 555
no shutdown
!
!! The routing protocol for the PE-to-CE1 link is RIP.
!
router rip
network 209.165.202.0
no auto-summary
version 2
!
!! Management Provider Edge router: MPE
!! The attached Management CE (MCE) is a hub in the Management VPN.
!
! Hostname: MPE
! Version 12.0
!
!! The Management VPN uses route-target 200:1 as a hub and route-target 200:2 as a spoke.
!
ip vrf grey_mgmt_vpn_VpnsRus
rd 200:1
route-target import 200:1
route-target import 200:2
route-target export 200:1
!
!! The subinterface on the MPE faces the MCE.
!
interface Serial1/3
ip vrf forwarding grey_mgmt_vpn_VpnsRus
ip address 209.165.201.30 255.255.255.252
!
!! The routing protocol for the MPE-to-MCE link is RIP.
!! (Cisco recommends that you use a dynamic routing protocol.)
!! Definition for RIP routing instance for the VRF Grey Management VPN.
!! Routes from IBGP core that are associated with route-targets 200:1
!! and 200:2 are redistributed into RIP.
!! The subnet from the PE to CE1 link is imported with route-target 200:2.
!
router rip
address-family ipv4 vrf grey_mgmt_vpn_VpnsRus
redistribute static metric 1
redistribute bgp 200 metric transparent
network 209.165.201.0
exit-address-family
!
!! Routes are exported into the BGP core from RIP; connected and static routes
!! use route-target 200:1.
!
router bgp 200
address-family ipv4 vrf grey_mgmt_vpn_VpnsRus
redistribute rip
redistribute static
redistribute connected
exit-address-family
!
!! Customer Edge router MCE is provisioned as a hub in the Mgmt VPN.
!
! Hostname: MCE
!
! Version 12.0
!
router rip
network 209.165.201.0
!
rtr responder


 

多重 VPN のメンバとして構成されている CE

「エクストラネット」 とは、多重 VPN のメンバである CE を含む VPN です。エクストラネット プロビジョニングは、単一の VRF に対して多重 VPN 接続を確立する手段を提供します。エクストラネットを形成するどのようなトポロジでも、多重 CERC を VPN に追加できます。CE を、ある VPN ではスポークに、別の VPN ではハブにする方法で、エクストラネットに接続できます。

この構成には、3 つの CE が含まれます。2 つの CE は別の VPN にあり、1 つの CE はエクストラネットのメンバです。VRF 名に付加された -etc は、この VRF がエクストラネットのメンバであることを示しています。

