7 MPLS VPN实验
PE-CE运行OSPF,进程号为1,PE和P之间运行OSPF,进程号为100
7.1 基础配置
R1-CE1(config)#interface fastEthernet 0/0
R1-CE1(config-if)#ip address 10.1.12.1 255.255.255.0
R1-CE1(config-if)#no shutdown
R1-CE1(config)#interface loopback 0
R1-CE1(config-if)#ip address 1.1.1.1 255.255.255.255
R1-CE1(config-if)#no shutdown
R2-PE1(config)#interface fastEthernet 0/0
R2-PE1(config-if)#ip address 10.1.12.2 255.255.255.0
R2-PE1(config-if)#no shutdown
R2-PE1(config)#interface fastEthernet 0/1
R2-PE1(config-if)#ip address 10.1.23.2 255.255.255.0
R2-PE1(config-if)#no shutdown
R2-PE1(config)#interface loopback 0
R2-PE1(config-if)#ip address 2.2.2.2 255.255.255.255
R2-PE1(config-if)#no shutdown
R3-P(config)#interface fastEthernet 0/0
R3-P(config-if)#ip address 10.1.23.3 255.255.255.0
R3-P(config-if)#no shutdown
R3-P(config)#interface fastEthernet 0/1
R3-P(config-if)#ip address 10.1.34.3 255.255.255.0
R3-P(config-if)#no shutdown
R3-P(config)#interface loopback 0
R3-P(config-if)#ip address 3.3.3.3 255.255.255.255
R3-P(config-if)#no shutdown
R4-PE2(config)#interface fastEthernet 0/0
R4-PE2(config-if)#ip address 10.1.34.4 255.255.255.0
R4-PE2(config-if)#no shutdown
R4-PE2(config)#interface fastEthernet 0/1
R4-PE2(config-if)#ip address 10.1.45.4 255.255.255.0
R4-PE2(config-if)#no shutdown
R4-PE2(config)#interface loopback 0
R4-PE2(config-if)#ip address 4.4.4.4 255.255.255.255
R4-PE2(config-if)#no shutdown
R5-CE2(config)#interface fastEthernet 0/0
R5-CE2(config-if)#ip address 10.1.45.5 255.255.255.0
R5-CE2(config-if)#no shutdown
R5-CE2(config)#interface loopback 0
R5-CE2(config-if)#ip address 5.5.5.5 255.255.255.255
R5-CE2(config-if)#no shutdown
7.2 P-PE(OSPF:100+MPLS)
此处OSPF基于全局路由表,作用:
- 打通CORE内路由;
- 建立IBGP邻居关系,需要到彼此LOOPBAKC0的路由;LDP邻居关系建立,需要彼此的LOOPBACK0的路由;
- LDP表路由前缀捆绑分发标签,需要IGP打通路由,LDP能够了解清楚整个CORE内路由前缀,便于分发和捆绑标签;
- BGP做下一跳递归,底层需要IGP做铺垫。
F0/1和LOOPBACK,会转入进全局路由表
R2-PE1(config)#router ospf 100
R2-PE1(config-router)#router-id 2.2.2.2
R2-PE1(config-router)#network 10.1.23.2 0.0.0.0 area 0
R2-PE1(config-router)#network 2.2.2.2 0.0.0.0 area 0
R2-PE1(config)#ip cef
R2-PE1(config)#mpls ldp router-id loopback 0
R2-PE1(config)#mpls label range 200 299
R2-PE1(config)#interface fastEthernet 0/1
R2-PE1(config-if)#mpls ip
R3-P(config)#router ospf 100
R3-P(config-router)#router-id 3.3.3.3
R3-P(config-router)#network 10.1.23.3 0.0.0.0 area 0
R3-P(config-router)#network 10.1.34.3 0.0.0.0 area 9
R3-P(config-router)#network 3.3.3.3 0.0.0.0 area 0
R3-P(config)#ip cef
R3-P(config)#mpls ldp router-id loopback 0
R3-P(config)#mpls label range 300 399
R3-P(config)#interface fastEthernet 0/0
R3-P(config-if)#mpls ip
R3-P(config)#interface fastEthernet 0/1
R3-P(config-if)#mpls ip
R4-PE2(config)#router ospf 100
R4-PE2(config-router)#router-id 4.4.4.4
R4-PE2(config-router)#network 10.1.34.4 0.0.0.0 area 0
R4-PE2(config-router)#network 4.4.4.4 0.0.0.0 area 0
