这篇文章介绍一下跨域VPN Option C在IOX设备上的配置案例
如果需要CE之间互通,我们需要考虑以下的问题:
RR与RR之间的控制层面与数据层面 ;
CE与CE之间控制层面;
CE与CE之间的数据层面 ;
下面将对这些详细说明。
RR与RR之间的控制层面与数据层面
第一步将两个AS内的IGP/MPLS LDP使能。
第二步,RR1于RR2之间建立BGP邻居是使用loopback接口,跨域的是不能通过IGP传递过去,需要在RR1--->R4--->R5--->RR2起BGP LU的邻居,并将自己的loopback口宣告出去,以RR2的loopback0(10.1.22.22)举例:
RR2的BGP配置如下:
1
RP/0/0/CPU0:RR02#show run router bgp 2
Tue Apr 14 12:00:01.138 UTC3
router bgp 24
bgp router-id 10.1.22.225
address-family ipv4 unicast6
network 10.1.22.22/32 <<<<< 宣告本地loopback接口7
allocate-label all <<<<< 在IOX系统内,启用BGP LU必须使能allocate-label,要不然不会为BGP路由分配标签8
!9
neighbor 10.1.5.510
remote-as 211
update-source Loopback012
address-family ipv4 labeled-unicast13
route-reflector-client14
!15
!R5会收到RR2传递过来label为3的prefix,并为之分配本地标签24007,并向R4发送路由更新。
1
RP/0/0/CPU0:R5#show bgp ipv4 labeled-unicast 10.1.22.22/322
Tue Apr 14 12:05:33.615 UTC3
BGP routing table entry for 10.1.22.22/324
Versions:5
Process bRIB/RIB SendTblVer6
Speaker 16 167
Local Label: 24007 <<<<< 8
Last Modified: Apr 11 18:36:21.564 for 2d17h9
Paths: (1 available, best #1)10
Advertised IPv4 Labeled-unicast paths to peers (in unique update groups):11
10.1.45.4 12
Path #1: Received by speaker 013
Advertised IPv4 Labeled-unicast paths to peers (in unique update groups):14
10.1.45.4 15
Local16
10.1.22.22 (metric 20) from 10.1.22.22 (10.1.22.22)17
Received Label 3 <<<<<18
Origin IGP, metric 0, localpref 100, valid, internal, best, group-best, labeled-unicast19
Received Path ID 0, Local Path ID 1, version 16R4收到路由后为其分配本地标签24007
1
RP/0/0/CPU0:R4#show bgp ipv4 labeled-unicast 10.1.22.22/322
Tue Apr 14 12:08:11.833 UTC3
BGP routing table entry for 10.1.22.22/324
Versions:5
Process bRIB/RIB SendTblVer6
Speaker 16 167
Local Label: 24007 <<<<<<<8
Last Modified: Apr 11 18:36:30.321 for 2d17h9
Paths: (1 available, best #1)10
Advertised IPv4 Labeled-unicast paths to peers (in unique update groups):11
10.1.11.11 12
Path #1: Received by speaker 013
Advertised IPv4 Labeled-unicast paths to peers (in unique update groups):14
10.1.11.11 15
216
10.1.45.5 from 10.1.45.5 (10.1.5.5)17
Received Label 24007 <<<<<<<<18
Origin IGP, localpref 100, valid, external, best, group-best, labeled-unicast19
Received Path ID 0, Local Path ID 1, version 1620
Origin-AS validity: (disabled)21
RP/0/0/CPU0:R4#RR1收到路由如下, 下一跳为域内R4的loopback地址。
1
RP/0/0/CPU0:RR01#show bgp ipv4 labeled-unicast 10.1.22.22/322
Tue Apr 14 12:11:22.591 UTC3
BGP routing table entry for 10.1.22.22/324
Versions:5
Process bRIB/RIB SendTblVer6
Speaker 10 107
Local Label: 24004 <<<<<8
Last Modified: Apr 11 18:36:37.538 for 2d17h9
Paths: (1 available, best #1)10
Advertised IPv4 Labeled-unicast paths to update-groups (with more than one peer):11
0.2 12
Path #1: Received by speaker 013
Advertised IPv4 Labeled-unicast paths to update-groups (with more than one peer):14
0.2 15
2, (Received from a RR-client)16
10.1.4.4 (metric 20) from 10.1.4.4 (10.1.4.4)17
Received Label 24007 <<<<<<<18
Origin IGP, localpref 100, valid, internal, best, group-best, labeled-unicast19