!! Topology:
!
!! CE1---PE---CE2
!! |
!! CE3----
!
!! CE1 is a hub in the Blue VPN.
!! CE2 is a hub in the Red VPN.
!! CE3 is a hub in both the Blue and Red VPNs (Extranet).
!!
!
!! --------------------------------
!! Provider Edge router: PE
!
! Hostname: PE
!
! Version 12.0
!
!! Provisioned routing forwarding instance for blue VPN--vrf V6:blue
!! for CE1 hub connectivity.
!! Route target 200:5 is used for hub-to-hub routing connectivity.
!! Route-target 200:6 is used for spoke routing connectivity.
!
ip vrf V6:blue
rd 200:6
route-target import 200:5
route-target import 200:6
route-target export 200:5
!
!! Provisioned routing forwarding instance for Red VPN--vrf V10:red
!! for CE2 hub connectivity.
!! Route target 200:3 is used for hub-to-hub routing connectivity.
!! Route-target 200:4 is used for spoke routing connectivity.
!
ip vrf V10:red
rd 200:10
route-target import 200:3
route-target import 200:4
route-target export 200:3
!
!! Provisioned routing forwarding instance for blue VPN--vrf V6:blue-etc
!! for CE3 hub connectivity.
!! Route target 200:5 is used for hub-to-hub routing connectivity in the Blue VPN
!! Route-target 200:6 is used for spoke routing connectivity in the Blue VPN
!! Route target 200:3 is used for hub-to-hub routing connectivity in the Red VPN
!! Route-target 200:4 is used for spoke routing connectivity in the Red VPN
!! The VRF name with "-etc" indicates that the VRF is a member of an extranet.
!
ip vrf V11:blue-etc
rd 200:11
route-target import 200:3
route-target import 200:4
route-target import 200:5
route-target import 200:6
route-target export 200:3
route-target export 200:5
!
!! The subinterface on the PE is facing CE1; the IP address is from the VPNSC Pool.
!
interface Serial2/0.343 point-to-point
description Serial2/0.343 fr dlci=343 : Provisioned by VPNSC: Service Request Id# = 17
ip vrf forwarding V6:blue
ip address 209.165.200.229 255.255.255.255
frame-relay interface-dlci 343
no shutdown
!
!! The subinterface on the PE is facing CE2; the IP address is from the VPNSC Pool.
!
interface Serial2/3.888 point-to-point
description Serial2/3.888 fr dlci=888 : Provisioned by VPNSC: Service Request Id# = 18
ip vrf forwarding V10:red
ip address 209.165.200.233 255.255.255.252
frame-relay interface-dlci 888
no shutdown
!
!! The subinterface on the PE is facing CE3; the IP address is from the VPNSC Pool.
!
interface Serial2/5.777 point-to-point
description Serial2/5.777 fr dlci=777 : Provisioned by VPNSC: Service Request Id# = 19
ip vrf forwarding V11:blue-etc
ip address 209.165.200.237 255.255.255.252
frame-relay interface-dlci 777
no shutdown
!
!! The routing protocol is RIP on the PE-to-CE link.
!
router rip
!
!! Definition for the RIP routing instance for the VPN Blue.
!! Routes from the IBGP core that are associated with route-targets 200:5 or 200:6
!! are redistributed into RIP.
!! Hub VRF definition.
!
address-family ipv4 vrf V6:blue
redistribute bgp 200 metric transparent
network 209.165.200.0
exit-address-family
!
!! Definition for RIP routing instance for the VPN Red.
!! Routes from the IBGP core that are associated with route-targets 200:3 or 200:4
!! are redistributed into RIP.
!! Provides hub VRF definition.
!
address-family ipv4 vrf V10:red
redistribute bgp 200 metric transparent
network 209.165.200.0
exit-address-family
!
!! Definition for RIP routing instance for the VRF in both the Red and Blue VPNs.
!! Routes from the IBGP core that are associated with route-targets 200:5, 200:6, 200:3, !! or 200:4 are redistributed into RIP.
!! Provides hub VRF definition.
!
address-family ipv4 vrf V11:blue-etc
redistribute bgp 200 metric transparent
network 209.165.200.0
exit-address-family
!
router bgp 200
!
!! Definition for the core-facing IBGP routing protocol routing instance for VRF Blue.
!! VRF Blue RIP routes are redistributed into the IBGP core.
!
address-family ipv4 vrf V6:blue
redistribute rip
exit-address-family
!
!! Definition of the core-facing IBGP routing protocol routing instance for the VRF Blue.
!! VRF Red RIP routes are redistributed into the IBGP core.
!
address-family ipv4 vrf V10:red
redistribute rip
exit-address-family
!
!! Core-facing IBGP routing protocol routing instance for the extranet VRF
!! VRF Red RIP routes are redistributed into the IBGP core
!
address-family ipv4 vrf V11:blue-etc
redistribute rip
exit-address-family
!
!! --------------------------------
!! Customer Edge router CE1 is provisioned as a hub in the Blue VPN.
! Hostname: CE1
!
! Version 12.0
!
interface Serial0
encapsulation frame-relay
!
interface Serial0.343 point-to-point
description Serial0.343 fr dlci=343 : Provisioned by VPNSC: Service Request Id# = 17
ip address 209.165.200.230 255.255.255.252
frame-relay interface-dlci 343
no shutdown
!
router rip
network 209.165.200.0
no auto-summary
version 2
!
!! --------------------------------
!! Customer Edge router CE2 is provisioned as a hub in the Red VPN.
!
! Hostname: CE2
!
! Version 12.0
!
interface Serial0.888 point-to-point
description Serial0.888 fr dlci=888 : Provisioned by VPNSC: Service Request Id# = 18
ip address 209.165.200.234 255.255.255.252
frame-relay interface-dlci 888
!
no shutdown
!
router rip
network 209.165.200.0
no auto-summary
version 2
!
!! --------------------------------
!! Customer Edge router CE3 is provisioned as a hub in the Red and Blue VPNs.
!
! Hostname: CE3
!
! Version 12.0
!
interface Serial0.777 point-to-point
description Serial0.777 fr dlci=777 : Provisioned by VPNSC: Service Request Id# = 19
ip address 209.165.200.238 255.255.255.252
frame-relay interface-dlci 777
no shutdown
!
router rip
network 209.165.200.0
no auto-summary


