目录
功能介绍
Option B方案扩展了MP-IBGP,使得VPN路由可以在ASBR 间直接分发,称之为单跳MP-EBGP。
OptionB 有两种实现方案:
„ ASBR 不改变VPN路由的下一跳
„ ASBR 改变VPN路由下一跳
方案一:不改变下一跳
ASBR 在收到其他自治域ASBR 发送的VPN路由,向本自治域内的MP-IBGP邻居发送时,不改变VPN路由中的下一跳,称之为“OptionB 不改变下一跳方案”。这种实现方案,自治域内的PE和和ASBR 间仍然建立MP-IBGP会话,交互 VPN路由,在两个 ASBR 间建立MP-EBGP 会话,也可以直接交互VPN路由。由于从MP-EBGP 收到的路由向MP-IBGP邻居发送时不改变下一跳,因此要求在该自治域中的 PE 必须存在到达该下一跳(即另外一个自治域的ASBR )的路由,这个可以通过在ASBR 上将到达另外一端的ASBR 的路由重分布到本自治域的IGP 协议中,从而使得另外一个自治域的ASBR 地址变得可达,并通过LDP 建立LSP 路径。
方案二:改变下一跳
当ASBR 收到其他自治域ASBR 发送的VPN路由要向本自治域的PE发送时,改变VPN路由下一跳为自己,称之为“OptionB 改变下一跳方法”。这种实现方法中,同一个自治域的PE 和ASBR 间建立MP-IBGP会话交互VPN路由;两个ASBR 间建立MP-EBGP会话交互VPN路由,在收到另外一个ASBR 邻居发送的VPN路由,向本自治域的MP-IBGP对等体通告时,改变下一跳为自己。
一、组网需求
1、拓扑中的CE1,CE2分别用一台路由器用MCE技术进行模拟;
2、要求实现跨域的MPLS/VPN访问,即实现VPN-A的1.1.1.1和7.7.7.7互通,VPN-B的11.11.11.11和77.77.77.77互通;
3、该拓扑中在ASBR1分别对RR,ASBR2对PE2指定next-hop-self的方式,使得下一跳可达。
二、组网拓扑
三、配置要点
1、部署AS核心的IGP路由协议
2、部署AS核心的MPLS
1)全局开启MPLS转发功能
2)全局开启LDP标签分发协议
3)开启接口的标签交换能力
4)接口下开启LDP协议
5)接口下配置MTU
3、部署PE-PE的MP-BGP协议
1)启用BGP进程
2)进入VPNV4地址簇下激活VPNV4邻居关系
3)配置路由反射器RR
4、部署PE-CE的路由协议
1)创建VRF实例
2)将相关接口划入对应的VRF实例中
3)配置PE-CE的路由协议
5、将CE的路由重发布进MP-BGP
6、将MP-BGP的路由重发布进CE
//到第6步为止,是完整的域内VPN配置
7、跨域option B模式ASBR间的部署(改变下一跳方式)
1)ASBR间建立MP-EBGP邻居关系
2)ASBR关闭RT过滤
//详细配置文件,参考”六、附件“
四、配置步骤
第1步--第6步,是配置域内VPN,参考”跨域option A“章节的前6步(参考:典型配置--->MPLS VPN--->跨域option A)
7、跨域option B模式ASBR间的部署(不改变下一跳方式)
ASBR1(R4)上的相关配置:
1)ASBR间建立MP-EBGP邻居关系
router bgp 100
bgp router-id 4.4.4.4
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor 3.3.3.3 remote-as 100
neighbor 3.3.3.3 update-source Loopback 0
neighbor 45.4.4.5 remote-as 200
//指定MP-EBGP邻居,注意这里不要配置”neighbor 45.4.4.5 update-source Loopback 0“;
//使用直连地址建立MP-EBGP邻居!
