MPLS ×××多用于ISP隔离不同企业之间的路由时使用,以达到企业之间、企业与Internet之间的路由隔离的效果。如果其中有客户需要接入互联网,则需要通过ISP方将×××和Internet的路由信息进行交换。
如果Internet路由之前被规划为一个VRF内,问题就容易解决。因为RD、RT的引入,只需要在两个VRF内互相import/export即可。但若ISP在开始时没有为Internet路由设置单独的VRF,也就是Internet路由使用默认的ipv4路由表,则需要通过强制导入路由的功能。本文就是使用静态路由指定出接口的方式进行路由交换。
一、拓扑
二、描述
图中R3、R4、R5、R7组成ISP骨干,Corp_A公司的两个站点R1(1.0.0.0/24)、R2(2.0.0.0/24)使用MPLS ×××进行互联,Corp_B公司的站点R6(6.0.0.0/24)同样接入到R3。但R6同时需要访问位于R7的互联网网网络(7.0.0.0/24)。同时,没有关联的网段不能互相访问。
三、原理
由于不同address-family之间无法直接交换路由信息,因此要想通过动态路由协议自动获取到对方的路由信息是不可能的。这时可通过在各自网关内静态路由信息进行交换。但静态路由问题在于,全局静态路由没有VRF路由的下一跳信息,反之VRF路由也没有全局路由的下一跳信息。为此静态路由必须指示为直连接口。配置好静态路由后,只需要在BGP的各自地址簇内分发对应的路由,即可使得两者互通。
四、配置简介
首先,ISP内部使用IGP(本实验使用ISIS)互联,并使用LDP进行label管理。R3、R4、R5启用MPBGP,其中
- R3创建VRF Corp_B,并在MPBGP内创建address-family ipv4和ipv4 vrf Corp_B;
- R5创建VRF Corp_B,并在MPBGP内创建address-family ipv4和ipv4 vrf Corp_B。
- R5与R3、R7在不同address-family内进行route refrect;
- 在互联网到VRF的出口(R3)配置从全局路由到VRF Corp_B的静态路由,并通过MPBGP的ipv4地址簇进行分发;
- 在VRF到互联网的出口(R5)配置从VRF Corp_B到全局路由的静态路由,并通过MPBGP的ipv4 vrf Corp_B地址簇进行分发;
最后进行检验。
五、配置
R3:
ip cef
!
ip vrf Corp_A
rd 65535:12
route-target export 65535:12
route-target import 65535:12
!
ip vrf Corp_B
rd 65535:6
route-target export 65535:6
route-target import 65535:6
!
mpls label protocol ldp
!
interface Loopback0
ip address 3.3.3.3 255.255.255.255
ip router isis
!
interface Loopback1
ip vrf forwarding Corp_A
ip address 192.168.34.3 255.255.255.255
!
interface Serial0/0
description To CORE
ip address 10.3.5.3 255.255.255.0
ip router isis
mpls ip
clock rate 2000000
!
interface FastEthernet0/1
description To Corp_B's Office
ip vrf forwarding Corp_B
ip address 10.3.6.3 255.255.255.0
mpls ip
!
router eigrp 65535
!
address-family ipv4 vrf Corp_B
redistribute bgp 345 metric 100000 100 255 1 1500
network 10.3.6.3 0.0.0.0
no auto-summary
autonomous-system 65535
eigrp router-id 3.3.3.3
exit-address-family
!
router isis
net 46.3333.3333.3333.00
is-type level-2-only
!
router bgp 345
bgp router-id 3.3.3.3
no bgp default ipv4-unicast
neighbor LOCAL_AS peer-group
neighbor LOCAL_AS remote-as 345
neighbor LOCAL_AS update-source Loopback0
neighbor 5.5.5.5 peer-group LOCAL_AS
!
address-family ipv4
neighbor 5.5.5.5 activate
no auto-summary
no synchronization
network 6.0.0.0 mask 255.255.255.0
exit-address-family
!
address-family ***v4
neighbor LOCAL_AS send-community extended
neighbor 5.5.5.5 activate
exit-address-family
!
address-family ipv4 vrf Corp_B
redistribute eigrp 65535
no auto-summary
no synchronization
exit-address-family
!
ip route 6.0.0.0 255.255.255.0 FastEthernet0/1
!
mpls ldp router-id Loopback0 force
!