 

PE-CE リンクの OSPF ルーティング

このコンフィギュレーション ファイルは、PE-CE リンクでの OSPF プロトコルの使用と、PE から CE1 への IP 番号指定プロビジョニングの使用を例示しています。CE1 は、Red という VPN のメンバです。CE1 は、Red VPN のハブとして、また管理 VPN のスポークとして設定されます。エクスポート マップは、Red VRF から PE-to-CE リンク サブネットだけをエクスポートします。VRF Red OSPF ルートは、IBGP コアに再配布されます。Red VRF ではエクスポート マップによってルート マップが使用され、管理 VPN へのルートがフィルタリングされます。

!!
!! Topology:
!!
!! CE1---PE
!! --------------------------------
!! Provider Edge router: PE
!! CE1 is provisioned as a hub in the Red VPN and as a spoke in the Management VPN.
!
! Hostname: PE
!
! Version 12.0
!! Provisioned routing forwarding instance for Red VPN--vrf V10:red.
!! The route-target 200:3 is for Red VPN hub connectivity.
!! The route-target 200:4 is for Red VPN spoke connectivity.
!! The route-target 200:1 is to import a route for management from the MCE into the VRF.
!! The export map exports only the PE-to-CE link subnet from the Red VRF.
!! The export map exports the management route-target 200:2.
!
ip vrf V10:red
rd 200:10
route-target import 200:3
route-target import 200:4
route-target import 200:1
route-target export 200:3
export map grey_mgmt_vpn_VpnsRus_V10:red
!
 
interface Serial2/3.323 point-to-point
description Serial2/3.323 fr dlci=323 : Provisioned by VPNSC: Service Request Id# = 21
ip vrf forwarding V10:red
ip address 209.165.200.225 255.255.255.252
frame-relay interface-dlci 323
no shutdown
!!
!! OSPF routing for vrf Red using Area 0.
!! IBGP routes that reference route-targets 200:3,200:4, or 200:1 are redistributed
!! into VRF Red.
!
router ospf 10 vrf V10:red
network 209.165.200.224 0.0.0.3 area 0
redistribute bgp 200 subnets
!
!
!! Definition for the core-facing IBGP routing protocol routing instance for VRF Red.
!! VRF Red OSPF routes are redistributed into the IBGP core.
!! Exported static routes are associated with route targets 200:3 and 200:2.
!
router bgp 200
address-family ipv4 vrf V10:red
!
redistribute ospf 10 match internal external 1 external 2
exit-address-family
!
!! The route map is used by the export map in the Red VRF to filter routes
!! to the Management VPN.
!! The match matches the PE-to-CE subnet with the extended access list.
!! Route-targets 200:2 and 200:3 are exported.
!
route-map grey_mgmt_vpn_VpnsRus_V10:red permit 10
match ip address VPNSC_GREY_MGMT_ACL
set extcommunity rt 200:2 200:3
!
ip access-list extended VPNSC_GREY_MGMT_ACL
permit 209.165.200.224 0.0.0.3 255.255.255.255
!! --------------------------------
!! Customer Edge router CE1 is provisioned as a hub in the Red VPN.
!
! Hostname: CE1
!
! Version 12.0
!
interface Serial0
!
encapsulation frame-relay
!
interface Serial0.323 point-to-point
description Serial0.323 fr dlci=323 : Provisioned by VPNSC: Service Request Id# = 21
ip address 209.165.200.226 255.255.255.252
frame-relay interface-dlci 323
!
no shutdown
!
router ospf 10
network 209.165.200.224 0.0.0.3 area 0


 

IP 番号未指定プロビジョニングを使用した OSPF ルーティング

このコンフィギュレーション ファイルは、PE-CE リンクでの OSPF プロトコルの使用と、PE から CE1 への IP 番号未指定プロビジョニングの使用を例示しています。CE1 は、Red という VPN のメンバです。CE1 は Red VPN のハブとして、また管理 VPN のスポークとして設定されます。エクスポート マップは、Red VRF から PE-to-CE リンク サブネットだけをエクスポートします。VRF Red OSPF ルートは、IBGP コアに再配布されます。

Red VRF ではエクスポート マップによってルート マップが使用され、管理 VPN へのルートがフィルタリングされます。PE に対する 番号未指定接続には、Loopback インターフェイスが使用されます。スタティック ルートは、PE 上の 番号未指定インターフェイス用に使用される Loopback アドレスを指します。


