暗夜星空: Implement sham-link under the XR platform

这篇文章介绍一下sham-link，并提供一个sham-link在XR平台下的配置案例（ASR9000）

写在最前面

拓扑请看图，使用的是virl模拟器

拓扑介绍

Core使用常用的IGP ISIS协议，标签分发没有选择使用LDP，而是使用的SR，PE-R2于PE-R4直接起VPNv4的邻居.以下是主要的配置：

```
R2:
router isis 1
 is-type level-2-only
 net 49.0000.0000.0002.00
 address-family ipv4 unicast
  metric-style wide
  segment-routing mpls
 !
 interface Loopback0
  address-family ipv4 unicast
   prefix-sid index 2
  !
 !        
 interface GigabitEthernet0/0/0/1
  point-to-point
  address-family ipv4 unicast
​
router bgp 1
 bgp router-id 10.1.2.2
 address-family vpnv4 unicast
 !        
 neighbor 10.1.4.4
  remote-as 1
  update-source Loopback0
  address-family vpnv4 unicast
   next-hop-self
```
```
R3
router isis 1
 is-type level-2-only
 net 49.0000.0000.0003.00
 address-family ipv4 unicast
  metric-style wide
  segment-routing mpls
 !
 interface Loopback0
  address-family ipv4 unicast
   prefix-sid index 3
  !
 !
 interface GigabitEthernet0/0/0/0
  point-to-point
  address-family ipv4 unicast
  !
 !
 interface GigabitEthernet0/0/0/1
  point-to-point
  address-family ipv4 unicast
```
```
R4
router isis 1
 is-type level-2-only
 net 49.0000.0000.0004.00
 address-family ipv4 unicast
  metric-style wide
  segment-routing mpls
 !
 interface Loopback0
  address-family ipv4 unicast
   prefix-sid index 4
  !
 !        
 interface GigabitEthernet0/0/0/0
  point-to-point
  address-family ipv4 unicast
  
router bgp 1
 bgp router-id 10.1.4.4
 address-family vpnv4 unicast
 !        
 neighbor 10.1.2.2
  remote-as 1
  update-source Loopback0
  address-family vpnv4 unicast
   next-hop-self
```

默认为SR分配的标签块是16000-23999，为R4配置prefix-sid是index 4，所以我们在其它设备上去往R4 loopback接口的数据包会压16004的标签.

RP/0/0/CPU0:R2#show mpls forwarding 
Fri Jul  5 07:57:52.647 UTC
Local  Outgoing    Prefix             Outgoing     Next Hop        Bytes       
Label  Label       or ID              Interface                    Switched    
------ ----------- ------------------ ------------ --------------- ------------
16003  Pop         SR Pfx (idx 3)     Gi0/0/0/1    10.1.23.3       0           
16004  16004       SR Pfx (idx 4)     Gi0/0/0/1    10.1.23.3       987559     <<<<   
24000  Aggregate   VIP: Per-VRF Aggr[V]   \
                                      VIP                          8300        
24001  Unlabelled  10.1.1.1/32[V]     Gi0/0/0/0    10.1.12.1       0           
24002  Unlabelled  10.1.15.0/24[V]    Gi0/0/0/0    10.1.12.1       0           
24003  Pop         SR Adj (idx 1)     Gi0/0/0/1    10.1.23.3       0           
24004  Pop         SR Adj (idx 3)     Gi0/0/0/1    10.1.23.3       0   
​
RP/0/0/CPU0:R2#traceroute 10.1.4.4 source 10.1.2.2
Fri Jul  5 07:58:32.184 UTC
​
Type escape sequence to abort.
Tracing the route to 10.1.4.4
​
 1  10.1.23.3 [MPLS: Label 16004 Exp 0] 9 msec  0 msec  0 msec 
 2  10.1.34.4 0 msec  *  0 msec 
RP/0/0/CPU0:R2#

PE与CE之间的路由-OSPF

R1 Same with R5
router ospf 1
 router-id 10.1.1.1
 address-family ipv4 unicast
 area 0
  interface Loopback0
   passive enable
  !
  interface GigabitEthernet0/0/0/0
```
```
R2 Same with R4
router ospf 1
 vrf VIP
  router-id 10.1.24.2
  redistribute bgp 1     <<<<<
  address-family ipv4 unicast
  area 0
   interface GigabitEthernet0/0/0/0
   
router bgp 1
 bgp router-id 10.1.2.2
 address-family vpnv4 unicast
 !
 neighbor 10.1.4.4
  remote-as 1
  update-source Loopback0
  address-family vpnv4 unicast
   next-hop-self
  !
 !
 vrf VIP
  rd auto
  address-family ipv4 unicast
   network 10.1.24.2/32
   redistribute ospf 1    <<<<路由互相引入，必须配置
  !

