跨域MPLS 虚拟私有网络的Option 2 解决方案全实战
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了跨域MPLS 虚拟私有网络的Option 2 解决方案全实战相关的知识,希望对你有一定的参考价值。
跨域MPLS ×××的Option 2 解决方案实战
读者如果要完成Option2的实施,可以在Option1的基础上完成,也可以在构建完毕两个AS内部的MPLS ×××之后来实施。
Option2和Option1的区别在于在ASBR上不在需要VRF的实施,而直接通过直连路由在ASBR之间构建MP-EBGP的×××V4邻居关系,即通过BGP更新两侧AS的客户路由;同时在ASBR之间为标签转发,而不在是IP转发
8.2.1 Option2中ASBR之间构建×××v4的EBGP邻居
请读者自行去掉ASBR上的VRF配置(直连接口需要重新配置全局的IPv4地址)。
R4-ASBR#
R4-ASBR(config)#int g3
R4-ASBR(config-if)#no vrf for QYT
% Interface GigabitEthernet3 IPv4 disabled and address(es) removed due to enabling VRF QYT
R4-ASBR(config-if)#ip address 24.1.1.4 255.255.255.0
R4-ASBR(config-if)#do ping 24.1.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 24.1.1.2, timeout is 2 seconds:
.!!!!
interface GigabitEthernet3
ip address 24.1.1.4 255.255.255.0
RP/0/0/CPU0:ASBR-R2#sh run interface gigabitEthernet 0/0/0/1
Fri Jun 24 06:46:45.453 UTC
interface GigabitEthernet0/0/0/1
ipv4 address 24.1.1.2 255.255.255.0
我们来完成ASBR上的×××V4的EBGP邻居:
ASBR-R2:
router bgp 100
address-family ***v4 unicast
!
neighbor 11.1.1.1
remote-as 100
update-source Loopback0
address-family ***v4 unicast //和PE之间的×××v4的iBGP邻居关系,用于更新×××v4的路由
next-hop-self //不要忘记针对iBGP邻居关系做下一跳自我,因为×××v4的路由从AS200接收之后会保留下一跳为24.1.1.4,此时下一跳不可达,会造成×××v4路由不优化
!
!
neighbor 24.1.1.4
remote-as 200
address-family ***v4 unicast //和AS200构建×××v4的eBGP邻居,在XR上的EBGP上需要通过RPL放行路由
route-policy EBGP in
route-policy EBGP out
!
route-policy EBGP
pass
end-policy
!
ASBR-R4:
router bgp 200
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 24.1.1.2 remote-as 100
neighbor 66.1.1.1 remote-as 200
neighbor 66.1.1.1 update-source Loopback0
!
address-family ipv4
exit-address-family
!
address-family ***v4
neighbor 24.1.1.2 activate //ios上针对邻居建立×××v4的EBGP邻居
neighbor 24.1.1.2 send-community extended
neighbor 66.1.1.1 activate
neighbor 66.1.1.1 send-community extended
neighbor 66.1.1.1 next-hop-self //针对×××V4的iBGP邻居修改下一跳自我使得×××v4路由最优
验证ASBR上的×××v4邻居关系:
R4-ASBR#show bgp ***v4 unicast all summary
BGP router identifier 44.1.1.1, local AS number 200
BGP table version is 5, main routing table version 5
4 network entries using 1024 bytes of memory
4 path entries using 480 bytes of memory
4/4 BGP path/bestpath attribute entries using 1088 bytes of memory
1 BGP AS-PATH entries using 24 bytes of memory
3 BGP extended community entries using 180 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 2796 total bytes of memory
BGP activity 4/0 prefixes, 4/0 paths, scan interval 60 secs
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
24.1.1.2 4 100 1018 1123 5 0 0 16:53:51 0
66.1.1.1 4 200 1130 1125 5 0 0 16:56:44 0
在IOS上当建立×××v4的eBGP之后会自动发生如下的一些变化:
1.会产生一条对端直连接口的32位主机路由
2.直连接口下会自动生成一条命令 : mpls bgp forwarding,BGP去分配标签
3.生成对端直连地址的32位直连地址的pop标签
我们在IOS上验证如上3点:
R4-ASBR#show ip route connected
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
-
- replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is 10.255.0.1 to network 0.0.0.0
10.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 10.255.0.0/16 is directly connected, GigabitEthernet1
L 10.255.1.42/32 is directly connected, GigabitEthernet1
24.0.0.0/8 is variably subnetted, 3 subnets, 2 masks
C 24.1.1.0/24 is directly connected, GigabitEthernet3
C 24.1.1.2/32 is directly connected, GigabitEthernet3
L 24.1.1.4/32 is directly connected, GigabitEthernet3
44.0.0.0/32 is subnetted, 1 subnets
C 44.1.1.1 is directly connected, Loopback0
45.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 45.1.1.0/24 is directly connected, GigabitEthernet2
L 45.1.1.4/32 is directly connected, GigabitEthernet2
R4-ASBR#sh run int g3
Building configuration...
