图8-2 域间MPLS ×××解决方案C(3)实施拓扑
承载×××路由的MPLS骨干网跨越多个AS,需要配置跨域×××。当每个AS都有大量的×××路由需要交换时,可选择跨域×××-OptionC方式,防止ASBR成为阻碍网络进一步扩展的瓶颈,进一步解决OptionB中ASBR设备收取了所有客户的×××v4路由缺陷。同时在OptionC中,设置了多协议BGP的RR设备,这使得网络架构更加清晰。
OptionC的总体层次化结构:
1.在P设备上实施MP-BGP的路由反射器,用于接收×××V4路由并反射到EBGP邻居
2.为了构建BGP的反射器,需要在ASBR之间构建IPv4单播的EBGP邻居、ASBR和RR之间构建IPv4单播的IBGP邻居用于更新反射器的环回接口
3.在RR和PE之间构建多协议BGP的iBGP邻居用于把客户的×××v4路由更新到RR设备。
在后续的内容中,我们再来实现标签的连续性。
我们在图8-2中实施本案例,请读者把OptionC作为学习的重点,它几乎是运营商CCIE的必考点。
8.3.1 实施各AS内部的IGP和LDP协议
如图8-2所示,在AS100内实施OSPF协议,在AS200内实施IS-IS协议,并且完成LDP的自动配置。
AS200:
ASBR-R4(config)#router isis
ASBR-R4(config-router)# net 49.4567.0000.0000.4444.00
ASBR-R4(config-router)# mpls ldp autoconfig level-1
ASBR-R4(config-router)# is-type level-1
ASBR-R4(config-router)# metric-style wide
ASBR-R4(config-router)# log-adjacency-changes
ASBR-R4(config-router)#int lo0
ASBR-R4(config-if)#ip router isis
ASBR-R4(config-if)#int e0/1
ASBR-R4(config-if)#ip router isis
ASBR-R4(config-if)#int e0/3
ASBR-R4(config-if)#ip router isis
!
RR-R5(config)#router isis
RR-R5(config-router)# net 49.4567.0000.0000.5555.00
RR-R5(config-router)# is-type level-1
RR-R5(config-router)# metric-style wide
RR-R5(config-router)# log-adjacency-changes
RR-R5(config-router)#mpls ldp autoconfig level-1
RR-R5(config-router)#
RR-R5(config-router)#exi
RR-R5(config)#int lo0
RR-R5(config-if)#ip router isis
RR-R5(config-if)#int r e0/0 - 1
RR-R5(config-if-range)#ip router isis
!
PE-R6(config)#router isis
PE-R6(config-router)# mpls ldp autoconfig level-1
PE-R6(config-router)# is-type level-1
PE-R6(config-router)# metric-style wide
PE-R6(config-router)# log-adjacency-changes
PE-R6(config-router)# net 49.4567.0000.0000.6666.00
PE-R6(config-router)#
PE-R6(config-router)#exi
PE-R6(config)#int lo0
PE-R6(config-if)#ip router isis
PE-R6(config-if)#int r e0/1 - 2
PE-R6(config-if-range)#ip router isis验证IS-IS邻居和LDP邻居
RR-R5#show isis neighbors
System Id Type Interface IP Address State Holdtime Circuit Id
ASBR-R4 L1 Et0/0 45.1.1.4 UP 22 RR-R5.01
PE-R6 L1 Et0/1 56.1.1.6 UP 25 RR-R5.02
RR-R5#show mpls ldp neighbor
Peer LDP Ident: 44.1.1.1:0; Local LDP Ident 55.1.1.1:0
TCP connection: 44.1.1.1.646 - 55.1.1.1.35275
State: Oper; Msgs sent/rcvd: 14/15; Downstream
Up time: 00:04:40
LDP discovery sources:
Ethernet0/0, Src IP addr: 45.1.1.4
Addresses bound to peer LDP Ident:
45.1.1.4 24.1.1.4 46.1.1.4 44.1.1.1
Peer LDP Ident: 66.1.1.1:0; Local LDP Ident 55.1.1.1:0
TCP connection: 66.1.1.1.22823 - 55.1.1.1.646
State: Oper; Msgs sent/rcvd: 13/14; Downstream
Up time: 00:04:35
LDP discovery sources:
Ethernet0/1, Src IP addr: 56.1.1.6
Addresses bound to peer LDP Ident:
56.1.1.6 46.1.1.6 66.1.1.1
查看标签转发表,由于P设备刚好是LSP的次末跳设备,所以,它看到的去往ASBR和PE的环回口标签应该为Pop
RR-R5#show mpls forwarding-table
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
16 Pop Label 44.1.1.1/32 0 Et0/0 45.1.1.4
17 Pop Label 46.1.1.0/24 0 Et0/0 45.1.1.4
Pop Label 46.1.1.0/24 0 Et0/1 56.1.1.6
18 Pop Label 66.1.1.1/32 0 Et0/1 56.1.1.6
AS100的配置
R3:
router ospf 110
mpls ldp autoconfig area 0
!