!
address-family vpnv4 unicast
neighbor 3.3.3.3 activate
neighbor 3.3.3.3 send-community extended
neighbor 45.4.4.5 activate
neighbor 45.4.4.5 send-community extended
exit-address-family
2)ASBR关闭RT过滤
router bgp 100
no bgp default route-target filter
//缺省情况下,PE收到其他PE(或者ASBR)发送的VPN路由,如果该VPN路由不会被本设备上任何一个VRF导入,PE设备就拒绝该路由。可以通过如下两种方法解决:
A. 启用no bgp default route-target filter,PE设备会接受其他PE(或ASBR)发送过来的所有VPN路由,不管本地的VRF是否会导入该VPN路由。
B. 在ASBR上建立相关的VRF,并配置相关的路由目标,将路由导入到ASBR,此方法不推荐。
3)ASBR与域内IBGP配置next-hop-self
router bgp 100
neighbor 3.3.3.3 next-hop-self //与IBGP邻居使用next-hop-self,改变路由下一跳
五、配置验证
1、通过Ping测试VPN间的路由连通性:
R1#ping vrf VPN-A 7.7.7.7 sou 1.1.1.1
Sending 5, 100-byte ICMP Echoes to 7.7.7.7, timeout is 2 seconds:
< press Ctrl+C to break >
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 10/10/10 ms
R1#ping vrf VPN-B 77.77.77.77 sou 11.11.11.11
Sending 5, 100-byte ICMP Echoes to 77.77.77.77, timeout is 2 seconds:
< press Ctrl+C to break >
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 10/10/10 ms
2、通过Traceroute测试路径:
R1#traceroute vrf VPN-A 7.7.7.7 source 1.1.1.1
< press Ctrl+C to break >
Tracing the route to 7.7.7.7
1 12.1.1.2 0 msec 0 msec 0 msec
2 * * *
3 * * *
4 * * *
5 56.5.5.6 0 msec 0 msec 0 msec
6 7.7.7.7 10 msec 10 msec 10 msec
R1#traceroute vrf VPN-B 77.77.77.77 source 11.11.11.11
< press Ctrl+C to break >
Tracing the route to 77.77.77.77
1 21.1.1.2 0 msec 0 msec 10 msec
2 * * *
3 * * *
4 * * *
5 56.5.5.6 0 msec 0 msec 0 msec
6 77.77.77.77 10 msec 10 msec 10 msec
3、LSP ping测试:
R2#ping mpls ipv4 4.4.4.4/32
Sending 5, 84-byte MPLS Echoes to 4.4.4.4/32,
timeout is 2 seconds, send interval is 0 msec:
Codes: '!' - success, 'Q' - request not sent, '.' - timeout,
'L' - labeled output interface, 'B' - unlabeled output interface,
'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch,
'M' - malformed request, 'm' - unsupported tlvs, 'N' - no label entry,
'P' - no rx intf label prot, 'p' - premature termination of LSP,
'R' - transit router, 'I' - unknown upstream index,
'X' - unknown return code, 'x' - return code 0
Press Ctrl+C to break.
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/6/10 ms
4、LSP traceroute测试
R2#traceroute mpls ipv4 4.4.4.4/32
Tracing MPLS Label Switched Path to 4.4.4.4/32, timeout is 2 seconds
Codes: '!' - success, 'Q' - request not sent, '.' - timeout,
'L' - labeled output interface, 'B' - unlabeled output interface,
'D' - DS Map mismatch, 'F' - no FEC mapping, 'f' - FEC mismatch,
'M' - malformed request, 'm' - unsupported tlvs, 'N' - no label entry,
'P' - no rx intf label prot, 'p' - premature termination of LSP,
'R' - transit router, 'I' - unknown upstream index,
'X' - unknown return code, 'x' - return code 0
Press Ctrl+C to break.