R5:
ip cef
!
ip vrf Corp_B
rd 65535:6
route-target export 65535:6
route-target import 65535:6
!
mpls label protocol ldp
!
interface Loopback0
ip address 5.5.5.5 255.255.255.255
ip router isis
!
interface Serial0/0
description To R3
ip address 10.3.5.5 255.255.255.0
ip router isis
mpls ip
clock rate 2000000
!
interface Serial0/2
description To R7
ip address 10.5.7.5 255.255.255.0
ip router isis
mpls ip
clock rate 2000000
!
router isis
net 46.5555.5555.5555.00
is-type level-2-only
!
router bgp 345
bgp router-id 5.5.5.5
no bgp default ipv4-unicast
neighbor LOCAL_AS peer-group
neighbor LOCAL_AS remote-as 345
neighbor LOCAL_AS update-source Loopback0
neighbor 3.3.3.3 peer-group LOCAL_AS
neighbor 7.7.7.7 peer-group LOCAL_AS
!
address-family ipv4
neighbor LOCAL_AS route-reflector-client
neighbor LOCAL_AS next-hop-self
neighbor 3.3.3.3 activate
neighbor 7.7.7.7 activate
no auto-summary
no synchronization
exit-address-family
!
address-family ***v4
neighbor LOCAL_AS send-community extended
neighbor LOCAL_AS route-reflector-client
neighbor 3.3.3.3 activate
neighbor 4.4.4.4 activate
exit-address-family
!
address-family ipv4 vrf Corp_B
no auto-summary
no synchronization
network 0.0.0.0
exit-address-family
!
ip route vrf Corp_B 0.0.0.0 0.0.0.0 Serial0/2
!
mpls ldp router-id Loopback0 force
R6:
ip cef
!
interface Loopback0
ip address 6.6.6.6 255.255.255.255
!
interface Loopback1
ip address 6.0.0.1 255.255.255.0
ip ospf network point-to-point
!
interface FastEthernet0/0
ip address 10.3.6.6 255.255.255.0
!
router eigrp 65535
passive-interface Loopback0
passive-interface Loopback1
network 6.0.0.1 0.0.0.0
network 6.6.6.6 0.0.0.0
network 10.3.6.6 0.0.0.0
no auto-summary
eigrp router-id 6.6.6.6
!
R7:
ip cef
!
interface Loopback0
ip address 7.7.7.7 255.255.255.255
ip router isis
!
interface Loopback1
ip address 7.0.0.1 255.255.255.0
!
interface Serial0/0
ip address 10.5.7.7 255.255.255.0
ip router isis
clock rate 2000000
!
router isis
net 46.7777.7777.7777.00
is-type level-2-only
!
router bgp 345
no synchronization
bgp router-id 7.7.7.7
network 7.0.0.0 mask 255.255.255.0
neighbor LOCAL_AS peer-group
neighbor LOCAL_AS remote-as 345
neighbor LOCAL_AS update-source Loopback0
neighbor LOCAL_AS next-hop-self
neighbor 5.5.5.5 peer-group LOCAL_AS
no auto-summary
!
ip cef
!
ip vrf Corp_A
rd 65535:12
route-target export 65535:12
route-target import 65535:12
!
ip vrf Corp_B
rd 65535:6
route-target export 65535:6
route-target import 65535:6
!
mpls label protocol ldp
!
interface Loopback0
ip address 3.3.3.3 255.255.255.255
ip router isis
!
interface Loopback1
ip vrf forwarding Corp_A
ip address 192.168.34.3 255.255.255.255
!
interface Serial0/0
description To CORE
ip address 10.3.5.3 255.255.255.0
ip router isis
mpls ip
clock rate 2000000
!
interface FastEthernet0/1
description To Corp_B's Office
ip vrf forwarding Corp_B
ip address 10.3.6.3 255.255.255.0
mpls ip
!
router eigrp 65535
!