R4-PE2(config)#ip cef
R4-PE2(config)#mpls ldp router-id loopback 0
R4-PE2(config)#mpls label range 400 499
R4-PE2(config)#interface fastEthernet 0/0
R4-PE2(config-if)#mpls ip
R2-PE1#show ip ospf neighbor
Neighbor ID Pri State Dead Time Address Interface
3.3.3.3 1 FULL/BDR 00:00:35 10.1.23.3 FastEthernet0/1
R2R3 OSPF邻居关系起来了
R2-PE1#show mpls ldp neighbor
Peer LDP Ident: 3.3.3.3:0; Local LDP Ident 2.2.2.2:0
TCP connection: 3.3.3.3.24412 - 2.2.2.2.646
State: Oper; Msgs sent/rcvd: 12/11; Downstream
Up time: 00:03:18
LDP discovery sources:
FastEthernet0/1, Src IP addr: 10.1.23.3
Addresses bound to peer LDP Ident:
10.1.23.3 10.1.34.3 3.3.3.3
R2R3 LDP邻居关系起来了
R3-P#show mpls ldp neighbor
Peer LDP Ident: 2.2.2.2:0; Local LDP Ident 3.3.3.3:0
TCP connection: 2.2.2.2.646 - 3.3.3.3.24412
State: Oper; Msgs sent/rcvd: 12/13; Downstream
Up time: 00:03:50
LDP discovery sources:
FastEthernet0/0, Src IP addr: 10.1.23.2
Addresses bound to peer LDP Ident:
10.1.12.2 10.1.23.2 2.2.2.2
Peer LDP Ident: 4.4.4.4:0; Local LDP Ident 3.3.3.3:0
TCP connection: 4.4.4.4.14961 - 3.3.3.3.646
State: Oper; Msgs sent/rcvd: 9/10; Downstream
Up time: 00:01:45
LDP discovery sources:
FastEthernet0/1, Src IP addr: 10.1.34.4
Addresses bound to peer LDP Ident:
10.1.34.4 10.1.45.4 4.4.4.4
R3R2和R3R4的LDP邻居关系也起来了
R2-PE1#show mpls forwarding-table
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
200 Pop tag 10.1.34.0/24 0 Fa0/1 10.1.23.3
201 Pop tag 3.3.3.3/32 0 Fa0/1 10.1.23.3
202 301 4.4.4.4/32 0 Fa0/1 10.1.23.3
关键查看去往4.4.4.4的路由,为后续IBGP下一跳准备
R3-P#show mpls forwarding-table
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
300 Pop tag 2.2.2.2/32 0 Fa0/0 10.1.23.2
301 Pop tag 4.4.4.4/32 0 Fa0/1 10.1.34.4
R4-PE2#show mpls forwarding-table
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
400 300 2.2.2.2/32 0 Fa0/0 10.1.34.3
401 Pop tag 3.3.3.3/32 0 Fa0/0 10.1.34.3
402 Pop tag 10.1.23.0/24 0 Fa0/0 10.1.34.3
关键查看去往2.2.2.2的路由,为后续IBGP下一跳准备
7.3 VRF、PE-CE(OSPF:100)
创建VRF,并将物理接口放入VRF;
并在PE和CE间运行IGP协议,此处OSPF(此处划入的是VRF的路由);
配置VRF的名称及RD和RT值
R2-PE1(config)#ip vrf cisco
R2-PE1(config-vrf)#rd 234:2
R2-PE1(config-vrf)#route-target export 234:2
R2-PE1(config-vrf)#route-target import 234:4
重新配置IP地址是因为加入VRF后,之前配置会给刷掉,这时F0/0属于VRF了
R2-PE1(config)#interface fastEthernet 0/0
R2-PE1(config-if)#ip vrf forwarding cisco
R2-PE1(config-if)#ip address 10.1.12.2 255.255.255.0
R2-PE1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
2.0.0.0/32 is subnetted, 1 subnets
C 2.2.2.2 is directly connected, Loopback0
3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/2] via 10.1.23.3, 00:24:26, FastEthernet0/1
4.0.0.0/32 is subnetted, 1 subnets
O 4.4.4.4 [110/3] via 10.1.23.3, 00:22:26, FastEthernet0/1
10.0.0.0/24 is subnetted, 2 subnets
C 10.1.23.0 is directly connected, FastEthernet0/1
O 10.1.34.0 [110/2] via 10.1.23.3, 00:24:48, FastEthernet0/1