Received Path ID 0, Local Path ID 1, version 1020
RP/0/0/CPU0:RR01#那么路径 RR1--->R4--->R5--->RR2 到数据层面如下:
1
RP/0/0/CPU0:RR01#traceroute 10.1.22.22 source 10.1.11.11 2
Tue Apr 14 12:13:10.974 UTC3
4
Type escape sequence to abort.5
Tracing the route to 10.1.22.226
7
1 10.1.31.3 [MPLS: Labels 24001/24007 Exp 0] 19 msec 29 msec 29 msec 【LDP label/BGP LU Label】8
2 10.1.34.4 [MPLS: Label 24007 Exp 0] 29 msec 19 msec 19 msec 【LDP 次末挑弹出只剩下BGP LU】9
3 10.1.45.5 [MPLS: Label 24007 Exp 0] 19 msec 19 msec 19 msec 【BGP LU, 到R5之后BGPlabel会弹出,查cef表域内转发】10
4 10.1.56.6 [MPLS: Label 24002 Exp 0] 19 msec 29 msec 29 msec 【LDP label】11
5 10.1.62.2 39 msec * 19 msec 【LDP 次末跳弹出】12
RP/0/0/CPU0:RR01#show cef 10.1.4.4/32 13
Tue Apr 14 12:13:34.462 UTC14
10.1.4.4/32, version 9, internal 0x1000001 0x0 (ptr 0xa11dd680) [1], 0x0 (0xa11c0468), 0xa28 (0xa15d11b8)15
Updated Apr 10 12:57:39.266 16
local adjacency 10.1.31.317
Prefix Len 32, traffic index 0, precedence n/a, priority 318
via 10.1.31.3/32, GigabitEthernet0/0/0/0, 5 dependencies, weight 0, class 0 [flags 0x0]19
path-idx 0 NHID 0x0 [0xa18aa110 0x0]20
next hop 10.1.31.3/3221
local adjacency22
local label 24000 labels imposed {24001}CE与CE之间控制层面
拿R8的loopback0路由10.1.8.8/32举例,R8和R7建立EBGP链接,将路由传递给R7.查看R7上的路由如下,为其分配BGP VPNv4的标签24002
1
RP/0/0/CPU0:R7#show bgp vrf VIP ipv4 unicast 10.1.8.8/32 detail 2
Wed Apr 15 03:33:52.790 UTC3
BGP routing table entry for 10.1.8.8/32, Route Distinguisher: 10.1.7.7:04
Versions:5
Process bRIB/RIB SendTblVer6
Speaker 5 57
Local Label: 24002 (no rewrite); 8
Flags: 0x01141001+0x00000000; 9
Last Modified: Apr 10 12:58:37.619 for 4d14h10
Paths: (1 available, best #1)11
Not advertised to any peer12
Path #1: Received by speaker 013
Flags: 0xc00000000d040003, import: 0x1f14
Not advertised to any peer15
6500116
10.1.78.8 from 10.1.78.8 (10.1.8.8)17
Origin IGP, metric 0, localpref 100, valid, external, best, group-best, import-candidate18
Received Path ID 0, Local Path ID 1, version 519
Extended community: RT:100:100 20
Origin-AS validity: (disabled)R7与RR2建立VPNv4的邻居,RR2收到这条BGP路由下一跳时R7的loopback口地址10.1.7.7
1
RP/0/0/CPU0:RR02#show bgp vpnv4 unicast rd 10.1.7.7:0 10.1.8.8/32 detail 2
Wed Apr 15 03:39:42.716 UTC3
BGP routing table entry for 10.1.8.8/32, Route Distinguisher: 10.1.7.7:04
Versions:5
Process bRIB/RIB SendTblVer6
Speaker 3 37
Flags: 0x00040001+0x00000000; 8
Last Modified: Apr 10 12:59:37.534 for 4d14h9
Paths: (1 available, best #1)10
Advertised to peers (in unique update groups):11
10.1.11.11 12
Path #1: Received by speaker 013
Flags: 0x4000000025060205, import: 0x1f14
Advertised to peers (in unique update groups):15
10.1.11.11 16
65001, (Received from a RR-client)17
10.1.7.7 (metric 20) from 10.1.7.7 (10.1.7.7)18
Received Label 24002 19
Origin IGP, metric 0, localpref 100, valid, internal, best, group-best, import-candidate, not-in-vrf20
Received Path ID 0, Local Path ID 1, version 321
Extended community: RT:100:100 22