) 標準的なインターフェイスとは異なり、VPNSC 内でループバック インターフェイスのプロビジョニングが行われる場合は、結果のコンフィギュレーション ファイルには、Service Request ID 番号が含まれません。これは、複数のインターフェイスまたはサービス要求が、同一のループバック インターフェイスを使用できるためです。


!! Area 1 used is for the PE-to-CE link without default information originate.
!!
!! Topology:
!!
!! CE1---PE
!
!! --------------------------------
!! Provider Edge router: PE
!! CE1 is provisioned as a hub in the Red VPN and as a spoke in the Management VPN.
!
! Hostname: PE
!
! Version 12.0
!
!! Provisioned routing forwarding instance for Red VPN--vrf V10:red.
!! The route-target 200:3 is for Red VPN hub connectivity.
!! The route-target 200:4 is for Red VPN spoke connectivity.
!! The route-target 200:1 is to import a route for management from the MCE into the VRF.
!! The export map exports only the PE-to-CE link subnet from the Red VRF.
!! The export map exports the management route-target 200:2.
!
ip vrf V10:red
rd 200:10
route-target import 200:3
route-target import 200:4
route-target import 200:1
route-target export 200:3
export map grey_mgmt_vpn_VpnsRus_V10:red
!
!! The Loopback interface is used for the unnumbered interface in the Red VRF
!! using the VPNSC IP address pool.
!
interface Loopback1
description Provisioned by VPN-SC
ip vrf forwarding V10:red
ip address 209.165.201.1 255.255.255.255
no shutdown
!
!! The subinterface on the PE faces CE1.
!
interface Serial2/1.343 point-to-point
description Serial2/1.343 fr dlci=343 : Provisioned by VPNSC: Service Request Id# = 22
ip vrf forwarding V10:red
ip unnumbered Loopback1
frame-relay interface-dlci 343
no shutdown
!
!! OSPF routing for VRF Red using Area 1.
!! IBGP routes that reference route-targets 200:3,200:4, or 200:1
!! are redistributed into VRF Red.
!
router ospf 13 vrf V10:red
network 209.165.201.0 0.0.0.0 area 1
redistribute bgp 200 subnets
!
!! Definition for the core-facing IBGP routing protocol routing instance for VRF Red.
!! VRF red OSPF routes are redistributed into the IBGP core.
!! Exported static routes are associated with route targets 200:3 and 200:2.
!
router bgp 200
address-family ipv4 vrf V10:red
redistribute ospf 13 match internal external 1 external 2
redistribute static
exit-address-family
!
!! The static route that points to the CE loopback address is redistributed
!! into the IBGP core.
!
ip route vrf V10:red 209.165.201.2 255.255.255.255 Serial2/1.343 1
!
!! The route map is used by the export map in the Red VRF to filter routes
!! to the Management VPN.
!! The match matches-the-PE to CE subnet with the extended access list.
!! Route-targets 200:2 and 200:3 are exported
!
route-map grey_mgmt_vpn_VpnsRus_V10:red permit 10
match ip address VPNSC_GREY_MGMT_ACL
set extcommunity rt 200:2 200:3
!
ip access-list extended VPNSC_GREY_MGMT_ACL
permit 209.165.201.0 0.0.0.3 255.255.255.255
!
!! --------------------------------
!! Customer Edge router CE1 is provisioned as a hub in the Red VPN.
!
! Hostname: CE1
!
! Version 12.0
!
!! The Loopback interface is used for unnumbered connectivity to the PE.
!
interface Loopback1
description Provisioned by VPN-SC
ip address 209.165.201.2 255.255.255.255
no shutdown
!
interface Serial0
encapsulation frame-relay
!
interface Serial0.343 point-to-point
description Serial0.343 fr dlci=343 : Provisioned by VPNSC: Service Request Id# = 22
ip unnumbered Loopback1
frame-relay interface-dlci 343
no shutdown
!
!! The OSPF routing protocol uses Area 1 for the PE-to-CE link.
!
router ospf 13
network 209.165.201.2 0.0.0.0 area 1
!
!! The static route points to the Loopback address used for the
!! unnumbered interface on the PE.
!
ip route 209.165.201.1 255.255.255.255 Serial0.343 1


 

スタティック ルーティングの例

このコンフィギュレーション ファイルは、PE-CE リンク上のスタティック ルーティングの例です。このコンフィギュレーション ファイルは、PE へのデフォルト スタティック ルートを設定します。PE-CE リンクへのスタティック ルートは、IBGP コアに再配布されます。VPN Solutions Center は、他の VPN サイトへのデフォルト スタティック ルートおよび特定のスタティック ルートをサポートします。CE はデフォルト ルーティングを使用します。