interface Loopback0
ip address 33.1.1.1 255.255.255.255
ip ospf 110 area 0
!
interface Ethernet0/1
ip address 23.1.1.3 255.255.255.0
ip ospf 110 area 0
end
!
interface Ethernet0/2
ip address 13.1.1.3 255.255.255.0
ip ospf 110 area 0
XR1:
router ospf 110
area 0
mpls ldp auto-config
interface Loopback0
!
interface GigabitEthernet0/0/0/0
!
interface GigabitEthernet0/0/0/1
!
mpls ldp
router-id 22.1.1.1
XR2:
router ospf 110
area 0
mpls ldp auto-config
interface Loopback0
!
interface GigabitEthernet0/0/0/0
!
interface GigabitEthernet0/0/0/2
!
!
!
mpls ldp
router-id 22.1.1.1验证OSPF邻居、LDP邻居和标签转发表
RR-R3#show ip ospf nei
Neighbor ID Pri State Dead Time Address Interface
11.1.1.1 1 FULL/BDR 00:00:31 13.1.1.1 Ethernet0/2
22.1.1.1 1 FULL/BDR 00:00:34 23.1.1.2 Ethernet0/1
RR-R3#show mpls ldp neighbor
Peer LDP Ident: 11.1.1.1:0; Local LDP Ident 33.1.1.1:0
TCP connection: 11.1.1.1.646 - 33.1.1.1.16513
State: Oper; Msgs sent/rcvd: 17/18; Downstream
Up time: 00:08:07
LDP discovery sources:
Ethernet0/2, Src IP addr: 13.1.1.1
Addresses bound to peer LDP Ident:
12.1.1.1 13.1.1.1 11.1.1.1
Peer LDP Ident: 22.1.1.1:0; Local LDP Ident 33.1.1.1:0
TCP connection: 22.1.1.1.646 - 33.1.1.1.49735
State: Oper; Msgs sent/rcvd: 14/15; Downstream
Up time: 00:04:20
LDP discovery sources:
Ethernet0/1, Src IP addr: 23.1.1.2
Addresses bound to peer LDP Ident:
22.1.1.1 23.1.1.2 12.1.1.2
Duplicate Addresses advertised by peer:
13.1.1.1
RR-R3#show mpls forwarding-table
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
16 Pop Label 12.1.1.0/24 0 Et0/2 13.1.1.1
Pop Label 12.1.1.0/24 0 Et0/1 23.1.1.2
17 Pop Label 11.1.1.1/32 599 Et0/2 13.1.1.1
18 Pop Label 22.1.1.1/32 503 Et0/1 23.1.1.2
到此两个AS的域内配置完毕
8.3.2 构建RR之间的MP-EBGP邻居关系
为了使得RR之间能构建EBGP邻居,那么需要在两个ASBR之间构建IPv4单播的EBGP,以及构建RR和ASBR之间的IBGP邻居。即R2和R4建立EBGP邻居,R3和R2以及R5和R4建立IBGP邻居。然后通告R3和R5的环回口,使得两者可以建立EBGP
XR2:
route-policy EBGP
pass
end-policy
router bgp 100
address-family ipv4 unicast
!
neighbor 24.1.1.4
remote-as 200
address-family ipv4 unicast
route-policy EBGP in
route-policy EBGP out
!
!
neighbor 33.1.1.1
remote-as 100
update-source Loopback0
address-family ipv4 unicast
next-hop-self
!