RP/0/0/CPU0:RR02#RR2与RR1建立VPNv4的邻居,并互指next-hop-unchanged,因此RR1上看到的路由下一条依旧为10.1.7.7
1
RP/0/0/CPU0:RR01#show bgp vpnv4 unicast rd 10.1.7.7:0 10.1.8.8/32 detail 2
Wed Apr 15 03:48:54.418 UTC3
BGP routing table entry for 10.1.8.8/32, Route Distinguisher: 10.1.7.7:04
Versions:5
Process bRIB/RIB SendTblVer6
Speaker 5 57
Flags: 0x00040001+0x00000000; 8
Last Modified: Apr 12 17:17:18.538 for 2d10h9
Paths: (1 available, best #1)10
Advertised to peers (in unique update groups):11
10.1.2.2 12
Path #1: Received by speaker 013
Flags: 0x4000000025060001, import: 0x2014
Advertised to peers (in unique update groups):15
10.1.2.2 16
2 6500117
10.1.7.7 (metric 20) from 10.1.22.22 (10.1.22.22)18
Received Label 24002 19
Origin IGP, localpref 100, valid, external, best, group-best, import-candidate, not-in-vrf20
Received Path ID 0, Local Path ID 1, version 521
Extended community: RT:100:100 22
RP/0/0/CPU0:RR01#RR1与R2建立VPNv4的邻居,将此条路由通告出去,R2上看到此路由的下一条为 10.1.7.7 ,R2将之传递给R1
1
RP/0/0/CPU0:R2#2
RP/0/0/CPU0:R2#show bgp vpnv4 unicast rd 10.1.7.7:0 10.1.8.8/32 detail3
Wed Apr 15 07:55:59.930 UTC4
BGP routing table entry for 10.1.8.8/32, Route Distinguisher: 10.1.7.7:05
Versions:6
Process bRIB/RIB SendTblVer7
Speaker 11 118
Flags: 0x00040001+0x00000000; 9
Last Modified: Apr 12 17:17:09.376 for 2d14h10
Paths: (1 available, best #1)11
Not advertised to any peer12
Path #1: Received by speaker 013
Flags: 0x4000000025060005, import: 0x1f14
Not advertised to any peer15
2 6500116
10.1.7.7 (metric 20) from 10.1.11.11 (10.1.11.11)17
Received Label 24002 18
Origin IGP, localpref 100, valid, internal, best, group-best, import-candidate, not-in-vrf19
Received Path ID 0, Local Path ID 1, version 1120
Extended community: RT:100:100 21
RP/0/0/CPU0:R2#CE与CE之间的数据层面
如上,R2上看到10.1.8.8 下一跳是10.1.7.7,那么我们需要打通一条完整的LSP,让数据层面可以正常转发。
这里有用到了BGP LU, 首先R7与R5建立BGP LU,并为自己的loopback地址分配3的标签
R5收到后会为10.1.7.7分配24000的本地标签并送给R4,下一跳为10.1.7.7
R4收到后会为10.1.7.7分配24006的本地标签并发给R2,并修改下一跳地址为自己,10.1.4.4
R2上我们能看到received lable为24006,下一跳为10.1.4.4,域内地址
1
RP/0/0/CPU0:R5#show bgp ipv4 labeled-unicast 10.1.7.7/32 2
Wed Apr 15 08:03:24.181 UTC3
BGP routing table entry for 10.1.7.7/324
Versions:5
Process bRIB/RIB SendTblVer6
Speaker 15 157
Local Label: 240008
Last Modified: Apr 11 18:36:21.564 for 3d13h9
Paths: (1 available, best #1)10
Advertised IPv4 Labeled-unicast paths to peers (in unique update groups):11
10.1.45.4 12
Path #1: Received by speaker 013
Advertised IPv4 Labeled-unicast paths to peers (in unique update groups):14
10.1.45.4 15
Local16
10.1.7.7 (metric 20) from 10.1.22.22 (10.1.7.7)17
Received Label 3 18
Origin IGP, metric 0, localpref 100, valid, internal, best, group-best, labeled-unicast19
Received Path ID 0, Local Path ID 1, version 1520
Originator: 10.1.7.7, Cluster list: 10.1.22.2221
RP/0/0/CPU0:R5#22
RP/0/0/CPU0:R4#show bgp ipv4 labeled-unicast 10.1.7.7/3223
Wed Apr 15 08:04:04.978 UTC24
BGP routing table entry for 10.1.7.7/3225
Versions:26
Process bRIB/RIB SendTblVer27