这时查看R2的全局路由表,就没有了F0/0的路由了
R2-PE1#show ip route vrf cisco
Routing Table: cisco
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
10.0.0.0/24 is subnetted, 1 subnets
C 10.1.12.0 is directly connected, FastEthernet0/0
查看VRF,发现有了直连路由
PE-CE运行OSPF
R1-CE1(config)#router ospf 1
R1-CE1(config-router)#router-id 1.1.1.1
R1-CE1(config-router)#network 10.1.12.1 0.0.0.0 area 0
R1-CE1(config-router)#network 1.1.1.1 0.0.0.0 area 0
R2-PE1(config)#router ospf 1 vrf cisco
R2-PE1(config-router)#network 10.1.12.2 0.0.0.0 area 0
R2-PE1#show ip route vrf cisco
Routing Table: cisco
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/2] via 10.1.12.1, 00:00:12, FastEthernet0/0
10.0.0.0/24 is subnetted, 1 subnets
C 10.1.12.0 is directly connected, FastEthernet0/0
查看VRF的路由
创建VRF,并命名为CISCO,配置RD和RT
R4-PE2(config)#ip vrf cisco
R4-PE2(config-vrf)#rd 234:4
R4-PE2(config-vrf)#route-target export 234:4
R4-PE2(config-vrf)#route-target import 234:2
重新配置IP地址是因为加入VRF后,之前配置会给刷掉,这时F0/1属于VRF了
R4-PE2(config)#interface fastEthernet 0/1
R4-PE2(config-if)#ip vrf forwarding cisco
R4-PE2(config-if)#ip address 10.1.45.4 255.255.255.0
R4-PE2(config-if)#no shutdown
PE-CE间运行OSPF
R5-CE2(config)#router ospf 1
R5-CE2(config-router)#network 10.1.45.5 0.0.0.0 area 0
R5-CE2(config-router)#network 5.5.5.5 0.0.0.0 area 0
R4-PE2(config)#router ospf 1 vrf cisco
R4-PE2(config-router)#network 10.1.45.4 0.0.0.0 area 0
R4-PE2#show ip route vrf cisco
Routing Table: cisco
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
5.0.0.0/32 is subnetted, 1 subnets
O 5.5.5.5 [110/2] via 10.1.45.5, 00:00:08, FastEthernet0/1
10.0.0.0/24 is subnetted, 1 subnets
C 10.1.45.0 is directly connected, FastEthernet0/1
查看VRF表,路由有了
7.4 MP-BGP(234)、MP-Ibgp
IBGP基于LOOPBAKC0建立的,需要先保证全局路由可达
需要对BGP进行扩展,做MP-BGP协议。Address-family vpnv4
R2-PE1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
2.0.0.0/32 is subnetted, 1 subnets
C 2.2.2.2 is directly connected, Loopback0
3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/2] via 10.1.23.3, 00:50:37, FastEthernet0/1
4.0.0.0/32 is subnetted, 1 subnets
O 4.4.4.4 [110/3] via 10.1.23.3, 00:48:37, FastEthernet0/1
10.0.0.0/24 is subnetted, 2 subnets
C 10.1.23.0 is directly connected, FastEthernet0/1
O 10.1.34.0 [110/2] via 10.1.23.3, 00:51:00, FastEthernet0/1
R2的全局路由表已经有了R4 LOOPBACK0的路由
R4-PE2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
2.0.0.0/32 is subnetted, 1 subnets
O 2.2.2.2 [110/3] via 10.1.34.3, 00:49:09, FastEthernet0/0
3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/2] via 10.1.34.3, 00:49:09, FastEthernet0/0
4.0.0.0/32 is subnetted, 1 subnets
C 4.4.4.4 is directly connected, Loopback0
10.0.0.0/24 is subnetted, 2 subnets
O 10.1.23.0 [110/2] via 10.1.34.3, 00:49:09, FastEthernet0/0
C 10.1.34.0 is directly connected, FastEthernet0/0
R4的全局路由表已经有了R2LOOPBACK0的路由
R2-PE1(config-router)#address-family ?