R3:
router bgp 100
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 22.1.1.1 remote-as 100
neighbor 22.1.1.1 update-source Loopback0
!
address-family ipv4
network 33.1.1.1 mask 255.255.255.255
neighbor 22.1.1.1 route-reflector-client
neighbor 22.1.1.1 activate
!
ASBR-R4
router bgp 200
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 24.1.1.2 remote-as 100
neighbor 55.1.1.1 remote-as 200
neighbor 55.1.1.1 update-source Loopback0
!
address-family ipv4
neighbor 24.1.1.2 activate
neighbor 55.1.1.1 activate
neighbor 55.1.1.1 next-hop-self
!
R5:
router bgp 200
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 44.1.1.1 remote-as 200
neighbor 44.1.1.1 update-source Loopback0
!
address-family ipv4
network 55.1.1.1 mask 255.255.255.255
neighbor 44.1.1.1 route-reflector-client
neighbor 44.1.1.1 activate本步骤都是常规的建立IPv4单播BGP的邻居和更新RR的环回口路由即可。
RP/0/0/CPU0:ASBR-2#show bgp ipv4 unicast summary //ASBR构建成功EBGP邻居和IBGP邻居
Fri Oct 14 12:52:56.454 UTC
BGP router identifier 22.1.1.1, local AS number 100
BGP generic scan interval 60 secs
BGP table state: Active
Table ID: 0xe0000000 RD version: 4
BGP main routing table version 4
BGP scan interval 60 secs
BGP is operating in STANDALONE mode.
Process RcvTblVer bRIB/RIB LabelVer ImportVer SendTblVer StandbyVer
Speaker 4 4 4 4 4 4
Neighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd
24.1.1.4 0 200 109 99 4 0 0 01:35:33 1
33.1.1.1 0 100 118 104 4 0 0 01:40:52 1
我们的目的是使得R3和R5的环回口可以通信,那我们来查看通过BGP更新得到的路由
RR-R3#show ip route bgp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
-
- replicated route, % - next hop override
Gateway of last resort is not set
55.0.0.0/32 is subnetted, 1 subnetsB 55.1.1.1 [200/0] via 22.1.1.1, 00:21:30
RR-R5#show ip route bgp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
-
- replicated route, % - next hop override
Gateway of last resort is not set
33.0.0.0/32 is subnetted, 1 subnetsB 33.1.1.1 [200/0] via 44.1.1.1, 01:41:23
RR-R5#ping 33.1.1.1 source loopback 0
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 33.1.1.1, timeout is 2 seconds:
Packet sent with a source address of 55.1.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 3/3/4 ms
环回口之间已经可以通信,那么现在我们来构建MP-EBGP邻居
RR-R5(config)#router bgp 200
RR-R5(config-router)#neighbor 33.1.1.1 remote-as 100
RR-R5(config-router)#neighbor 33.1.1.1 update-source lo0
RR-R5(config-router)#neighbor 33.1.1.1 ebgp-multihop
RR-R5(config-router)#address-family ***v4
RR-R5(config-router-af)#neighbor 33.1.1.1 activate
!
RR-R3(config)#router bgp 100
RR-R3(config-router)#neighbor 55.1.1.1 remote-as 200
RR-R3(config-router)#neighbor 55.1.1.1 update-source lo0
RR-R3(config-router)#neighbor 55.1.1.1 ebgp-multihop
RR-R3(config-router)#address-family ***v4
RR-R3(config-router-af)#neighbor 55.1.1.1 activateRR之间的多协议BGP已经建立
RR-R3#show bgp ***v4 unicast all summary
BGP router identifier 33.1.1.1, local AS number 100
BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
55.1.1.1 4 200 11 12 1 0 0 00:08:03 0
RR-R5#show bgp ***v4 unicast all summary
BGP router identifier 55.1.1.1, local AS number 200
BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
33.1.1.1 4 100 12 12 1 0 0 00:08:35 0
RR-R5#
8.3.3 构建RR和PE设备的MP-iBGP邻居关系
本步骤的目的是使得PE得到的客户的×××v4路由可以更新到RR,然后通过RR更新给对端的EBGP
XR1:
router bgp 100
address-family ***v4 unicast
!
neighbor 33.1.1.1
remote-as 100
update-source Loopback0
address-family ***v4 unicast
!