!
!! Topology:
!
!! CE1---PE
!
!! --------------------------------
!! Provider Edge router: PE
!! CE1 is provisioned as a hub in the Red VPN and as a spoke in the Management VPN.
!
! Hostname: PE
!
! Version 12.0
!
!! Provisioned routing forwarding instance for red VPN - vrf V10:red.
!! The route-target 200:3 is for Red VPN hub connectivity.
!! The route-target 200:4 is for Red VPN spoke connectivity.
!! The route-target 200:1 imports a route from the MCE into the VRF.
!! The export map exports only the PE-to-CE link subnet from the Red VRF.
!! The export map exports the management route-target 200:2.
!
ip vrf V10:red
rd 200:10
route-target import 200:3
route-target import 200:4
route-target import 200:1
route-target export 200:3
!
export map grey_mgmt_vpn_VpnsRus_V10:red
!
!! The subinterface on the PE faces CE1; the IP address is taken from the
!! VPNSC IP address pool.
!
interface Serial2/0.454 point-to-point
description Serial2/0.454 fr dlci=454 : Provisioned by VPNSC: Service Request Id# = 20
ip vrf forwarding V10:red
ip address 209.165.202.130 255.255.255.252
frame-relay interface-dlci 454
no shutdown
!
!! The static route to the PE-to-CE link is redistributed into the IBGP core.
!
ip route vrf V10:red 209.165.202.129 255.255.255.255 Serial2/4.454 1
!
!! Definition for the core-facing IBGP routing protocol routing instance for VRF Red.
!! VRF Red static routes are redistributed into the IBGP core.
!! Exported static routes are associated with route targets 200:3 and 200:2.
!
router bgp 200
address-family ipv4 vrf V10:red
redistribute static
exit-address-family
!
!! The route map is used by the export map in the Red VRF to filter routes
!! to the Management VPN.
!! The match matches-the-PE to CE subnet with the extended access list.
!! Route-targets 200:2 and 200:3 are exported.
!
route-map grey_mgmt_vpn_VpnsRus_V10:red permit 10
match ip address VPNSC_GREY_MGMT_ACL
set extcommunity rt 200:2 200:3
!
ip access-list extended VPNSC_GREY_MGMT_ACL
permit 209.165.202.128 0.0.0.3 255.255.255.255
!
!! --------------------------------
!! Customer Edge router CE1 is provisioned as a hub in the Red VPN.
!
! Hostname: CE1
!
! Version 12.0
!
interface Serial0
encapsulation frame-relay
!
interface Serial0.455 point-to-point
description Serial0.455 fr dlci=455 : Provisioned by VPNSC: Service Request Id# = 20
ip address 209.165.202.129 255.255.255.252
frame-relay interface-dlci 455
no shutdown
!
!! A default static route to the PE is provisioned.
!! VPNSC supports default and specific static routes to other VPN sites.
!
ip route 0.0.0.0 0.0.0.0 209.165.202.130 1


 

PE から CE への EBGP ルーティング

このコンフィギュレーション ファイルでは、PE から CE への External BGP 接続の使用例を示します。ルート ターゲットは、MCE から Red VPN の VRF にルートをインポートするように設定します。エクスポート マップは、MCE への接続のために Red VRF から PE-to-CE サブネットだけをエクスポートします。

