mpls php,MPLS *** option B

捣鼓了半天EVE-NG,太耗资源了。纯思科还是GNS3方便些。。。这次做的实验室mpls *** option B。争取明天把option C实验敲完再写下来。

inter-as option B， 又名ASBR-ASBR， 相对于inter-as option A是比较靠谱的解决方案，唯一问题是ASBR的负担较重，既要承担数据层面路由转发又要控制跨域的标签分发。

这个方案最关键核心就是ASBR与同一AS的PE建立***v4邻居的时候，需要在mpbgp中使用next-hop-self，以及在ASBR中关闭route-target filter。

以下是topology

底层使用的是EIGRP，intra-as之间使用mpls ip，PE-CE间使用的是ospf。直接贴预配，两台P路由器就不贴了。

R1#sh run | s router

router eigrp 100

network 1.1.1.1 0.0.0.0

network 12.1.1.1 0.0.0.0

router ospf 100 vrf CustomerA

redistribute bgp 100 subnets

network 192.168.1.1 0.0.0.0 area 1

router bgp 100

bgp log-neighbor-changes

no bgp default ipv4-unicast

neighbor 3.3.3.3 remote-as 100

neighbor 3.3.3.3 update-source Loopback0

!

address-family ipv4

neighbor 3.3.3.3 activate

neighbor 3.3.3.3 next-hop-self

exit-address-family

!

address-family ***v4

neighbor 3.3.3.3 activate

neighbor 3.3.3.3 send-community extended

exit-address-family

!

address-family ipv4 vrf CustomerA

redistribute ospf 100 match internal external 1 external 2

exit-address-family

R1#sh run | s ip vrf

ip vrf CustomerA

rd 100:1

route-target export 100:1

route-target import 200:1

R1#

R3#sh run | s router

router eigrp 100

network 3.3.3.3 0.0.0.0

network 23.1.1.3 0.0.0.0

router bgp 100

bgp log-neighbor-changes

no bgp default ipv4-unicast

no bgp default route-target filter

neighbor 1.1.1.1 remote-as 100

neighbor 1.1.1.1 update-source Loopback0

neighbor 34.1.1.4 remote-as 200

!

address-family ipv4

neighbor 1.1.1.1 activate

neighbor 1.1.1.1 next-hop-self

neighbor 34.1.1.4 activate

exit-address-family

!

address-family ***v4

neighbor 1.1.1.1 activate

neighbor 1.1.1.1 send-community extended

neighbor 1.1.1.1 next-hop-self

neighbor 34.1.1.4 activate

neighbor 34.1.1.4 send-community extended

exit-address-family

R4#sh run | s router

router eigrp 100

network 4.4.4.4 0.0.0.0

network 45.1.1.4 0.0.0.0

router bgp 200

bgp log-neighbor-changes

no bgp default ipv4-unicast

no bgp default route-target filter

neighbor 6.6.6.6 remote-as 200

neighbor 6.6.6.6 update-source Loopback0

neighbor 34.1.1.3 remote-as 100

!

address-family ipv4

neighbor 6.6.6.6 activate

neighbor 6.6.6.6 next-hop-self

neighbor 34.1.1.3 activate

exit-address-family

!

address-family ***v4

neighbor 6.6.6.6 activate

neighbor 6.6.6.6 send-community extended

neighbor 6.6.6.6 next-hop-self

neighbor 34.1.1.3 activate

neighbor 34.1.1.3 send-community extended

exit-address-family

R4#

R6#sh run | s router

router eigrp 100

network 6.6.6.6 0.0.0.0

network 56.1.1.6 0.0.0.0

router ospf 100 vrf CustomerA

redistribute bgp 200 subnets

network 192.168.2.1 0.0.0.0 area 1

router bgp 200

bgp log-neighbor-changes

no bgp default ipv4-unicast

neighbor 4.4.4.4 remote-as 200

neighbor 4.4.4.4 update-source Loopback0

!

address-family ipv4

neighbor 4.4.4.4 activate

neighbor 4.4.4.4 next-hop-self

exit-address-family

!

address-family ***v4

neighbor 4.4.4.4 activate

neighbor 4.4.4.4 send-community extended

exit-address-family

!