R3:
RR-R3(config)#router bgp 100
RR-R3(config-router)#neighbor 11.1.1.1 remote-as 100
RR-R3(config-router)#neighbor 11.1.1.1 update-source lo0
RR-R3(config-router)#address-family ***v4 unicast
RR-R3(config-router-af)#neighbor 11.1.1.1 activate
RR-R3(config-router-af)#neighbor 11.1.1.1 route-reflector-client
!
R5:
RR-R5(config)#router bgp 200
RR-R5(config-router)#neighbor 66.1.1.1 remote-as 200
RR-R5(config-router)#neighbor 66.1.1.1 update-source lo0
RR-R5(config-router)#address-family ***v4 unicast
RR-R5(config-router-af)#neighbor 66.1.1.1 route-reflector-client
!
PE-R6(config)#router bgp 200
PE-R6(config-router)#neighbor 55.1.1.1 remote-as 200
PE-R6(config-router)#neighbor 55.1.1.1 update-source lo0
PE-R6(config-router)#address-family ***v4
PE-R6(config-router-af)#neighbor 55.1.1.1 update-source lo0
PE-R6(config-router-af)#neighbor 55.1.1.1 activate
PE-R6(config-router-af)#验证MP-BGP邻居
RR-R5#show bgp ***v4 unicast all summary //RR和本AS的PE构建了iBGP邻居,和对端AS的RR构建了EBGP邻居
BGP router identifier 55.1.1.1, local AS number 200
BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
33.1.1.1 4 100 330 328 1 0 0 04:54:47 0
66.1.1.1 4 200 5 5 1 0 0 00:01:23 0
RP/0/0/CPU0:PE-XR1#show bgp ***v4 unicast summary //PE和RR构建了正常的BGP邻居
Fri Oct 14 17:52:32.823 UTC
BGP router identifier 11.1.1.1, local AS number 100
BGP generic scan interval 60 secs
BGP table state: Active
Table ID: 0x0 RD version: 0
BGP main routing table version 1
BGP scan interval 60 secs
BGP is operating in STANDALONE mode.
Process RcvTblVer bRIB/RIB LabelVer ImportVer SendTblVer StandbyVer
Speaker 1 1 1 1 1 1
Neighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd
33.1.1.1 0 100 8 6 1 0 0 00:03:41 0
8.3.4 实施VRF并且实施客户端的BGP协议以获取×××v4路由
本步骤的主要目的是获取客户的路由并且更新到其他CE站点
XR上实施VRF并且和R8构建EBGP邻居
vrf Ender
address-family ipv4 unicast
import route-target
100:200
!
export route-target
100:200 //实施RT值为100:200
!
!
!
interface GigabitEthernet0/0/0/3
vrf Ender //把连接CE的接口划入VRF接口
ipv4 address 18.1.1.1 255.255.255.0
no shutdown
!
router bgp 100
vrf Ender
rd 100:200 //在BGP的vrf下设置RD值,该值自定义
address-family ipv4 unicast //在BGP的vrf地址族初始化IPv4单播地址族
!
neighbor 18.1.1.8
remote-as 300
address-family ipv4 unicast
as-override //和CE激活IPv4邻居,并且配置修改AS的命令,使得CE可以正常得到其他CE站点的路由,用以解决EBGP防环导致的路由无法收取问题
route-policy PASS in
route-policy PASS out//针对邻居应用放行所有EBGP邻居,否则默认为丢弃策略
!
route-policy PASS
pass
end-policy
R8:
router bgp 300
bgp log-neighbor-changes
network 88.1.1.1 mask 255.255.255.255
neighbor 18.1.1.1 remote-as 100我们可以直接查看R3,如果PE和CE构建了邻居,那么PE会把路由更新到R3
RR-R3#show bgp ***v4 unicast all //R3已经正常的得到了本侧AS的路由
BGP table version is 2, local router ID is 33.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight PathRoute Distinguisher: 100:200
*>i 88.1.1.1/32 11.1.1.1 0 100 0 300 i
AS100已经实施完毕,接下来实施AS200的PE和CE
PE-R6:
PE-R6(config)#vrf definition Ender
PE-R6(config-vrf)#rd 100:200
PE-R6(config-vrf)#address-family ipv4
PE-R6(config-vrf-af)#route-target 100:200
!