!!
!! Topology:
!!
!! CE1---PE
!
!! --------------------------------
!! Provider Edge router: PE
!! CE1 is provisioned as a hub in the Red VPN and a spoke in the Management VPN.
!
! Hostname: PE
!
! Version 12.0
!!
!! Provisioned routing forwarding instance for Red VPN--vrf V10:red.
!! The route-target 200:3 is for Red VPN hub connectivity.
!! The route-target 200:4 is for Red VPN spoke connectivity.
!! The route-target 200:1 is to import a route from the MCE into the VRF.
!! The export map exports only the PE-to-CE link subnet from the Red VRF.
!! The export map exports the management route-target 200:2.
!
ip vrf V10:red
rd 200:10
route-target import 200:3
route-target import 200:4
route-target import 200:1
route-target export 200:3
export map grey_mgmt_vpn_VpnsRus_V10:red
!
interface Serial2/6
encapsulation frame-relay
!
!! The subinterface on the PE is facing CE1; the IP address is from the VPNSC Pool.
!
interface Serial2/6.555 point-to-point
description Serial2/6.555 fr dlci=555 : Provisioned by VPNSC: Service Request Id# = 23
ip vrf forwarding V10:red
ip address 209.165.200.225 255.255.255.252
frame-relay interface-dlci 555
no shutdown
!
!! Definition for core-facing IBGP routing protocol routing instance for VRF Red.
!! VRF Red EBGP neighbor for AS 10 on the CE.
!
router bgp 200
address-family ipv4 vrf V10:red
neighbor 209.165.200.226 remote-as 10
neighbor 209.165.200.226 activate
exit-address-family
!
!! Route map is used by the export map in Red VRF to filter routes to the Management VPN.
!! The match matches the PE-to-CE subnet with the extended access list.
!! Route-targets 200:2 and 200:3 are exported.
!
route-map grey_mgmt_vpn_VpnsRus_V10:red permit 10
match ip address VPNSC_GREY_MGMT_ACL
set extcommunity rt 200:2 200:3
!
ip access-list extended VPNSC_GREY_MGMT_ACL
permit 209.165.200.224 0.0.0.3 255.255.255.255
!
!! --------------------------------
!! Customer Edge router CE1 is provisioned as a hub in the Red VPN.
!
! Hostname: CE1
!
! Version 12.0
!
interface Serial0
encapsulation frame-relay
!
interface Serial0.555 point-to-point
description Serial0.555 fr dlci=555 : Provisioned By VPNSC: Service Request Id# = 23
ip address 209.165.200.226 255.255.255.252
frame-relay interface-dlci 555
no shutdown
!
!! EBGP neighbor to AS 200 on the PE.
!
router bgp 10
neighbor 209.165.200.225 remote-as 200


 

IP 番号未指定方式を使用した EBGP ルーティングのプロビジョニング

このコンフィギュレーション ファイルは、External BGP および IP 番号未指定アドレッシング方式の使用による PE-CE リンクのプロビジョニング例です。ルート ターゲットは、MCE から VRF にルートをインポートするように設定します。PE に対する 番号未指定 EBGP セッションには、CE 上の Loopback インターフェイスが使用されます。

!! EBGP routing PE-to-CE with unnumbered provisioning PE-to-CE1
!!
!! Topology:
!! CE1---PE
!
!! --------------------------------
!! Provider Edge router: PE member
!! CE1 is provisioned as a hub in the Red VPN and a spoke in the Management VPN
! Hostname: pe
!
! Version 12.0
!
!! Provisioned routing forwarding instance for Red VPN--vrf V10:red
!! The route-target 200:3 is for Red VPN hub connectivity.
!! The route-target 200:4 is for Red VPN spoke connectivity.
!! The route-target 200:1 is to import a route from the MCE into the VRF.
!! The export map exports only the PE-to-CE link subnet from the Red VRF.
!! The export map exports the management route-target 200:2.
!
ip vrf V10:red
rd 200:10
route-target import 200:3
route-target import 200:4
route-target import 200:1
route-target export 200:3
export map grey_mgmt_vpn_VpnsRus_V10:red
!
!! The Loopback interface is used for the unnumbered interface in the Red VRF;
!! the IP address is taken from the VPNSC IP address pool
!
interface Loopback1
description Provisioned by VPN-SC
ip vrf forwarding V10:red
ip address 209.165.200.228 255.255.255.255
no shutdown
!
!! The subinterface on the PE is facing CE1.
!
interface Serial2/4.766 point-to-point
description Serial2/4.766 fr dlci=766 : Provisioned By VPNSC: Service Request Id# = 24
ip vrf forwarding V10:red
ip unnumbered Loopback1
frame-relay interface-dlci 766
no shutdown
!
!! Definition for the core-facing IBGP routing protocol routing instance for VRF Red.
!! VRF Red EBGP neighbor is in AS 10.
!! EBGP multihop is used for neighbor connectivity to the CE loopback interface.
!
router bgp 200
address-family ipv4 vrf V10:red
neighbor 209.165.200.229 remote-as 10
neighbor 209.165.200.229 activate
!
neighbor 209.165.200.229 ebgp-multihop
neighbor 209.165.200.229 update-source Loopback1
redistribute static
exit-address-family
!
!! The static route to the CE loopback is redistributed into the IBGP core.
!
ip route vrf V10:red 209.165.200.229 255.255.255.255 Serial2/4.766 1
!
!! The static route to the CE loopback is in the global table used by a recursive lookup.
!
ip route 209.165.200.229 255.255.255.255 Serial2/4.766 1
!
!! The route map is used by the export map in the Red VRF for filtering routes
!! to the Management VPN.
!! The match matches the PE-to-CE subnet with the extended access list.
!! Route-targets 200:2 and 200:3 are exported.
!
route-map grey_mgmt_vpn_VpnsRus_V10:red permit 10
match ip address VPNSC_GREY_MGMT_ACL
set extcommunity rt 200:2 200:3
!
ip access-list extended VPNSC_GREY_MGMT_ACL
permit 209.165.200.229 0.0.0.0 255.255.255.255
!
!! --------------------------------
!! Customer Edge router CE1 is provisioned as a hub in the Red VPN.
!
! Hostname: CE1
!
! Version 12.0
!
interface Serial0
!
encapsulation frame-relay
!
!! The loopback interface on the CE is used for an unnumbered EBGP session to the PE.
!
interface Loopback1
description Provisioned by VPN-SC
ip address 209.165.200.229 255.255.255.255
!
no shutdown
!
interface Serial0.766 point-to-point
description Serial0.766 fr dlci=766 : Provisioned By VPNSC: Service Request Id# = 24
ip unnumbered Loopback1
frame-relay interface-dlci 766
no shutdown
!
!! EBGP neighbor to AS 200 on the PE
!
router bgp 10
neighbor 209.165.200.228 remote-as 200
!
neighbor 209.165.200.228 ebgp-multihop
neighbor 209.165.200.228 update-source Loopback1
!
no auto-summary
!
!! The static route points to the PE loopback interface
!
ip route 209.165.200.228 255.255.255.255 Serial0.766 1