ipv4 Address family
ipv6 Address family
nsap Address family
vpnv4 Address family
支持地址簇
先建立基于IPV4的BGP连接,定义邻居,实际上不通过IPV4通告,而是VPNV4。再激活R2R4VPNV4的连接,激活邻居(R2会和R4同时维护IPV4和VPNV4地址簇的连接)
R2-PE1(config)#router bgp 234
R2-PE1(config-router)#bgp router-id 2.2.2.2
R2-PE1(config-router)#no bgp default ipv4-unicast
R2-PE1(config-router)#neighbor 4.4.4.4 remote-as 234
R2-PE1(config-router)#neighbor 4.4.4.4 update-source loopback 0
R2-PE1(config-router)#address-family vpnv4
R2-PE1(config-router-af)#neighbor 4.4.4.4 activate
R2-PE1(config-router-af)#neighbor 4.4.4.4 send-community extended
而实际上R2R4此环境下,没必要维护IPV4BGP连接,不会尝试建IPV4连接
R4-PE2(config)#router bgp 234
R4-PE2(config-router)#bgp router-id 4.4.4.4
R4-PE2(config-router)#no bgp default ipv4-unicast
R4-PE2(config-router)#neighbor 2.2.2.2 remote-as 234
R4-PE2(config-router)#neighbor 2.2.2.2 update-source loopback 0
R4-PE2(config-router)#address-family vpnv4
R4-PE2(config-router-af)#neighbor 2.2.2.2 activate
R4-PE2(config-router-af)#neighbor 2.2.2.2 send-community extended
no bgp default ipv4-unicast:让R2R4之间不建IPV4连接
R4-PE2#show ip bgp summary
R2R4维持的是VPNV4地址簇的连接,所以看不到任何表项
R4-PE2#show ip bgp vpnv4 all summary
BGP router identifier 4.4.4.4, local AS number 234
BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
2.2.2.2 4 234 7 7 1 0 0 00:03:11 0
需要查R4的VPNV4邻居
R2-PE1#show ip bgp vpnv4 all summary
BGP router identifier 2.2.2.2, local AS number 234
BGP table version is 1, main routing table version 1
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
4.4.4.4 4 234 9 9 1 0 0 00:05:59 0
R2也是查看VPNV4邻居
至此R2R4的MP-IBGP邻居关系就建立好了
R2的F0/1抓包分析
R2-PE1#clear ip bgp all 234
拆除连接
查看R2-R4的OPEN消息
可以看到多协议扩展能力
7.5 PE-CE路由重发布
至此,OSPF路径默认不会进入BGP,R2的VRF里面有了客户路由1.1.1.1,但是是OSPF的,MPLS VPN里面传的是BGP的(VPNV4也是通过BGP承载的),需要把OSPF路由放到BGP中,需要把OSPF重发布进BGP,在对端再把BGP重发布进OSPF。
如果PE和CE间运行的本来就是BGP,那此步骤就可以忽略
7.5.1 PE1:OSPF->BGP
将VRF中的RIB表重发布进BGP,才能够粘贴RD值。
R2-PE1(config)#router bgp 234
R2-PE1(config-router)#address-family ipv4 vrf cisco
R2-PE1(config-router-af)#redistribute ospf 1 vrf cisco match internal external
注意,需要进VRF的IPV4地址簇,将客户路由重发布进VRF的地址簇
R2-PE1#show ip bgp vpnv4 all
BGP table version is 5, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 234:2 (default for vrf cisco)
*> 1.1.1.1/32 10.1.12.1 2 32768 ?
*> 10.1.12.0/24 0.0.0.0 0 32768 ?
查看BGP表里面的VPNV4前缀
R2-PE1#show ip bgp vpnv4 all labels
Network Next Hop In label/Out label
Route Distinguisher: 234:2 (cisco)
1.1.1.1/32 10.1.12.1 203/nolabel
10.1.12.0/24 0.0.0.0 204/aggregate(cisco)
查看本地分配的标签,标签伴随BGP更新传给R4
R4-PE2#show ip bgp vpnv4 all
BGP table version is 5, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 234:2
*>i1.1.1.1/32 2.2.2.2 2 100 0 ?
*>i10.1.12.0/24 2.2.2.2 0 100 0 ?
Route Distinguisher: 234:4 (default for vrf cisco)
*>i1.1.1.1/32 2.2.2.2 2 100 0 ?
*>i10.1.12.0/24 2.2.2.2 0 100 0 ?
