七、MPLS VPN-实验

7 MPLS VPN实验

PE-CE运行OSPF,进程号为1,PE和P之间运行OSPF,进程号为100

7.1 基础配置

R1-CE1(config)#interface fastEthernet 0/0
R1-CE1(config-if)#ip address 10.1.12.1 255.255.255.0
R1-CE1(config-if)#no shutdown
R1-CE1(config)#interface loopback 0
R1-CE1(config-if)#ip address 1.1.1.1 255.255.255.255
R1-CE1(config-if)#no shutdown
R2-PE1(config)#interface fastEthernet 0/0
R2-PE1(config-if)#ip address 10.1.12.2 255.255.255.0
R2-PE1(config-if)#no shutdown
R2-PE1(config)#interface fastEthernet 0/1
R2-PE1(config-if)#ip address 10.1.23.2 255.255.255.0
R2-PE1(config-if)#no shutdown
R2-PE1(config)#interface loopback 0
R2-PE1(config-if)#ip address 2.2.2.2 255.255.255.255
R2-PE1(config-if)#no shutdown
R3-P(config)#interface  fastEthernet 0/0
R3-P(config-if)#ip address 10.1.23.3 255.255.255.0
R3-P(config-if)#no shutdown
R3-P(config)#interface fastEthernet 0/1
R3-P(config-if)#ip address 10.1.34.3 255.255.255.0
R3-P(config-if)#no shutdown
R3-P(config)#interface loopback 0
R3-P(config-if)#ip address 3.3.3.3 255.255.255.255
R3-P(config-if)#no shutdown
R4-PE2(config)#interface fastEthernet 0/0
R4-PE2(config-if)#ip address 10.1.34.4 255.255.255.0
R4-PE2(config-if)#no shutdown
R4-PE2(config)#interface fastEthernet 0/1
R4-PE2(config-if)#ip address 10.1.45.4 255.255.255.0
R4-PE2(config-if)#no shutdown
R4-PE2(config)#interface loopback 0
R4-PE2(config-if)#ip address 4.4.4.4 255.255.255.255
R4-PE2(config-if)#no shutdown
R5-CE2(config)#interface fastEthernet 0/0
R5-CE2(config-if)#ip address 10.1.45.5 255.255.255.0
R5-CE2(config-if)#no shutdown
R5-CE2(config)#interface loopback 0
R5-CE2(config-if)#ip address 5.5.5.5 255.255.255.255
R5-CE2(config-if)#no shutdown

7.2 P-PE(OSPF:100+MPLS)

此处OSPF基于全局路由表,作用:

  • 打通CORE内路由;
  • 建立IBGP邻居关系,需要到彼此LOOPBAKC0的路由;LDP邻居关系建立,需要彼此的LOOPBACK0的路由;
  • LDP表路由前缀捆绑分发标签,需要IGP打通路由,LDP能够了解清楚整个CORE内路由前缀,便于分发和捆绑标签;
  • BGP做下一跳递归,底层需要IGP做铺垫。

F0/1和LOOPBACK,会转入进全局路由表

R2-PE1(config)#router ospf 100
R2-PE1(config-router)#router-id 2.2.2.2
R2-PE1(config-router)#network 10.1.23.2 0.0.0.0 area 0
R2-PE1(config-router)#network 2.2.2.2 0.0.0.0 area 0

R2-PE1(config)#ip cef
R2-PE1(config)#mpls ldp router-id loopback 0
R2-PE1(config)#mpls label range 200 299

R2-PE1(config)#interface fastEthernet 0/1
R2-PE1(config-if)#mpls ip
R3-P(config)#router ospf 100
R3-P(config-router)#router-id 3.3.3.3
R3-P(config-router)#network 10.1.23.3 0.0.0.0 area 0
R3-P(config-router)#network 10.1.34.3 0.0.0.0 area 9
R3-P(config-router)#network 3.3.3.3 0.0.0.0 area 0

R3-P(config)#ip cef
R3-P(config)#mpls ldp router-id loopback 0
R3-P(config)#mpls label range 300 399

R3-P(config)#interface fastEthernet 0/0
R3-P(config-if)#mpls ip
R3-P(config)#interface fastEthernet 0/1
R3-P(config-if)#mpls ip
R4-PE2(config)#router ospf 100
R4-PE2(config-router)#router-id 4.4.4.4
R4-PE2(config-router)#network 10.1.34.4 0.0.0.0 area 0
R4-PE2(config-router)#network 4.4.4.4 0.0.0.0 area 0