PE-R6(config-vrf)#int e0/3
PE-R6(config-if)#no shu
PE-R6(config-if)#vrf forwarding
PE-R6(config-if)#ip add 67.1.1.6 255.255.255.0
!
PE-R6(config)#router bgp 200
PE-R6(config-router)#address-family ipv4 vrf Ender
PE-R6(config-router-af)#neighbor 67.1.1.7 remote-as 300
PE-R6(config-router-af)# neighbor 67.1.1.7 as-override
!
R7:
router bgp 300
bgp log-neighbor-changes
network 77.1.1.1 mask 255.255.255.255
neighbor 67.1.1.6 remote-as 200验证RR上是否得到了本AS一侧的客户的路由
RR-R5#show bgp ***v4 unicast all //RR上得到了两侧客户的环回口路由
BGP table version is 3, local router ID is 55.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight PathRoute Distinguisher: 100:200
>i 77.1.1.1/32 66.1.1.1 0 100 0 300 i
> 88.1.1.1/32 33.1.1.1 0 100 300 i
但是别高兴的太早哦,我们来查看CE站点
CE-R7#show ip route b
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
-
- replicated route, % - next hop override
Gateway of last resort is not set
CE-R7#
CE-R8#show ip route bgp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
-
- replicated route, % - next hop override
Gateway of last resort is not set
CE-R8#
我们发现在CE站点“空无一物”,此时我们必须查看PE设备是否得到了完整的路由
RP/0/0/CPU0:PE-XR1#show bgp ***v4 unicast
Fri Oct 14 18:16:21.345 UTC
BGP router identifier 11.1.1.1, local AS number 100
BGP generic scan interval 60 secs
BGP table state: Active
Table ID: 0x0 RD version: 0
BGP main routing table version 4
BGP scan interval 60 secs
Status codes: s suppressed, d damped, h history, * valid, > best
i - internal, r RIB-failure, S stale, N Nexthop-discard
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:200 (default for vrf Ender)
-
i77.1.1.1/32 55.1.1.1 0 100 0 200 300 i
> 88.1.1.1/32 18.1.1.8 0 0 300 i
PE-R6#show bgp ***v4 unicast all
BGP table version is 2, local router ID is 66.1.1.1
Status codes: s suppressed, d damped, h history, valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not foundNetwork Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:200 (default for vrf Ender)
*> 77.1.1.1/32 67.1.1.7 0 0 300 i- i 88.1.1.1/32 33.1.1.1 0 100 0 100 300 I //我们发现了问题,即从其他AS更新得到的路由并非最优的路由,很明显,我们忘记了在多协议BGP的边界,即RR设备针对PE实施修改下一跳的命令。当然这里还有另外一个解决方案:此时下一跳为对端AS的RR设备的环回口,该接口地址已经通过BGP得到了路由,那么就可以有条件的把该路由引入到IGP。我们在此修改下一跳。
RR-R3(config)#router bgp 100 RR-R3(config-router)#address-family ***v4 unicast RR-R3(config-router-af)#neighbor 11.1.1.1 next-hop-self ! RR-R5(config)#router bgp 200 RR-R5(config-router)#address-family ***v4 RR-R5(config-router-af)#neighbor 66.1.1.1 next-hop-self验证PE得到的×××v4路由是否优化
RP/0/0/CPU0:PE-XR1#show bgp ***v4 unicast
Fri Oct 14 18:22:40.049 UTC
BGP router identifier 11.1.1.1, local AS number 100
BGP generic scan interval 60 secs
BGP table state: Active
Table ID: 0x0 RD version: 0
BGP main routing table version 6
BGP scan interval 60 secs
- i 88.1.1.1/32 33.1.1.1 0 100 0 100 300 I //我们发现了问题,即从其他AS更新得到的路由并非最优的路由,很明显,我们忘记了在多协议BGP的边界,即RR设备针对PE实施修改下一跳的命令。当然这里还有另外一个解决方案:此时下一跳为对端AS的RR设备的环回口,该接口地址已经通过BGP得到了路由,那么就可以有条件的把该路由引入到IGP。我们在此修改下一跳。
Status codes: s suppressed, d damped, h history, valid, > best