 

ケーブル ネットワークの例

このコンフィギュレーション ファイルは、簡単なケーブル ネットワーク構成の例です。

!hostname: widgets
!
! Version 12.0
!
ip vrf V5:WidgetVPN
!
rd 200:5
!
route-target import 301:1
!
route-target import 301:2
!
route-target import 200:1
!
route-target export 301:1
!
export map grey_mgmt_vpn_VpnsRus_V5:WidgetVPN
!
interface Cable1.1
description : Provisioned by VPNSC: Service Request Id# = 14
!
ip vrf forwarding V5:WidgetVPN
ip address 209.165.200.225 255.255.255.252
!
cable helper-address 3.4.5.6
!
no shutdown
!
router bgp 200
address-family ipv4 vrf V5:WidgetVPN
exit-address-family
!
route-map grey_mgmt_vpn_VpnsRus_V5:WidgetVPN permit 10
match ip address VPNSC_GREY_MGMT_ACL
set extcommunity rt 200:2 301:1
!
ip access-list extended VPNSC_GREY_MGMT_ACL
permit 209.165.200.224 0.0.0.3 255.255.255.255
!


 

番号指定アクセス リスト エントリから名前付きアクセス リスト エントリへの移行プロセスの例

VPN Solutions Center 2.x は、コンフィギュレーション ファイルの中に、「番号指定」アクセス リスト エントリではなく「名前付き」アクセス リスト エントリを生成します。番号指定アクセス リストを持つサービス要求を含むリポジトリとの下位互換性を実現するため、次の移行プロセスが実行されます。

新しいサービス要求を作成および展開する場合、VPN Solutions Center 2.x は、コンフィギュレーション ファイル内に名前付きアクセス リストだけを生成します。

番号指定アクセス リスト エントリを持つ既存のサービス要求を修正または再展開する場合は、VPNSC 2.x は番号指定アクセス リストを認識しますが、名前付きアクセス リストだけがプロビジョニングの対象となります。結果、サービス要求を修正または再展開すると、VPN Solutions Center は名前付きアクセス リストを作成し、番号指定アクセス リストは削除されます。すべてのサービス要求が名前付きアクセス リストになるまで、この移行プロセスが続行します。

次の 2 つのコンフィグレットは、VPNSC 2.x と旧バージョン(1.x)の違いを示しています。

番号指定エントリを持つ VPNSC 1.x を使用した新しいサービス要求用のコンフィグレット

次は、番号指定アクセス リスト エントリのある、VPN Solutions Center 1.x を使用して新規サービス要求について生成されたコンフィグレットです。