0 23.2.2.2 MRU 1500 [Labels: 1025 Exp: 0]
L 1 23.2.2.3 MRU 1500 [Labels: implicit-null Exp: 0] <1 ms
! 2 34.3.3.4<1 ms
5、数据包走向分析
数据包走向分析,以VPN-A的1.1.1.1到7.7.7.7的流量为例。
1)CE1(R1)发送VPN-A的目的IP为7.7.7.7,源IP为1.1.1.1的流量,数据包到达PE1(R2),此时查看REF转发表。
R2#show ip ref route vrf VPN-A 7.0.0.0 255.0.0.0
Codes: * - default route
# - zero route
ipmaskweight path-id next-hopinterface
7.0.0.0255.0.0.0 0262140 0.0.0.0ftn nhlfe
2)进入MPLS转发表查询:
R2#show mpls forwarding-table ftn detail
Label Operation Code:
PH--PUSH label
PP--POP label
SW--SWAP label
SP--SWAP topmost label and push new label
DP--DROP packet
PC--POP label and continue lookup by IP or Label
PI--POP label and do ip lookup forward
PN--POP label and forward to nexthop
PM--POP label and do MAC lookup forward
PV--POP label and output to VC attach interface
IP--IP lookup forward
Local Outgoing OP FECOutgoingNexthop
label labelinterface
-- imp-null PH 3.3.3.3/32Gi0/0.2323.2.2.3
Added by Route(vrf Global), Tag Stack: { 3 }
-- 1025 PH 4.4.4.4/32Gi0/0.2323.2.2.3
Added by Route(vrf Global), Tag Stack: { 1025 }
-- imp-null PH 34.3.3.0/24Gi0/0.2323.2.2.3
Added by Route(vrf Global), Tag Stack: { 3 }
-- 8704 PH 7.0.0.0/8(V)Gi0/0.2323.2.2.3
Added by Route(vrf VPN-A), Tag Stack: { 8704 1025 }
-- 8704 PH 45.4.4.0/24(V)Gi0/0.2323.2.2.3
Added by Route(vrf VPN-A), Tag Stack: { 8704 1025 }
-- 8704 PH 67.0.0.0/8(V)Gi0/0.2323.2.2.3
Added by Route(vrf VPN-A), Tag Stack: { 8704 1025 }
-- 8705 PH 54.4.4.0/24(V)Gi0/0.2323.2.2.3
Added by Route(vrf VPN-B), Tag Stack: { 8705 1025 }
-- 8705 PH 76.0.0.0/8(V)Gi0/0.2323.2.2.3
Added by Route(vrf VPN-B), Tag Stack: { 8705 1025 }
-- 8705 PH 77.0.0.0/8(V)Gi0/0.2323.2.2.3
Added by Route(vrf VPN-B), Tag Stack: { 8705 1025 }
//此处针对7.0.0.0/8的FEC被分配了双层标签,顶层标签1025为R3为BGP下一跳分配的。底层标签8704为ASBR1(R4)为VPN路由分配的。
3)标签包到达路由器R3,执行POP操作,弹出顶层标签1025
R3#show mpls forwarding-table
Label Operation Code:
PH--PUSH label
PP--POP label
SW--SWAP label
SP--SWAP topmost label and push new label
DP--DROP packet
PC--POP label and continue lookup by IP or Label
PI--POP label and do ip lookup forward
PN--POP label and forward to nexthop
PM--POP label and do MAC lookup forward
PV--POP label and output to VC attach interface
IP--IP lookup forward
Local Outgoing OP FECOutgoingNexthop
label labelinterface
-- imp-null PH 2.2.2.2/32Gi0/0.2323.2.2.2
-- imp-null PH 4.4.4.4/32Gi0/0.3434.3.3.4
1024 imp-null PP 2.2.2.2/32Gi0/0.2323.2.2.2
1025 imp-null PP 4.4.4.4/32Gi0/0.3434.3.3.4
4)标签包到达ASBR1(R4),继续查找标签转发表,将VPN标签8708置换成ASBR2(R5)为其分配的VPN标签1024;
R4#show mpls forwarding-table
Label Operation Code:
PH--PUSH label
PP--POP label
SW--SWAP label
SP--SWAP topmost label and push new label
DP--DROP packet
PC--POP label and continue lookup by IP or Label
PI--POP label and do ip lookup forward
PN--POP label and forward to nexthop
PM--POP label and do MAC lookup forward