R4已经收到了R2传过来的路由
R4-PE2#show ip route vrf cisco
Routing Table: cisco
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
B 1.1.1.1 [200/2] via 2.2.2.2, 00:04:38
5.0.0.0/32 is subnetted, 1 subnets
O 5.5.5.5 [110/2] via 10.1.45.5, 00:48:21, FastEthernet0/1
10.0.0.0/24 is subnetted, 2 subnets
B 10.1.12.0 [200/0] via 2.2.2.2, 00:04:38
C 10.1.45.0 is directly connected, FastEthernet0/1
进R4的VRF表,有对端客户路由了,得益于RT IMPORT,否则不匹配也进不来
7.5.2 PE1:BGP->OSPF
R4的路由需要让R5知道
R4-PE2(config)#router ospf 1 vrf cisco
R4-PE2(config-router)#redistribute bgp 234 subnets
将BGP路由重发布进OSPF
R5-CE2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
O IA 1.1.1.1 [110/3] via 10.1.45.4, 00:00:23, FastEthernet0/0
5.0.0.0/32 is subnetted, 1 subnets
C 5.5.5.5 is directly connected, Loopback0
10.0.0.0/24 is subnetted, 2 subnets
O IA 10.1.12.0 [110/2] via 10.1.45.4, 00:00:23, FastEthernet0/0
C 10.1.45.0 is directly connected, FastEthernet0/0
这时R5就学到了1.1.1.1和10.1.12.0路由了
IA是区域间路由?而这是BGP重发布进来的OE,因为核心思想是MPLS VPN骨干让客户端忽略存在,保留路由协议的特征。
7.5.3 PE2:OSPF->BGP
R4-PE2(config)#router bgp 234
R4-PE2(config-router)#address-family ipv4 vrf cisco
R4-PE2(config-router-af)#redistribute ospf 1 vrf cisco match internal external
R4中OSPF重发布进BGP
R2-PE1#show ip bgp vpnv4 all
BGP table version is 9, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 234:2 (default for vrf cisco)
*> 1.1.1.1/32 10.1.12.1 2 32768 ?
*>i5.5.5.5/32 4.4.4.4 2 100 0 ?
*> 10.1.12.0/24 0.0.0.0 0 32768 ?
*>i10.1.45.0/24 4.4.4.4 0 100 0 ?
Route Distinguisher: 234:4
*>i5.5.5.5/32 4.4.4.4 2 100 0 ?
*>i10.1.45.0/24 4.4.4.4 0 100 0 ?
BGP中VPNV4的路由过来了
R2-PE1#show ip route vrf cisco
Routing Table: cisco
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/2] via 10.1.12.1, 03:55:36, FastEthernet0/0
5.0.0.0/32 is subnetted, 1 subnets
B 5.5.5.5 [200/2] via 4.4.4.4, 00:01:02
10.0.0.0/24 is subnetted, 2 subnets
C 10.1.12.0 is directly connected, FastEthernet0/0
B 10.1.45.0 [200/0] via 4.4.4.4, 00:01:02
VRF表中也有了
R1-CE1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
C 1.1.1.1 is directly connected, Loopback0
10.0.0.0/24 is subnetted, 1 subnets
C 10.1.12.0 is directly connected, FastEthernet0/0
但是R1还没有对端路由
7.5.4 PE2:BGP->OSFP
R2-PE1(config)#router ospf 1 vrf cisco
R2-PE1(config-router)#redistribute bgp 234 subnets
将BGP重发布进OSPF
R1-CE1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
C 1.1.1.1 is directly connected, Loopback0
5.0.0.0/32 is subnetted, 1 subnets
O IA 5.5.5.5 [110/3] via 10.1.12.2, 00:00:31, FastEthernet0/0
10.0.0.0/24 is subnetted, 2 subnets
C 10.1.12.0 is directly connected, FastEthernet0/0
O IA 10.1.45.0 [110/2] via 10.1.12.2, 00:00:31, FastEthernet0/0
重发布后,R1就有了对端路由了,也是O IA属性。
7.6 测试
R1-CE1#ping 5.5.5.5 source 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 116/126/140 ms
R1可以PING通R5了
R1-CE1#traceroute 5.5.5.5 source 1.1.1.1
Type escape sequence to abort.