i - internal, r RIB-failure, S stale, N Nexthop-discard
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:200 (default for vrf Ender)
>i77.1.1.1/32 33.1.1.1 0 100 0 200 300 I //路由已经最优,那么就可以更新给CE端了
> 88.1.1.1/32 18.1.1.8 0 0 300 i
PE-R6#show bgp ***v4 unicast all
BGP table version is 3, local router ID is 66.1.1.1
Status codes: s suppressed, d damped, h history, valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight PathRoute Distinguisher: 100:200 (default for vrf Ender)
> 77.1.1.1/32 67.1.1.7 0 0 300 i
>i 88.1.1.1/32 55.1.1.1 0 100 0 100 300 i
验证CE端路由是否正常得到
CE-R7#show ip route bgp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
-
- replicated route, % - next hop override
Gateway of last resort is not set
88.0.0.0/32 is subnetted, 1 subnetsB 88.1.1.1 [20/0] via 67.1.1.6, 00:01:46
CE-R8#show ip route bgp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
-
- replicated route, % - next hop override
Gateway of last resort is not set
77.0.0.0/32 is subnetted, 1 subnetsB 77.1.1.1 [20/0] via 18.1.1.1, 00:02:06
读者会发现此时客户站点正常的得到了其他站点的路由。当然现在数据无法实现通信,因为便签此时并不连续
8.3.5 域间MPLS的LSP连续的解决方案
标签分发协议有很多种,常用的自然是LDP协议,LDP协议可以为域内的IGP路由分发标签;另外一种为IPv4单播路由分发标签的工具是BGP协议。在本节中我们使用BGP为IPv4的单播路由分发标签,LDP方式我们将在13.4小节中实施。
我们来观察R6-PE上到达×××v4路由88.1.1.1的下一跳,以及R5-RR上到达×××v4路由88.1.1.1的下一跳
PE-R6#show bgp ***v4 unicast all
BGP table version is 3, local router ID is 66.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight PathRoute Distinguisher: 100:200 (default for vrf Ender)
> 77.1.1.1/32 67.1.1.7 0 0 300 i
>i 88.1.1.1/32 55.1.1.1 0 100 0 100 300 I //下一跳为55.1.1.1,而到达55.1.1.1的路由是通过IGP得到的,则LDP就已经分发了LSP
RR-R5#show bgp ***v4 unicast all
BGP table version is 3, local router ID is 55.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight PathRoute Distinguisher: 100:200
>i 77.1.1.1/32 66.1.1.1 0 100 0 300 i
> 88.1.1.1/32 33.1.1.1 0 100 300 I //RR设备上到达该路由的下一跳为对端AS的RR的更新源地址,读者是想,现在到达该下一跳地址33.1.1.1是通过什么方式得到的路由呢?没错是BGP。而LDP协议是无法为BGP路由分发标签的。同样的道理,R3上看到的77.1.1.1的路由的下一跳是通过BGP得到的55.1.1.1
RR-R3#show bgp ***v4 unicast all
BGP table version is 3, local router ID is 33.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight PathRoute Distinguisher: 100:200
> 77.1.1.1/32 55.1.1.1 0 200 300 I //下一跳为55.1.1.1,而该路由通过下面一条验证得知通过BGP协议得到路由
>i 88.1.1.1/32 11.1.1.1 0 100 0 300 i
RR-R3#show ip route bgp
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
-
- replicated route, % - next hop override
Gateway of last resort is not set
55.0.0.0/32 is subnetted, 1 subnetsB 55.1.1.1 [200/0] via 22.1.1.1, 05:44:24
LDP不能解决LSP连续问题,同时在ASBR之间也需要一种使得LSP连续的方式。在前边的学习中我们知道BGP是一种重要的分发标签的协议,除了可以分发×××v4路由的标签,还可以为IPv4单播路由分发标签。
在ASBR和RR之间通过BGP的方式为从BGP协议得到的RR的更新源的IPv4单播路由分发标签
ASBR-R4(config)#router bgp 200
ASBR-R4(config-router)#address-family ipv4 unicast
ASBR-R4(config-router-af)#neighbor 24.1.1.2 send-label //IPv4地址族下协商为IPv4单播路由分发标签的能力
ASBR-R4(config-router-af)#neighbor 55.1.1.1 send-label //IPv4地址族下协商为IPv4单播路由分发标签的能力
!