Speaker 5 528
Local Label: 2400629
Last Modified: Apr 10 12:58:55.321 for 4d19h30
Paths: (1 available, best #1)31
Advertised IPv4 Labeled-unicast paths to peers (in unique update groups):32
10.1.11.11 33
Path #1: Received by speaker 034
Advertised IPv4 Labeled-unicast paths to peers (in unique update groups):35
10.1.11.11 36
237
10.1.45.5 from 10.1.45.5 (10.1.5.5)38
Received Label 24000 39
Origin IGP, localpref 100, valid, external, best, group-best, labeled-unicast40
Received Path ID 0, Local Path ID 1, version 541
Origin-AS validity: (disabled)42
43
RP/0/0/CPU0:R2# show bgp ipv4 labeled-unicast 10.1.7.7/3244
Wed Apr 15 08:07:55.011 UTC45
BGP routing table entry for 10.1.7.7/3246
Versions:47
Process bRIB/RIB SendTblVer48
Speaker 5 549
Local Label: 2400450
Last Modified: Apr 10 12:58:55.376 for 4d19h51
Paths: (1 available, best #1)52
Not advertised to any peer53
Path #1: Received by speaker 054
Not advertised to any peer55
256
10.1.4.4 (metric 20) from 10.1.11.11 (10.1.4.4)57
Received Label 24006 58
Origin IGP, localpref 100, valid, internal, best, group-best, labeled-unicast59
Received Path ID 0, Local Path ID 1, version 560
Originator: 10.1.4.4, Cluster list: 10.1.11.11这时候我们在R2查看10.1.8.8的cef表可以看到标签为24001 24006 24002,对应10.1.4.4LDP标签/10.1.7.7 BGP LU标签/BGP VPNv4标签
在R3上根据标签表转发,栈顶标签次末跳弹出,剩余标签为 24006 24002 , 对应10.1.7.7 BGP LU标签/BGP VPNv4标签
在R4上根据标签表转发,修改栈顶标签, 24000 24002 对应 10.1.7.7 BGP LU标签/BGP VPNv4标签
在R5上根据标签表转发,修改栈顶标签,24000 24002对应10.1.7.7 LDP标签/ BGP VPNv4标签
在R6上根据标签表转发 ,栈顶标签次末跳弹出, 剩余标签为24002对应BGP VPNv4标签
在R7上先查标签表直接从Gi0/0/0/0送出
1
RP/0/0/CPU0:R2#show cef vrf VIP 10.1.8.8 2
Wed Apr 15 08:16:49.124 UTC3
10.1.8.8/32, version 8, internal 0x5000001 0x0 (ptr 0xa1221058) [1], 0x0 (0x0), 0x208 (0xa16b1210)4
Updated Apr 12 17:17:09.1305
Prefix Len 32, traffic index 0, precedence n/a, priority 36
via 10.1.7.7/32, 3 dependencies, recursive [flags 0x6000]7
path-idx 0 NHID 0x0 [0xa172593c 0x0]8
recursion-via-/329
next hop VRF - 'default', table - 0xe000000010
next hop 10.1.7.7/32 via 24004/0/2111
next hop 10.1.23.3/32 Gi0/0/0/1 labels imposed {24001 24006 24002}12
RP/0/0/CPU0:R3#show mpls forwarding labels 2400113
Wed Apr 15 08:28:05.079 UTC14
Local Outgoing Prefix Outgoing Next Hop Bytes 15
Label Label or ID Interface Switched 16
------ ----------- ------------------ ------------ --------------- ------------17
24001 Pop 10.1.4.4/32 Gi0/0/0/0 10.1.34.4 2212964 18
RP/0/0/CPU0:R3#19
RP/0/0/CPU0:R4#show mpls forwarding labels 24006 20
Wed Apr 15 08:28:58.186 UTC21
Local Outgoing Prefix Outgoing Next Hop Bytes 22
Label Label or ID Interface Switched 23
------ ----------- ------------------ ------------ --------------- ------------24
24006 24000 10.1.7.7/32 Gi0/0/0/1 10.1.45.5 4344 25
RP/0/0/CPU0:R4#26
RP/0/0/CPU0:R5#show mpls forwarding labels 2400027
Wed Apr 15 08:29:33.724 UTC28
Local Outgoing Prefix Outgoing Next Hop Bytes 29
Label Label or ID Interface Switched 30
------ ----------- ------------------ ------------ --------------- ------------31