Tracing the route to 5.5.5.5
1 10.1.12.2 16 msec 28 msec 32 msec
2 10.1.23.3 [MPLS: Labels 301/403 Exp 0] 124 msec 136 msec 124 msec
3 10.1.45.4 [MPLS: Label 403 Exp 0] 84 msec 96 msec 76 msec
4 10.1.45.5 124 msec 140 msec 124 msec
TRACE路径,有的IOS不显示MPLS,需要再R1的F0/0接口开启MPLS IP
R2压上两层标签[MPLS: Labels 301/403 Exp 0]传给R3,外网301(R3分的,穿越MPLS用),内层403(R4分的,区分客户用)
R3为R4直连接口的次末条PHP,所以弹出了外层标签,发给R4。
R4弹出便签后,变成IP包,传给R5。
7.7 分析
7.7.1 控制层面
BGP路由更新:
R5-CE2#show ip interface brief
Interface IP-Address OK? Method Status Protocol
FastEthernet0/0 10.1.45.5 YES manual up up
FastEthernet0/1 unassigned YES unset administratively down down
Loopback0 5.5.5.5 YES manual up up
R5的5.5.5.5的路由通过OSPF传递给了R4
R4-PE2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
2.0.0.0/32 is subnetted, 1 subnets
O 2.2.2.2 [110/3] via 10.1.34.3, 05:01:59, FastEthernet0/0
3.0.0.0/32 is subnetted, 1 subnets
O 3.3.3.3 [110/2] via 10.1.34.3, 05:01:59, FastEthernet0/0
4.0.0.0/32 is subnetted, 1 subnets
C 4.4.4.4 is directly connected, Loopback0
10.0.0.0/24 is subnetted, 2 subnets
O 10.1.23.0 [110/2] via 10.1.34.3, 05:01:59, FastEthernet0/0
C 10.1.34.0 is directly connected, FastEthernet0/0
R4将收到的路由放到了VRF表中,所以全局路由表中是没有5.5.5.5的路由的
R3-P#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
2.0.0.0/32 is subnetted, 1 subnets
O 2.2.2.2 [110/2] via 10.1.23.2, 05:04:56, FastEthernet0/0
3.0.0.0/32 is subnetted, 1 subnets
C 3.3.3.3 is directly connected, Loopback0
4.0.0.0/32 is subnetted, 1 subnets
O 4.4.4.4 [110/2] via 10.1.34.4, 05:02:25, FastEthernet0/1
10.0.0.0/24 is subnetted, 2 subnets
C 10.1.23.0 is directly connected, FastEthernet0/0
C 10.1.34.0 is directly connected, FastEthernet0/1
R3的P路由器的路由表只有CORE内路由,不关心用户路由
R4-PE2#show ip route vrf cisco
Routing Table: cisco
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
B 1.1.1.1 [200/2] via 2.2.2.2, 03:33:55
5.0.0.0/32 is subnetted, 1 subnets
O 5.5.5.5 [110/2] via 10.1.45.5, 04:17:38, FastEthernet0/1
10.0.0.0/24 is subnetted, 2 subnets
B 10.1.12.0 [200/0] via 2.2.2.2, 03:33:55
C 10.1.45.0 is directly connected, FastEthernet0/1
R4从R5收到5.5.5.5的路由后,放到了VRF中
R4-PE2#show ip bgp vpnv4 all
BGP table version is 9, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 234:2
*>i1.1.1.1/32 2.2.2.2 2 100 0 ?
*>i10.1.12.0/24 2.2.2.2 0 100 0 ?
Route Distinguisher: 234:4 (default for vrf cisco)
*>i1.1.1.1/32 2.2.2.2 2 100 0 ?
*> 5.5.5.5/32 10.1.45.5 2 32768 ?
*>i10.1.12.0/24 2.2.2.2 0 100 0 ?
*> 10.1.45.0/24 0.0.0.0 0 32768 ?
接着将5OSPF路由5.5.5.5重发布进了BGP,变成了BGP路由,放进MP-BGP进程,便于传递给IBGP邻居
R4-PE2#show ip bgp vpnv4 rd 234:4 5.5.5.5
BGP routing table entry for 234:4:5.5.5.5/32, version 8
Paths: (1 available, best #1, table cisco)
Advertised to update-groups:
1
Local
10.1.45.5 from 0.0.0.0 (4.4.4.4)
Origin incomplete, metric 2, localpref 100, weight 32768, valid, sourced, best
Extended Community: RT:234:4 OSPF DOMAIN ID:0x0005:0x000000010200
OSPF RT:0.0.0.0:2:0 OSPF ROUTER ID:10.1.45.4:0
mpls labels in/out 403/nolabel
查看路由5.5.5.5的具体消息,如有R4给该路由分配的403标签
R2-PE1#show ip bgp vpnv4 all
BGP table version is 9, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 234:2 (default for vrf cisco)
*> 1.1.1.1/32 10.1.12.1 2 32768 ?