Current configuration : 108 bytes
!
interface GigabitEthernet3
ip address 24.1.1.4 255.255.255.0
negotiation auto
mpls bgp forwarding
R4-ASBR#show mpls forwarding-table 24.1.1.2
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
405 Pop Label 24.1.1.2/32 0 Gi3 24.1.1.2
需要注意的是在IOS XR上并不会自动完成上述三点,我们需要额外的配置
8.2.2 解决ASBR收取×××v4路由问题
既然Option2的解决方案已经不再实施VRF,那如何来收取×××v4的路由呢?按照之前的知识点需要VRF的RT匹配才可以。对BGP,默认情况下开启了针对RT的过滤,在Option2中可以和关闭默认的对RT的过滤来收取所有×××v4的路由,当然这也会造成ASBR收取的×××v4路由过多,容易成为单点故障点
ASBR-R2:
router bgp 100
address-family ***v4 unicast
retain route-target all //IOS XR上收取所有的×××v4的命令开关
R4-ASBR#
router bgp 200
bgp log-neighbor-changes
no bgp default ipv4-unicast
no bgp default route-target filter //关闭默认的针对RT的过滤
查看ASBR收到的×××v4路由:
RP/0/0/CPU0:ASBR-R2#show bgp ***v4 unicast //收取了所有的×××v4的路由
Fri Jun 24 07:06:22.373 UTC
BGP router identifier 22.1.1.1, local AS number 100
BGP generic scan interval 60 secs
Non-stop routing is enabled
BGP table state: Active
Table ID: 0x0 RD version: 0
BGP main routing table version 9
BGP NSR Initial initsync version 5 (Reached)
BGP NSR/ISSU Sync-Group versions 0/0
BGP scan interval 60 secs
Status codes: s suppressed, d damped, h history, * valid, > best
i - internal, r RIB-failure, S stale, N Nexthop-discard
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:18
*>i18.1.1.0/24 11.1.1.1 0 100 0 ?
*>i88.1.1.1/32 11.1.1.1 2 100 0 ?
Route Distinguisher: 200:67
*> 67.1.1.0/24 24.1.1.4 0 200 ?
*> 77.1.1.1/32 24.1.1.4 0 200 ?
R4-ASBR#show bgp ***v4 unicast all
BGP table version is 5, local router ID is 44.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:18
> 18.1.1.0/24 24.1.1.2 0 100 ?
> 88.1.1.1/32 24.1.1.2 0 100 ?
Route Distinguisher: 200:67
>i 67.1.1.0/24 66.1.1.1 0 100 0 ?
>i 77.1.1.1/32 66.1.1.1 2 100 0 ?
8.2.3 PE设备收取×××v4路由
在Option1中,两个AS的VRF的RT属性可以不匹配,但是在Option2中PE设备(XR1和R6)VRF的RT必须匹配,否则PE设备无法收取×××v4的路由
XR1:
vrf QYT
address-family ipv4 unicast
import route-target
64512:78
!
export route-target
64512:78
R6-PE:
vrf definition QYT
rd 200:67
!
address-family ipv4
route-target export 64512:78
route-target import 64512:7
```8
查看PE设备上×××v4的路由情况:
PE-R6#show ip bgp ***v4 all
BGP table version is 91, local router ID is 66.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:18
*>i 18.1.1.0/24 44.1.1.1 0 100 0 100 ?
*>i 88.1.1.1/32 44.1.1.1 0 100 0 100 ?
Route Distinguisher: 200:67 (default for vrf QYT)
*>i 18.1.1.0/24 44.1.1.1 0 100 0 100 ?
*> 67.1.1.0/24 0.0.0.0 0 32768 ?
*> 77.1.1.1/32 67.1.1.7 2 32768 ?
*>i 88.1.1.1/32 44.1.1.1 0 100 0 100 ?
RP/0/0/CPU0:PE-XR1#show bgp ***v4 unicast //PE设备收取了所有×××v4的路由,而且是最优的,优化与否至关重要,PE设备路由优化是因为在ASBR上针对PE做了下一跳自我命令
Fri Jun 24 07:21:38.223 UTC
BGP router identifier 11.1.1.1, local AS number 100
BGP generic scan interval 60 secs
Non-stop routing is enabled
BGP table state: Active
Table ID: 0x0 RD version: 0
BGP main routing table version 79
BGP NSR Initial initsync version 1 (Reached)
BGP NSR/ISSU Sync-Group versions 0/0
BGP scan interval 60 secs
Status codes: s suppressed, d damped, h history, * valid, > best
i - internal, r RIB-failure, S stale, N Nexthop-discard
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:18 (default for vrf QYT)
*> 18.1.1.0/24 0.0.0.0 0 32768 ?