PV--POP label and output to VC attach interface
IP--IP lookup forward
Local Outgoing OP FECOutgoingNexthop
label labelinterface
-- 1024 PH 2.2.2.2/32Gi3/1/0.34 34.3.3.3
-- imp-null PH 3.3.3.3/32Gi3/1/0.3434.3.3.3
-- imp-null PH 23.2.2.0/24Gi3/1/0.3434.3.3.3
8192 1024 SW 2.2.2.2/32Gi3/1/0.3434.3.3.3
8193 imp-null PP 3.3.3.3/32Gi3/1/0.3434.3.3.3
8194 imp-null PP 23.2.2.0/24Gi3/1/0.3434.3.3.3
8195 imp-null PP 45.4.4.5/32Gi3/1/0.4545.4.4.5
8704 1536 SP 1.1.1.1/32Gi3/1/0.3434.3.3.3
8705 1536 SP 12.1.1.0/24Gi3/1/0.3434.3.3.3
8706 1537 SP 11.11.11.11/32Gi3/1/0.3434.3.3.3
8707 1537 SP 21.1.1.0/24Gi3/1/0.3434.3.3.3
8708 1024 SW 7.0.0.0/8Gi3/1/0.4545.4.4.5
8709 1025 SW 67.6.6.0/24Gi3/1/0.4545.4.4.5
8710 1026 SW 76.6.6.0/24Gi3/1/0.45 45.4.4.5
8711 1031 SW 77.0.0.0/8Gi3/1/0.4545.4.4.5
5)标签包抵达ASBR2 (R5)路由器,执行SWAP操作;
R5#show mpls forwarding-table
Label Operation Code:
PH--PUSH label
PP--POP label
SW--SWAP label
SP--SWAP topmost label and push new label
DP--DROP packet
PC--POP label and continue lookup by IP or Label
PI--POP label and do ip lookup forward
PN--POP label and forward to nexthop
PM--POP label and do MAC lookup forward
PV--POP label and output to VC attach interface
IP--IP lookup forward
Local Outgoing OP FECOutgoingNexthop
label labelinterface
-- imp-null PH 6.6.6.6/32 Gi0/0.5656.5.5.6
1024 1024 SW 7.0.0.0/8Gi0/0.5656.5.5.6
1025 1024 SW 67.6.6.0/24Gi0/0.5656.5.5.6
1026 1025 SW 76.6.6.0/24Gi0/0.5656.5.5.6
1027 8704 SW 1.1.1.1/32Gi0/0.4545.4.4.4
1028 8705 SW 12.1.1.0/24Gi0/0.4545.4.4.4
1029 8706 SW 11.11.11.11/32Gi0/0.4545.4.4.4
1030 8707 SW 21.1.1.0/24Gi0/0.4545.4.4.4
1031 1025 SW 77.0.0.0/8Gi0/0.5656.5.5.6
1536 imp-null PP 6.6.6.6/32Gi0/0.5656.5.5.6
1537 imp-null PP 45.4.4.4/32Gi0/0.4545.4.4.4
6)标签包到达PE2(R6)路由器,POP标签:
R6#show mpls forwarding-table
Label Operation Code:
PH--PUSH label
PP--POP label
SW--SWAP label
SP--SWAP topmost label and push new label
DP--DROP packet
PC--POP label and continue lookup by IP or Label
PI--POP label and do ip lookup forward
PN--POP label and forward to nexthop
PM--POP label and do MAC lookup forward
PV--POP label and output to VC attach interface
IP--IP lookup forward
Local Outgoing OP FECOutgoingNexthop
label labelinterface
-- imp-null PH 5.5.5.5/32Gi0/0.5656.5.5.5
-- 1027 PH 1.1.1.1/32(V)Gi0/0.5656.5.5.5
-- 1028 PH 12.1.1.0/24(V)Gi0/0.5656.5.5.5
-- 1029 PH 11.11.11.11/32(V)Gi0/0.5656.5.5.5
-- 1030 PH 21.1.1.0/24(V)Gi0/0.5656.5.5.5
1024 -- PI VRF(VPN-A)----
1025 -- PI VRF(VPN-B)----
1536 imp-null PP 5.5.5.5/32Gi0/0.5656.5.5.5
7)查找IP REF路由表,还原IP数据包,将数据包扔向GI0/0.67。
R6# show ip ref route vrf VPN-A 7.0.0.0 255.0.0.0
Codes: * - default route
# - zero route
ip maskweight path-id next-hopinterface
7.0.0.0 255.0.0.0 1 13 67.6.6.7 GigabitEthernet 0/0.67
8)R7的VPN-A的源IP7.7.7.7到目的IP的1.1.1.1,回包分析方式同上。
1003
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