*>i5.5.5.5/32 4.4.4.4 2 100 0 ?
*> 10.1.12.0/24 0.0.0.0 0 32768 ?
*>i10.1.45.0/24 4.4.4.4 0 100 0 ?
Route Distinguisher: 234:4
*>i5.5.5.5/32 4.4.4.4 2 100 0 ?
*>i10.1.45.0/24 4.4.4.4 0 100 0 ?
R2通过IBGP将路由传递给了R2,R2收到后,将该路由放进BGP表
R2-PE1#show ip route vrf cisco
Routing Table: cisco
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
O 1.1.1.1 [110/2] via 10.1.12.1, 04:40:11, FastEthernet0/0
5.0.0.0/32 is subnetted, 1 subnets
B 5.5.5.5 [200/2] via 4.4.4.4, 00:45:37
10.0.0.0/24 is subnetted, 2 subnets
C 10.1.12.0 is directly connected, FastEthernet0/0
B 10.1.45.0 [200/0] via 4.4.4.4, 00:45:37
R2再根据RT进行过滤后,进入了VRF表
R1-CE1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
C 1.1.1.1 is directly connected, Loopback0
5.0.0.0/32 is subnetted, 1 subnets
O IA 5.5.5.5 [110/3] via 10.1.12.2, 00:44:56, FastEthernet0/0
10.0.0.0/24 is subnetted, 2 subnets
C 10.1.12.0 is directly connected, FastEthernet0/0
O IA 10.1.45.0 [110/2] via 10.1.12.2, 00:44:56, FastEthernet0/0
接着R2将BGP重发布进OSPF,R1也有了5.5.5.5的路由
R2上前缀标签,5.5.5.5的路由,如内层标签403是之前R4分配的,外层标签则是由LDP分配的,外层标签压的是R2给的
7.7.2 数据层面
R1的IP报到R2后;
R2-PE1#show mpls forwarding-table
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
200 Pop tag 10.1.34.0/24 0 Fa0/1 10.1.23.3
201 Pop tag 3.3.3.3/32 0 Fa0/1 10.1.23.3
202 301 4.4.4.4/32 0 Fa0/1 10.1.23.3
203 Untagged 1.1.1.1/32[V] 1884 Fa0/0 10.1.12.1
204 Aggregate 10.1.12.0/24[V] 520
R2会先压内层标签(R4分配的,通过MP-BGP传递过来,有MP-BGP分配,为VPNV4路由分配),然后压外层标签,由R3分配的标签,传给R3;
R3-P#show mpls forwarding-table
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
300 Pop tag 2.2.2.2/32 28447 Fa0/0 10.1.23.2
301 Pop tag 4.4.4.4/32 36406 Fa0/1 10.1.34.4
R3收到标签包后,查看顶层标签,收到301,出去POP,则弹出顶层标签后,发给R4
R4-PE2#show mpls forwarding-table
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
400 300 2.2.2.2/32 0 Fa0/0 10.1.34.3
401 Pop tag 3.3.3.3/32 0 Fa0/0 10.1.34.3
402 Pop tag 10.1.23.0/24 0 Fa0/0 10.1.34.3
403 Untagged 5.5.5.5/32[V] 1824 Fa0/1 10.1.45.5
404 Aggregate 10.1.45.0/24[V] 0
R4收到后,接着去除内层标签(弹出整个标签栈),发给R5
7.8 扩展:RR
RR路由器没有任何VRF配置,不会过滤路由,直接反射。
有些特定场合,P也配置BGP。
R2-PE1(config)#router bgp 234
R2-PE1(config-router)#no neighbor 4.4.4.4
R2-PE1(config-router)#no bgp default ipv4-unicast
R2-PE1(config-router)#neighbor 3.3.3.3 remote-as 234
R2-PE1(config-router)#neighbor 3.3.3.3 update-source loopback 0
R2-PE1(config-router)#address-family vpnv4
R2-PE1(config-router-af)#neighbor 3.3.3.3 activate
R2-PE1(config-router-af)#neighbor 3.3.3.3 send-community extended
R3-P(config)#router bgp 234
R3-P(config-router)#no bgp default ipv4-unicast
R3-P(config-router)#neighbor 2.2.2.2 remote-as 234
R3-P(config-router)#neighbor 2.2.2.2 update-source loopback 0
R3-P(config-router)#neighbor 4.4.4.4 remote-as 234
R3-P(config-router)#neighbor 4.4.4.4 update-source loopback 0