address-family ipv4 vrf Corp_B
redistribute bgp 345 metric 100000 100 255 1 1500
network 10.3.6.3 0.0.0.0
no auto-summary
autonomous-system 65535
eigrp router-id 3.3.3.3
exit-address-family
!
router isis
net 46.3333.3333.3333.00
is-type level-2-only
!
router bgp 345
bgp router-id 3.3.3.3
no bgp default ipv4-unicast
neighbor LOCAL_AS peer-group
neighbor LOCAL_AS remote-as 345
neighbor LOCAL_AS update-source Loopback0
neighbor 5.5.5.5 peer-group LOCAL_AS
!
address-family ipv4
neighbor 5.5.5.5 activate
no auto-summary
no synchronization
network 6.0.0.0 mask 255.255.255.0
exit-address-family
!
address-family ***v4
neighbor LOCAL_AS send-community extended
neighbor 5.5.5.5 activate
exit-address-family
!
address-family ipv4 vrf Corp_B
redistribute eigrp 65535
no auto-summary
no synchronization
exit-address-family
!
ip route 6.0.0.0 255.255.255.0 FastEthernet0/1
!
mpls ldp router-id Loopback0 force
!
R5:
ip cef
!
ip vrf Corp_B
rd 65535:6
route-target export 65535:6
route-target import 65535:6
!
mpls label protocol ldp
!
interface Loopback0
ip address 5.5.5.5 255.255.255.255
ip router isis
!
interface Serial0/0
description To R3
ip address 10.3.5.5 255.255.255.0
ip router isis
mpls ip
clock rate 2000000
!
interface Serial0/2
description To R7
ip address 10.5.7.5 255.255.255.0
ip router isis
mpls ip
clock rate 2000000
!
router isis
net 46.5555.5555.5555.00
is-type level-2-only
!
router bgp 345
bgp router-id 5.5.5.5
no bgp default ipv4-unicast
neighbor LOCAL_AS peer-group
neighbor LOCAL_AS remote-as 345
neighbor LOCAL_AS update-source Loopback0
neighbor 3.3.3.3 peer-group LOCAL_AS
neighbor 7.7.7.7 peer-group LOCAL_AS
!
address-family ipv4
neighbor LOCAL_AS route-reflector-client
neighbor LOCAL_AS next-hop-self
neighbor 3.3.3.3 activate
neighbor 7.7.7.7 activate
no auto-summary
no synchronization
exit-address-family
!
address-family ***v4
neighbor LOCAL_AS send-community extended
neighbor LOCAL_AS route-reflector-client
neighbor 3.3.3.3 activate
neighbor 4.4.4.4 activate
exit-address-family
!
address-family ipv4 vrf Corp_B
no auto-summary
no synchronization
network 0.0.0.0
exit-address-family
!
ip route vrf Corp_B 0.0.0.0 0.0.0.0 Serial0/2
!
mpls ldp router-id Loopback0 force
R6:
ip cef
!
interface Loopback0
ip address 6.6.6.6 255.255.255.255
!
interface Loopback1
ip address 6.0.0.1 255.255.255.0
ip ospf network point-to-point
!
interface FastEthernet0/0
ip address 10.3.6.6 255.255.255.0
!
router eigrp 65535
passive-interface Loopback0
passive-interface Loopback1
network 6.0.0.1 0.0.0.0
network 6.6.6.6 0.0.0.0
network 10.3.6.6 0.0.0.0
no auto-summary
eigrp router-id 6.6.6.6
!
R7:
ip cef
!
interface Loopback0
ip address 7.7.7.7 255.255.255.255
ip router isis
!
interface Loopback1
ip address 7.0.0.1 255.255.255.0
!
interface Serial0/0
ip address 10.5.7.7 255.255.255.0
ip router isis
clock rate 2000000
!
router isis
net 46.7777.7777.7777.00
is-type level-2-only
!
router bgp 345
no synchronization
bgp router-id 7.7.7.7
network 7.0.0.0 mask 255.255.255.0
neighbor LOCAL_AS peer-group
neighbor LOCAL_AS remote-as 345
neighbor LOCAL_AS update-source Loopback0
neighbor LOCAL_AS next-hop-self
neighbor 5.5.5.5 peer-group LOCAL_AS
no auto-summary
!