R5:
RR-R5(config)#router bgp 200
RR-R5(config-router)#address-family ipv4 unicast
RR-R5(config-router-af)#neighbor 44.1.1.1 send-label
验证IPv4单播标签:
RR-R5#show bgp ipv4 un
RR-R5#show bgp ipv4 unicast la
RR-R5#show bgp ipv4 unicast labels
Network Next Hop In label/Out label
33.1.1.1/32 44.1.1.1 nolabel/19 //R5现在有了出方向的标签19
55.1.1.1/32 0.0.0.0 imp-null/nolabel
在AS100中存在XR设备, IOS XR通过ipv4 labeled-unicast地址族来支持IPv4标签
router static
address-family ipv4 unicast
24.1.1.4/32 GigabitEthernet0/0/0/1 //手工写到达对端ASBR的直连地址的主机路由的静态路由,而且必须为出接口,才能使得ASBR得到到达对端ASBR的Pop标签
!
!
router bgp 100
address-family ipv4 unicast
allocate-label all //在IPv4单播路由下针对所有路由分发开关,默认不分发任何标签
!
neighbor 24.1.1.4
address-family ipv4 labeled-unicast //针对EBGP,在IPv4单播标签地址族下继承原来的IPv4单播路由的策略
route-policy EBGP in
route-policy EBGP out
!
!
neighbor 33.1.1.1
address-family ipv4 labeled-unicast //针对RR激活IPv4单播标签地址族
next-hop-self
R3:
RR-R3(config)#router bgp 100
RR-R3(config-router)#address-family ipv4 unicast
RR-R3(config-router-af)#neighbor 22.1.1.1 send-label //R3在IPv4单播地址族下和ASBR构建IPv4单播标签地址族邻居验证RR设备标签是否分发成功
RR-R3#show bgp ipv4 unicast labels
Network Next Hop In label/Out label
33.1.1.1/32 0.0.0.0 imp-null/nolabel
55.1.1.1/32 22.1.1.1 nolabel/16004 //R3得到了到达×××v4下一跳即55.1.1.1的的出方向标签,R2分发的16004
RP/0/0/CPU0:ASBR-2#show mpls forwarding
Fri Oct 14 19:02:27.845 UTC
Local Outgoing Prefix Outgoing Next Hop Bytes
Label Label or ID Interface Switched
16000 Pop 11.1.1.1/32 Gi0/0/0/2 12.1.1.1 55282
16001 Pop 13.1.1.0/24 Gi0/0/0/2 12.1.1.1 0
16002 Pop 24.1.1.4/32 Gi0/0/0/1 24.1.1.4 1424 //该Pop(一定是Pop)标签是到达24.1.1.4的标签,这就是我们写静态路由的目的
16003 Pop 33.1.1.1/32 Gi0/0/0/0 23.1.1.3 153104
16004 16 55.1.1.1/32 Gi0/0/0/1 24.1.1.4 61789 //ASBR上到达55.1.1.1的标签为24.1.1.4分配的标签16
CE-R7#traceroute 88.1.1.1 source loopback 0 numeric //此时RR设备到达×××v4路由下一跳的LSP连续,那么数据可以正常的在CE站点间发送。
Type escape sequence to abort.