R3-P(config-router)#address-family vpnv4
R3-P(config-router-af)#neighbor 2.2.2.2 activate
R3-P(config-router-af)#neighbor 2.2.2.2 send-community extended
R3-P(config-router-af)#neighbor 4.4.4.4 activate
R3-P(config-router-af)#neighbor 4.4.4.4 send-community extended
R3-P(config-router-af)#neighbor 2.2.2.2 route-reflector-client
R3-P(config-router-af)#neighbor 4.4.4.4 route-reflector-client
R4-PE2(config)#router bgp 234
R4-PE2(config-router)#no neighbor 2.2.2.2
R4-PE2(config-router)#neighbor 3.3.3.3 remote-as 234
R4-PE2(config-router)#neighbor 3.3.3.3 update-source loopback 0
R4-PE2(config-router)#address-family vpnv4
R4-PE2(config-router-af)#neighbor 3.3.3.3 activate
R4-PE2(config-router-af)#neighbor 3.3.3.3 send-community extended
R3-P#show ip bgp vpnv4 all
BGP table version is 5, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 234:2
*>i1.1.1.1/32 2.2.2.2 2 100 0 ?
*>i10.1.12.0/24 2.2.2.2 0 100 0 ?
Route Distinguisher: 234:4
*>i5.5.5.5/32 4.4.4.4 2 100 0 ?
*>i10.1.45.0/24 4.4.4.4 0 100 0 ?
R3有了客户端路由
R4-PE2#show ip bgp vpnv4 all
BGP table version is 17, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 234:2
*>i1.1.1.1/32 2.2.2.2 2 100 0 ?
*>i10.1.12.0/24 2.2.2.2 0 100 0 ?
Route Distinguisher: 234:4 (default for vrf cisco)
*>i1.1.1.1/32 2.2.2.2 2 100 0 ?
*> 5.5.5.5/32 10.1.45.5 2 32768 ?
*>i10.1.12.0/24 2.2.2.2 0 100 0 ?
*> 10.1.45.0/24 0.0.0.0 0 32768 ?
R4上也有了相应路由
R4-PE2#show ip bgp vpnv4 all 1.1.1.1
BGP routing table entry for 234:2:1.1.1.1/32, version 14
Paths: (1 available, best #1, no table)
Not advertised to any peer
Local
2.2.2.2 (metric 3) from 3.3.3.3 (3.3.3.3)
Origin incomplete, metric 2, localpref 100, valid, internal, best
Extended Community: RT:234:2 OSPF DOMAIN ID:0x0005:0x000000010200
OSPF RT:0.0.0.0:2:0 OSPF ROUTER ID:10.1.12.2:0
Originator: 2.2.2.2, Cluster list: 3.3.3.3
mpls labels in/out nolabel/203
BGP routing table entry for 234:4:1.1.1.1/32, version 16
Paths: (1 available, best #1, table cisco)
Flag: 0x820
Not advertised to any peer
Local, imported path from 234:2:1.1.1.1/32
2.2.2.2 (metric 3) from 3.3.3.3 (3.3.3.3)
Origin incomplete, metric 2, localpref 100, valid, internal, best
Extended Community: RT:234:2 OSPF DOMAIN ID:0x0005:0x000000010200
OSPF RT:0.0.0.0:2:0 OSPF ROUTER ID:10.1.12.2:0
Originator: 2.2.2.2, Cluster list: 3.3.3.3
mpls labels in/out nolabel/203
R4上1.1.1.1的详细路由,起源为2.2.2.2,簇为3.3.3.3反射过来的
R5-CE2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
1.0.0.0/32 is subnetted, 1 subnets
O IA 1.1.1.1 [110/3] via 10.1.45.4, 00:03:00, FastEthernet0/0
5.0.0.0/32 is subnetted, 1 subnets
C 5.5.5.5 is directly connected, Loopback0
10.0.0.0/24 is subnetted, 2 subnets
O IA 10.1.12.0 [110/2] via 10.1.45.4, 00:03:00, FastEthernet0/0
C 10.1.45.0 is directly connected, FastEthernet0/0
路由也到达了R5