SHAM-LINK

Sham-link的由来，主要是由于CE与远端CE之间存在一条后门链路并使能了OSPF，这样就会造成本端CE会优选OSPF的区域内或区域间的路由，从后门链路走；而不会优选从PE学来的重分发的BGP路由。但往往这条后面链路只是作为一个备份路径使用，而不是用来在正常情况下跑流量的，因为Core的链路环境往往由运营商维护，更稳定一些.那如何解决这样的次优选路问题，这就引进的sham-link.

Sham-link的目的是将在PE上起一个虚拟的OSPF邻居关系，让远端CE的路由可以通过OSPF传递到PE上;

配置sham-link有以下的注意点：

shan-link的源地址和目的地址必须是32位的掩码的loopback地址
必须绑定加入VPN示例即配置vrf
必须通过BGP进行路由通告，不能使用ospf进行路由通告

在后门链路上配置OSPF属于area 0，在CE1上检查一下路由表:

增加后门链路前:
RP/0/0/CPU0:R1#show route 
L    10.1.1.1/32 is directly connected, 04:47:18, Loopback0
O IA 10.1.5.5/32 [110/3] via 10.1.12.2, 00:01:37, GigabitEthernet0/0/0/0   <<<<
C    10.1.12.0/24 is directly connected, 04:47:18, GigabitEthernet0/0/0/0
L    10.1.12.1/32 is directly connected, 04:47:18, GigabitEthernet0/0/0/0
C    10.1.15.0/24 is directly connected, 00:06:03, GigabitEthernet0/0/0/1
L    10.1.15.1/32 is directly connected, 00:06:03, GigabitEthernet0/0/0/1
O E2 10.1.24.4/32 [110/1] via 10.1.12.2, 00:04:28, GigabitEthernet0/0/0/0
O IA 10.1.45.0/24 [110/2] via 10.1.12.2, 00:01:38, GigabitEthernet0/0/0/0
增加后门链路后:
​
L    10.1.1.1/32 is directly connected, 04:50:46, Loopback0
O    10.1.5.5/32 [110/2] via 10.1.15.5, 00:00:01, GigabitEthernet0/0/0/1  <<<
C    10.1.12.0/24 is directly connected, 04:50:46, GigabitEthernet0/0/0/0
L    10.1.12.1/32 is directly connected, 04:50:46, GigabitEthernet0/0/0/0
C    10.1.15.0/24 is directly connected, 00:09:30, GigabitEthernet0/0/0/1
L    10.1.15.1/32 is directly connected, 00:09:30, GigabitEthernet0/0/0/1
O E2 10.1.24.2/32 [110/1] via 10.1.15.5, 00:00:01, GigabitEthernet0/0/0/1
O E2 10.1.24.4/32 [110/1] via 10.1.12.2, 00:07:56, GigabitEthernet0/0/0/0
O    10.1.45.0/24 [110/2] via 10.1.15.5, 00:00:01, GigabitEthernet0/0/0/1

对于去往对端CE环回口地址的路由由域间换成域内路由，走后门链路，与我们需求不符和，下面我们开始添加sham-link的配置:

1. shan-link的源地址和目的地址必须是32位的掩码的loopback地址
2. 必须绑定加入VPN示例即配置vrf
​
RP/0/0/CPU0:R2#show run int lo1
Mon Jul  8 06:22:15.998 UTC
interface Loopback1
 vrf VIP
 ipv4 address 10.1.24.2 255.255.255.255
 
3. 必须通过BGP进行路由通告，不能使用ospf进行路由通告
​
router bgp 1
 vrf VIP
  address-family ipv4 unicast
   network 10.1.24.2/32
   