配置静态路由的位置不能乱,必须在出接口所在路由器上配置对应的静态路由,并且该路由必须指向直连接口。从全局路由到VRF Corp_B的静态路由必须在R3配置,反之必须在R5配置。该静态路由非常特殊,由于全局路由和VRF Corp_B路由属于两个不同的RIB,因此LFIB无法递归出关联接口的Label,也就无法通过MPLS进行转发。因此该路由必须部署在出口路由器上,并由此分发出去。
--------------------------------------------------------------------
六、检验
察看VRF内的路由信息:
R3#show ip route vrf Corp_B
Routing Table: Corp_B
Gateway of last resort is 5.5.5.5 to network 0.0.0.0
6.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
D 6.6.6.6/32 [90/409600] via 10.3.6.6, 03:35:53, FastEthernet0/1
D 6.0.0.0/24 [90/409600] via 10.3.6.6, 03:35:53, FastEthernet0/1
10.0.0.0/24 is subnetted, 1 subnets
C 10.3.6.0 is directly connected, FastEthernet0/1
B* 0.0.0.0/0 [200/0] via 5.5.5.5, 03:02:17
R3#show ip route
6.0.0.0/24 is subnetted, 1 subnets
S 6.0.0.0 is directly connected, FastEthernet0/1
7.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
B 7.0.0.0/24 [200/0] via 7.7.7.7, 03:12:09 -------------------------------------------------------------------
6.0.0.0/24 is subnetted, 1 subnets
S 6.0.0.0 is directly connected, FastEthernet0/1
7.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
B 7.0.0.0/24 [200/0] via 7.7.7.7, 03:12:09 -------------------------------------------------------------------
R5#show ip route vrf Corp_B
Routing Table: Corp_B
Routing Table: Corp_B
Gateway of last resort is 0.0.0.0 to network 0.0.0.0
6.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
B 6.6.6.6/32 [200/409600] via 3.3.3.3, 03:04:53
B 6.0.0.0/24 [200/409600] via 3.3.3.3, 03:04:53
10.0.0.0/24 is subnetted, 1 subnets
B 10.3.6.0 [200/0] via 3.3.3.3, 03:04:53
S* 0.0.0.0/0 is directly connected, Serial0/2
6.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
B 6.6.6.6/32 [200/409600] via 3.3.3.3, 03:04:53
B 6.0.0.0/24 [200/409600] via 3.3.3.3, 03:04:53
10.0.0.0/24 is subnetted, 1 subnets
B 10.3.6.0 [200/0] via 3.3.3.3, 03:04:53
S* 0.0.0.0/0 is directly connected, Serial0/2
R5#show ip route
6.0.0.0/24 is subnetted, 1 subnets
B 6.0.0.0 [200/0] via 3.3.3.3, 03:06:55
7.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
B 7.0.0.0/24 [200/0] via 7.7.7.7, 03:40:27
6.0.0.0/24 is subnetted, 1 subnets
B 6.0.0.0 [200/0] via 3.3.3.3, 03:06:55
7.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
B 7.0.0.0/24 [200/0] via 7.7.7.7, 03:40:27
可见相关静态路由信息已经注入到BGP相应地址簇内
-------------------------------------------------------------------
R6#show ip route eigrp
D*EX 0.0.0.0/0 [170/307200] via 10.3.6.3, 00:02:29, FastEthernet0/0
D*EX 0.0.0.0/0 [170/307200] via 10.3.6.3, 00:02:29, FastEthernet0/0
R7#show ip route bgp
6.0.0.0/24 is subnetted, 1 subnets
B 6.0.0.0 [200/0] via 3.3.3.3, 02:59:09
6.0.0.0/24 is subnetted, 1 subnets
B 6.0.0.0 [200/0] via 3.3.3.3, 02:59:09
路由表里已经有对方信息了。
R6#ping 7.0.0.1 so 6.0.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 7.0.0.1, timeout is 2 seconds:
Packet sent with a source address of 6.0.0.1
.!!!!
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 7.0.0.1, timeout is 2 seconds:
Packet sent with a source address of 6.0.0.1
.!!!!
转载于:https://blog.51cto.com/golehuang/767076
298
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