24000 24000 10.1.7.7/32 Gi0/0/0/0 10.1.56.6 4776 32
RP/0/0/CPU0:R5#33
RP/0/0/CPU0:R6#show mpls forwarding labels 24000 34
Wed Apr 15 08:30:31.660 UTC35
Local Outgoing Prefix Outgoing Next Hop Bytes 36
Label Label or ID Interface Switched 37
------ ----------- ------------------ ------------ --------------- ------------38
24000 Pop 10.1.7.7/32 Gi0/0/0/1 10.1.67.7 1480864 39
RP/0/0/CPU0:R6#40
RP/0/0/CPU0:R7#show mpls forwarding 41
Wed Apr 15 08:31:38.636 UTC42
Local Outgoing Prefix Outgoing Next Hop Bytes 43
Label Label or ID Interface Switched 44
------ ----------- ------------------ ------------ --------------- ------------45
24000 Pop 10.1.6.6/32 Gi0/0/0/1 10.1.67.6 774254 46
24001 24001 10.1.5.5/32 Gi0/0/0/1 10.1.67.6 6512 47
24002 Unlabelled 10.1.8.8/32[V] Gi0/0/0/0 10.1.78.8 5936 <<<<<<<<<<48
24006 24002 10.1.22.22/32 Gi0/0/0/1 10.1.67.6 742325 49
24007 24005 10.1.2.2/32 10.1.5.5 0 50
24008 24006 10.1.11.11/32 10.1.5.5 0 51
RP/0/0/CPU0:R7#测试
1
RP/0/0/CPU0:R1#ping 10.1.8.8 source 10.1.1.1 2
Sun Apr 12 17:17:18.117 UTC3
Type escape sequence to abort.4
Sending 5, 100-byte ICMP Echos to 10.1.8.8, timeout is 2 seconds:5
6
RP/0/0/CPU0:R1#traceroute 10.1.8.8 source 10.1.1.17
Sun Apr 12 17:17:20.567 UTC8
9
Type escape sequence to abort.10
Tracing the route to 10.1.8.811
12
1 10.1.12.2 9 msec 0 msec 0 msec 13
2 10.1.23.3 [MPLS: Labels 24001/24006/24002 Exp 0] 29 msec 29 msec 29 msec LDP Label/BGP LU label/BGP VPN4 label14
3 10.1.34.4 [MPLS: Labels 24006/24002 Exp 0] 19 msec 19 msec 29 msec BGP LU label/BGP VPN4 label15
4 10.1.45.5 [MPLS: Labels 24000/24002 Exp 0] 19 msec 19 msec 29 msec BGP LU label/BGP VPN4 label16
5 10.1.56.6 [MPLS: Labels 24000/24002 Exp 0] 29 msec 19 msec 19 msec LDP Label /BGP VPN4 label17
6 10.1.67.7 [MPLS: Label 24002 Exp 0] 29 msec 29 msec 19 msec BGP VPN4 label18
7 10.1.78.8 29 msec * 39 msec 19
RP/0/0/CPU0:R1#20
RP/0/0/CPU0:R1#21
RP/0/0/CPU0:R1#22
RP/0/0/CPU0:R1#23
RP/0/0/CPU0:R1#show route24
Tue Jul 23 12:54:31.565 UTC25
26
Codes: C - connected, S - static, R - RIP, B - BGP, (>) - Diversion path27
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area28
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 229
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP30
i - ISIS, L1 - IS-IS level-1, L2 - IS-IS level-231
ia - IS-IS inter area, su - IS-IS summary null, * - candidate default32
U - per-user static route, o - ODR, L - local, G - DAGR, l - LISP33
A - access/subscriber, a - Application route34
M - mobile route, r - RPL, t - Traffic Engineering, (!) - FRR Backup path35
36
Gateway of last resort is not set37
38
L 10.1.1.1/32 is directly connected, 09:07:18, Loopback039
B 10.1.8.8/32 [20/0] via 10.1.12.2, 03:02:2940
C 10.1.12.0/24 is directly connected, 09:07:18, GigabitEthernet0/0/0/041
L 10.1.12.1/32 is directly connected, 09:07:18, GigabitEthernet0/0/0/042
```配置文件/抓包文件
This Blog from Xuxing's Blog;
Link:
http://imxing.cn/?p=156
No comments:
Post a Comment