*>i67.1.1.0/24 22.1.1.1 100 0 200 ?
*>i77.1.1.1/32 22.1.1.1 100 0 200 ?
*> 88.1.1.1/32 18.1.1.8 2 32768 ?
Route Distinguisher: 200:67
*>i67.1.1.0/24 22.1.1.1 100 0 200 ?
*>i77.1.1.1/32 22.1.1.1 100 0 200 ?
PE设备上的IGP和BGP的重分步不在赘述,仅仅给出配置,请读者自行完成
router ospf 10
vrf QYT
domain-id type 0005 value 000000000100
redistribute bgp 100
address-family ipv4 unicast
area 0
interface GigabitEthernet0/0/0/3
router bgp 100
address-family ***v4 unicast
!
neighbor 22.1.1.1
remote-as 100
update-source Loopback0
address-family ***v4 unicast
!
!
vrf QYT
rd 100:18
address-family ipv4 unicast
redistribute ospf 10 match internal external
此时客户端可以正常的收取到路由:
CE-R7#show ip route ospf
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is not set
18.0.0.0/24 is subnetted, 1 subnets
O IA 18.1.1.0 [110/2] via 67.1.1.6, 00:45:32, GigabitEthernet0/1
88.0.0.0/32 is subnetted, 1 subnets
O IA 88.1.1.1 [110/2] via 67.1.1.6, 00:45:32, GigabitEthernet0/1
8.2.4 解决ASBR为IOS XR的标签分发问题
在IOS XR的ASBR上需要手工创建一条去往对端ASBR直连接口的32位主机路由,而且不能接下一跳只能跟出接口
router static
address-family ipv4 unicast
24.1.1.4/32 GigabitEthernet0/0/0/1
RP/0/0/CPU0:ASBR-R2#show route static
Fri Jun 24 09:00:49.082 UTC
S 24.1.1.4/32 is directly connected, 19:00:42, GigabitEthernet0/0/0/1
RP/0/0/CPU0:ASBR-R2#show mpls forwarding
Fri Jun 24 09:01:20.680 UTC
Local Outgoing Prefix Outgoing Next Hop Bytes
Label Label or ID Interface Switched
------ ----------- ------------------ ------------ --------------- ------------
24000 17 11.1.1.1/32 Gi0/0/0/0 23.1.1.3 123841
24001 Pop 33.1.1.1/32 Gi0/0/0/0 23.1.1.3 127575
24002 Pop 13.1.1.0/24 Gi0/0/0/0 23.1.1.3 480
24003 Pop 24.1.1.4/32 Gi0/0/0/1 24.1.1.4 123640 //去往对端的直连地址的32位主机路由的标签必须为Pop标签
24004 24003 100:18:18.1.1.0/24 11.1.1.1 0
24005 24004 100:18:88.1.1.1/32 11.1.1.1 2158
24006 403 200:67:67.1.1.0/24 Gi0/0/0/1 24.1.1.4 0 //读者可以在这里清晰的看到去往67.1.1.0的×××V4的路由的标签为403,去往77.1.1.1的标签为404
24007 404 200:67:77.1.1.1/32 Gi0/0/0/1 24.1.1.4 6428
验证数据报文的转发,客户的数据此时可以正常的通信,通过如下测试读者也可以看到多层标签的转发情况:
CE-R8#traceroute 77.1.1.1 source loopback 0 numeric
Type escape sequence to abort.
Tracing the route to 77.1.1.1
VRF info: (vrf in name/id, vrf out name/id)
1 18.1.1.1 7 msec 4 msec 4 msec
2 13.1.1.3 [MPLS: Labels 18/24007 Exp 0] 27 msec 29 msec 25 msec
3 23.1.1.2 [MPLS: Label 24007 Exp 0] 27 msec 26 msec 27 msec
4 24.1.1.4 [MPLS: Label 404 Exp 0] 30 msec 30 msec 27 msec
5 45.1.1.5 [MPLS: Labels 16/21 Exp 0] 34 msec 33 msec 22 msec
6 67.1.1.6 [MPLS: Label 21 Exp 0] 22 msec 34 msec 20 msec
7 67.1.1.7 32 msec * 43 msec
以上是关于跨域MPLS 虚拟私有网络的Option 2 解决方案全实战的主要内容,如果未能解决你的问题,请参考以下文章