Tracing the route to 88.1.1.1
VRF info: (vrf in name/id, vrf out name/id)
1 67.1.1.6 1 msec 0 msec 0 msec
2 56.1.1.5 [MPLS: Label 20 Exp 0] 25 msec 26 msec 21 msec
3 45.1.1.4 [MPLS: Labels 19/19 Exp 0] 20 msec 22 msec 20 msec
4 24.1.1.2 [MPLS: Labels 16003/19 Exp 0] 23 msec 20 msec 19 msec
5 23.1.1.3 [MPLS: Label 19 Exp 0] 29 msec 22 msec 24 msec
6 13.1.1.1 [MPLS: Label 16003 Exp 0] 23 msec 19 msec 18 msec
7 18.1.1.8 20 msec * 29 msec
8.3.6 优化标签转发路径解决方案
虽然数据可以正常的通信,但请读者仔细观察,其实在我们的拓扑中XR1和XR之间,R4和R6之间存在链路,而且运行了LDP协议,如果此时数据通过这些链路来转发,那么转发效率明显优于现有的转发路径。解决方案是在RR设备上针对MP-EBGP邻居做下一跳不变命令,即保持到达×××v4路由的下一跳为PE设备
RR-R3(config)#router bgp 100
RR-R3(config-router)#address-family ***v4
RR-R3(config-router-af)#neighbor 55.1.1.1 next-hop-unchanged //针对EBGP做下一跳不变命令,即依旧保持下一跳为PE设备的更新源
!
RR-R5(config)#router bgp 200
RR-R5(config-router)#address-family ***v4 unicast
RR-R5(config-router-af)#neighbor 33.1.1.1 next-hop-unchanged验证×××v4路由的下一跳
RR-R5#show bgp ***v4 unicast all
BGP table version is 10, local router ID is 55.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight PathRoute Distinguisher: 100:200
*>i 77.1.1.1/32 66.1.1.1 0 100 0 300 i
-
88.1.1.1/32 11.1.1.1 0 100 300 i
RR-R3#show bgp ***v4 unicast all
BGP table version is 12, local router ID is 33.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not foundNetwork Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:200 -
77.1.1.1/32 66.1.1.1 0 200 300 i
*>i 88.1.1.1/32 11.1.1.1 0 100 0 300 i
读者会发现下一跳不可达,很简单,RR上并未得到该路由。解决方案我想读者也很容易想到,只要在BGP协议中通告该路由即可ASBR-R4(config)#router bgp 200 ASBR-R4(config-router)#address-family ipv4 unicast ASBR-R4(config-router-af)#network 66.1.1.1 mask 255.255.255.255 ! RP/0/0/CPU0:ASBR-2(config)#router bgp 100 RP/0/0/CPU0:ASBR-2(config-bgp)# RP/0/0/CPU0:ASBR-2(config-bgp)#address-family ipv4 unicast RP/0/0/CPU0:ASBR-2(config-bgp-af)#network 11.1.1.1/32 RP/0/0/CPU0:ASBR-2(config-bgp-af)#commi在修改完毕下一跳之后,我们来查看下一跳的改变
RR-R3#show bgp ***v4 unicast all
BGP table version is 13, local router ID is 33.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not foundNetwork Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:200
> 77.1.1.1/32 66.1.1.1 0 200 300 I //下一跳由RR改变为PE的更新源,那么此时我们就要关注到达PE更新源的LSP连续问题,当然它还是连续的,不是嘛!
>i 88.1.1.1/32 11.1.1.1 0 100 0 300 i
RR-R5#show bgp ***v4 unicast all
BGP table version is 11, local router ID is 55.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not foundNetwork Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:200
>i 77.1.1.1/32 66.1.1.1 0 100 0 300 i
> 88.1.1.1/32 11.1.1.1 0 100 300 i
让我们来验证最后的优化完毕的转发路径
CE-R7#traceroute 88.1.1.1 source loopback 0 numeric //该路径不在经过R3,报文到达R2后直接转发到R1
Type escape sequence to abort.
Tracing the route to 88.1.1.1
VRF info: (vrf in name/id, vrf out name/id)
1 67.1.1.6 6 msec 0 msec 1 msec
2 56.1.1.5 [MPLS: Label 20 Exp 0] 25 msec 25 msec 27 msec
3 45.1.1.4 [MPLS: Labels 21/16003 Exp 0] 24 msec 29 msec 25 msec
4 24.1.1.2 [MPLS: Labels 16000/16003 Exp 0] 24 msec 31 msec 26 msec
5 12.1.1.1 [MPLS: Label 16003 Exp 0] 23 msec 25 msec 30 msec
6 18.1.1.8 26 msec * 26 msec
到此Option3实施完毕。
来源:51CTO
作者:EnderJoe
链接:https://blog.51cto.com/enderjoe/2061057