address-family ipv4 vrf CustomerA

redistribute ospf 100 match internal external 1 external 2

exit-address

R6#sh run | s ip vrf

ip vrf CustomerA

rd 200:1

route-target export 200:1

route-target import 100:1

先分析控制层面。之前一篇日志提到，内层label是通过mp-bgp传递，根据VRF来分配的。这里有一层意思，既：BGP作为一个application protocol，还能分发标签。。。这在后面inter-as option C会用到。

来看R1 (AS100的PE)，其会把22.22.22.22/32 路由放入BGP vrf 中并通过重分发进ospf的方式发给CE端。注意此时因为R3在***v4中使用了next-hop-self，使得这条路由的下一跳是R3的loopback地址。

同理，在R6 (AS200的PE)上，此时要看得是RT 100:1的11.11.11.11/32 ，其下一跳是AS200的ASBR loopback接口地址。

注意：此时要关闭bgp default route-target filter。否则ASBR间的***v4邻居关系不会起来。

看完***v4路由，再来看label如何分配

R1#show ip cef vrf CustomerA 22.22.22.22 detail

22.22.22.22/32, epoch 0, flags rib defined all labels

recursive via 3.3.3.3 label 309

nexthop 12.1.1.2 GigabitEthernet1/0 label 203

当CE1 (R7)把包交给PE1 (R1)，R1查看vrf cef，内层标签为309(MPBGP发放的，因为MPBGP会默认为这条路由的下一跳分配一个标签)。外层标签是203，由R2(P router)发放。

R2收到之后直接php pop，交给R3

R2#sh mpls forwarding-table labels 203

Local Outgoing Prefix Bytes Label Outgoing Next Hop

Label Label or Tunnel Id Switched interface

203 Pop Label 3.3.3.3/32 7020 Gi2/0 23.1.1.3

而R3收到的是个只有一层标签308的数据包，

R3#show mpls forwarding-table labels 309

Local Outgoing Prefix Bytes Label Outgoing Next Hop

Label Label or Tunnel Id Switched interface

309 409 200:1:22.22.22.22/32 \

8968 Gi1/0 34.1.1.4

注：一个比较有趣的地方当路由器使用BGP去分发标签时，ASBR之间的接口会默认产生这条命令 mpls bgp forwarding

R3#sh run int gi 1/0

interface GigabitEthernet1/0

ip address 34.1.1.3 255.255.255.0

negotiation auto

mpls bgp forwarding

R4#sh run int gi 1/0

interface GigabitEthernet1/0

ip address 34.1.1.4 255.255.255.0

negotiation auto

mpls bgp forwarding

之后就比较按部就班了，一层层标签该swap swap， 该pop pop

R4#show mpls forwarding-table labels 409 detail

Local Outgoing Prefix Bytes Label Outgoing Next Hop

Label Label or Tunnel Id Switched interface

409 605 200:1:22.22.22.22/32 \

16348 Gi2/0 45.1.1.5

MAC/Encaps=14/22, MRU=1496, Label Stack{503 605}

CA0739940038CA063AF000388847 001F70000025D000

No output feature configured

注意，这里有个比较有趣的细节，需要使用show detail来查看。

R6#show ip bgp ***v4 all labels

Network Next Hop In label/Out label

Route Distinguisher: 100:1

11.11.11.11/32 4.4.4.4 nolabel/406

192.168.1.0 4.4.4.4 nolabel/407

Route Distinguisher: 200:1 (CustomerA)

11.11.11.11/32 4.4.4.4 nolabel/406

22.22.22.22/32 192.168.2.33 605/nolabel

192.168.1.0 4.4.4.4 nolabel/407

192.168.2.0 0.0.0.0 604/nolabel(CustomerA)

ASBR会在外层贴一层503的标签，这个是用来到达PE，LDP分配的 。

R5#sh mpls forwarding-table labels 503 detail

Local Outgoing Prefix Bytes Label Outgoing Next Hop

Label Label or Tunnel Id Switched interface

503 Pop Label 6.6.6.6/32 20334 Gi1/0 56.1.1.6

R6#show mpls forwarding-table labels 605

Local Outgoing Prefix Bytes Label Outgoing Next Hop

Label Label or Tunnel Id Switched interface

605 No Label 22.22.22.22/32[V] \

15276 Gi0/0 192.168.2.33

R6#

附上BGP update的抓包文件，抓包很清晰，BGP ***v4根据下一跳分发标签，next-hop为本地loopback接口，extended community里面包含200:1， 路由条目NLRI只是很小的一部分，包含标签605，RD，以及前缀22.22.22.22/32