为什么这里需要使用BGP去重分发该路由?原因：如果使用的是ospf发布该loopback接口，对端CE学到的是O的路由会优选后门链路走，就不会经过骨干，sham-link就建立不起来
​
​
4. 配置sham-link
RP/0/0/CPU0:R2(config)#router ospf 1
RP/0/0/CPU0:R2(config-ospf)#vrf VIP
RP/0/0/CPU0:R2(config-ospf-vrf)#area 0
RP/0/0/CPU0:R2(config-ospf-vrf-ar)#sham-link 10.2.24.2 10.2.24.4
RP/0/0/CPU0:R2(config-ospf-vrf-ar-sl)#
RP/0/0/CPU0:R2(config-ospf-vrf-ar-sl)#commit 
​
5. 检查sham-link邻接关系：
​
RP/0/0/CPU0:R2#show ospf vrf  VIP sham-links 
Mon Jul  8 06:34:38.668 UTC
​
Sham Links for OSPF 1, VRF VIP
​
Sham Link OSPF_SL0 to address 10.1.24.4 is up
Area 0, source address 10.1.24.2
IfIndex = 2
  Run as demand circuit
  DoNotAge LSA allowed., Cost of using 1
  Transmit Delay is 1 sec, State POINT_TO_POINT,
  Timer intervals configured, Hello 10, Dead 40, Wait 40, Retransmit 5
    Hello due in 00:00:03:904
    Adjacency State FULL (Hello suppressed)
    Number of DBD retrans during last exchange 0
    Index 2/2, retransmission queue length 1, number of retransmission 0
    First 0x15143ed0(5)/0(0) Next 0x15143ed0(5)/0(0)
    Last retransmission scan length is 0, maximum is 0
    Last retransmission scan time is 0 msec, maximum is 0 msec
    Link State retransmission due in 3975 msec
RP/0/0/CPU0:R2#
​
RP/0/0/CPU0:R2#show ospf vrf VIP neighbor 
Mon Jul  8 06:55:10.553 UTC
​
* Indicates MADJ interface
# Indicates Neighbor awaiting BFD session up
​
Neighbors for OSPF 1, VRF VIP
​
Neighbor ID     Pri   State           Dead Time   Address         Interface
10.1.24.4       1     FULL/  -           -        10.1.24.4       OSPF_SL0
    Neighbor is up for 00:20:32
10.1.1.1        1     FULL/DR         00:00:31    10.1.12.1       GigabitEthernet0/0/0/0
    Neighbor is up for 00:43:47
​
Total neighbor count: 2

检查一下增加sham-link后的路由表:

RP/0/0/CPU0:R1#show route   
L    10.1.1.1/32 is directly connected, 05:27:56, Loopback0
O    10.1.5.5/32 [110/2] via 10.1.15.5, 00:00:12, GigabitEthernet0/0/0/1    
C    10.1.12.0/24 is directly connected, 05:27:56, GigabitEthernet0/0/0/0
L    10.1.12.1/32 is directly connected, 05:27:56, GigabitEthernet0/0/0/0
C    10.1.15.0/24 is directly connected, 00:46:40, GigabitEthernet0/0/0/1
L    10.1.15.1/32 is directly connected, 00:46:40, GigabitEthernet0/0/0/1
O E2 10.1.24.2/32 [110/1] via 10.1.12.2, 00:00:12, GigabitEthernet0/0/0/0
                  [110/1] via 10.1.15.5, 00:00:12, GigabitEthernet0/0/0/1
O E2 10.1.24.4/32 [110/1] via 10.1.12.2, 00:45:06, GigabitEthernet0/0/0/0
O    10.1.45.0/24 [110/2] via 10.1.15.5, 00:00:12, GigabitEthernet0/0/0/1
​
修改一下后门链路的cost:
router ospf 1
 area 0
  interface GigabitEthernet0/0/0/1
   cost 100
修改后的路由表：(符合我们预期走骨干网)
RP/0/0/CPU0:R1# show route 
L    10.1.1.1/32 is directly connected, 05:25:14, Loopback0
O    10.1.5.5/32 [110/4] via 10.1.12.2, 00:16:40, GigabitEthernet0/0/0/0    <<< Get from sham-link
C    10.1.12.0/24 is directly connected, 05:25:14, GigabitEthernet0/0/0/0
L    10.1.12.1/32 is directly connected, 05:25:14, GigabitEthernet0/0/0/0
C    10.1.15.0/24 is directly connected, 00:43:58, GigabitEthernet0/0/0/1
L    10.1.15.1/32 is directly connected, 00:43:58, GigabitEthernet0/0/0/1
O E2 10.1.24.2/32 [110/1] via 10.1.12.2, 00:16:40, GigabitEthernet0/0/0/0
O E2 10.1.24.4/32 [110/1] via 10.1.12.2, 00:42:23, GigabitEthernet0/0/0/0
O    10.1.45.0/24 [110/3] via 10.1.12.2, 00:16:40, GigabitEthernet0/0/0/0

SHAM-LINK抓包

配置文件+抓包:
https://mega.nz/#F!QGgXlKAZ!TcFXtvvA29YqV7lYfrqUBg

this blog from Xuxing's Blog;

Link: http://imxing.cn/?p=159

暗夜星空

Sunday, June 13, 2021

Implement sham-link under the XR platform