!
! Version 12.1: Generated by VPNSC on Wed Apr 04 11:50:46 2001
!
ip vrf V2:fordextranet
!
rd 9996:101
!
route-target import 9996:102
!
route-target import 9996:103
!
route-target import 9996:104
!
route-target export 9996:102
!
export map grey_mgmt_vpn_widenet_V2:fordextranet
!
interface Loopback2
description Provisioned By VPN-SC
!
ip vrf forwarding V2:fordextranet
ip address 13.13.0.1 255.255.255.255
ip address 13.13.0.1 255.255.255.255
!
interface ATM4/0/0.3 point-to-point
description ATM4/0/0.3 atm pvc vpi=3 vci=3 : Provisioned By VPNSC: Service Request ID# = 3
!
ip vrf forwarding V2:fordextranet
ip unnumbered Loopback2
!
ip unnumbered Loopback2
!
pvc 3/3
!
encapsulation aal5snap
!
no shutdown
!
router rip
address-family ipv4 vrf V2:fordextranet
!
redistribute bgp 9996 metric transparent
!
network 13.0.0.0
exit-address-family
!
no auto-summary
!
version 2
!
router bgp 9996
address-family ipv4 vrf V2:fordextranet
!
redistribute static
!
redistribute rip
exit-address-family
!
ip route vrf V2:fordextranet 13.13.0.2 255.255.255.255 ATM4/0/0.3 1
!
route-map grey_mgmt_vpn_widenet_V2:fordextranet permit 10
match ip address 1 17
 
set extcommunity rt 9996:105 9996:102
!
access-list 1 permit 13.13.0.2 0.0.0.0
!
end


 

名前付きエントリを持つ VPNSC 2.x を使用した新しいサービス要求用のコンフィグレット

次は、名前付きアクセス リスト エントリを生成する、VPN Solutions Center 2.x を使用して新規サービス要求について生成されたコンフィグレットです。

!
! Version 12.1: Generated by VPNSC on Wed Apr 04 12:08:28 2001
!
ip vrf V3:fordextranet
!
rd 9996:102
!
route-target import 9996:102
!
route-target import 9996:103
!
route-target import 9996:104
!
route-target export 9996:102
!
export map grey_mgmt_vpn_widenet_V3:fordextranet
!
interface Loopback2
description Provisioned By VPN-SC
!
ip vrf forwarding V3:fordextranet
ip address 13.13.0.5 255.255.255.255
ip address 13.13.0.5 255.255.255.255
!
interface ATM4/0/0.7 point-to-point
description ATM4/0/0.7 atm pvc vpi=7 vci=7 : Provisioned By VPNSC: Service Request Id# = 7
!
ip vrf forwarding V3:fordextranet
ip unnumbered Loopback2
!
ip unnumbered Loopback2
!
pvc 7/7
!
encapsulation aal5snap
!
no shutdown
!
router rip
address-family ipv4 vrf V3:fordextranet
!
redistribute bgp 9996 metric transparent
!
network 13.0.0.0
exit-address-family
!
no auto-summary
!
version 2
!
router bgp 9996
address-family ipv4 vrf V3:fordextranet
!
redistribute static
!
redistribute rip
exit-address-family
!
ip route vrf V3:fordextranet 13.13.0.4 255.255.255.255 ATM4/0/0.7 1
!
route-map grey_mgmt_vpn_widenet_V3:fordextranet permit 10
match ip address VPNSC_GREY_MGMT_ACL
set extcommunity rt 9996:105 9996:102
!
ip access-list extended VPNSC_GREY_MGMT_ACL
permit ip 13.13.0.4 0.0.0.0 0.0.0.0 255.255.255.255
!
end


 

1.x コンフィグレットを VPN Solutions Center 2.2 で再展開した例

VPN Solutions Center 1.x サービス要求で次のコンフィグレットが生成されたと仮定します。

route-map widenet_grey_mgmt_vpn_V2:fordextranet permit 10
match ip address 1
set extcommunity rt 9996:105 9996:102
!
access-list 1 permit 13.13.0.1 0.0.0.0

このサービス要求が VPN Soultions Center 2.2 で再度展開されると、次のコンフィグレットが生成されます。

route-map grey_mgmt_vpn_widenet_V2:fordextranet permit 10
no match ip address 1
match ip address VPNSC_GREY_MGMT_ACL
!
ip access-list extended VPNSC_GREY_MGMT_ACL
permit ip 13.13.0.1 0.0.0.0 0.0.0.0 255.255.255.255
!
no access-list 1