R4-PE2(config)#ip cef
R4-PE2(config)#mpls ldp router-id loopback 0
R4-PE2(config)#mpls label range 400 499

R4-PE2(config)#interface fastEthernet 0/0
R4-PE2(config-if)#mpls ip
R2-PE1#show ip ospf neighbor

Neighbor ID     Pri   State           Dead Time   Address         Interface
3.3.3.3           1   FULL/BDR        00:00:35    10.1.23.3       FastEthernet0/1
R2R3 OSPF邻居关系起来了

R2-PE1#show mpls ldp neighbor
    Peer LDP Ident: 3.3.3.3:0; Local LDP Ident 2.2.2.2:0
        TCP connection: 3.3.3.3.24412 - 2.2.2.2.646
        State: Oper; Msgs sent/rcvd: 12/11; Downstream
        Up time: 00:03:18
        LDP discovery sources:
          FastEthernet0/1, Src IP addr: 10.1.23.3
        Addresses bound to peer LDP Ident:
          10.1.23.3       10.1.34.3       3.3.3.3

R2R3 LDP邻居关系起来了

R3-P#show mpls ldp neighbor
    Peer LDP Ident: 2.2.2.2:0; Local LDP Ident 3.3.3.3:0
        TCP connection: 2.2.2.2.646 - 3.3.3.3.24412
        State: Oper; Msgs sent/rcvd: 12/13; Downstream
        Up time: 00:03:50
        LDP discovery sources:
          FastEthernet0/0, Src IP addr: 10.1.23.2
        Addresses bound to peer LDP Ident:
          10.1.12.2       10.1.23.2       2.2.2.2
    Peer LDP Ident: 4.4.4.4:0; Local LDP Ident 3.3.3.3:0
        TCP connection: 4.4.4.4.14961 - 3.3.3.3.646
        State: Oper; Msgs sent/rcvd: 9/10; Downstream
        Up time: 00:01:45
        LDP discovery sources:
          FastEthernet0/1, Src IP addr: 10.1.34.4
        Addresses bound to peer LDP Ident:
          10.1.34.4       10.1.45.4       4.4.4.4

R3R2和R3R4的LDP邻居关系也起来了

R2-PE1#show mpls forwarding-table
Local  Outgoing    Prefix            Bytes tag  Outgoing   Next Hop
tag    tag or VC   or Tunnel Id      switched   interface
200    Pop tag     10.1.34.0/24      0          Fa0/1      10.1.23.3
201    Pop tag     3.3.3.3/32        0          Fa0/1      10.1.23.3
202    301         4.4.4.4/32        0          Fa0/1      10.1.23.3

关键查看去往4.4.4.4的路由,为后续IBGP下一跳准备

R3-P#show mpls forwarding-table
Local  Outgoing    Prefix            Bytes tag  Outgoing   Next Hop
tag    tag or VC   or Tunnel Id      switched   interface
300    Pop tag     2.2.2.2/32        0          Fa0/0      10.1.23.2
301    Pop tag     4.4.4.4/32        0          Fa0/1      10.1.34.4
R4-PE2#show mpls forwarding-table
Local  Outgoing    Prefix            Bytes tag  Outgoing   Next Hop
tag    tag or VC   or Tunnel Id      switched   interface
400    300         2.2.2.2/32        0          Fa0/0      10.1.34.3
401    Pop tag     3.3.3.3/32        0          Fa0/0      10.1.34.3
402    Pop tag     10.1.23.0/24      0          Fa0/0      10.1.34.3

关键查看去往2.2.2.2的路由,为后续IBGP下一跳准备

7.3 VRF、PE-CE(OSPF:100)

创建VRF,并将物理接口放入VRF;

并在PE和CE间运行IGP协议,此处OSPF(此处划入的是VRF的路由);

配置VRF的名称及RD和RT值

R2-PE1(config)#ip vrf cisco
R2-PE1(config-vrf)#rd 234:2
R2-PE1(config-vrf)#route-target export 234:2
R2-PE1(config-vrf)#route-target import 234:4

重新配置IP地址是因为加入VRF后,之前配置会给刷掉,这时F0/0属于VRF了

R2-PE1(config)#interface fastEthernet 0/0
R2-PE1(config-if)#ip vrf forwarding cisco
R2-PE1(config-if)#ip address 10.1.12.2 255.255.255.0
R2-PE1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     2.0.0.0/32 is subnetted, 1 subnets
C       2.2.2.2 is directly connected, Loopback0
     3.0.0.0/32 is subnetted, 1 subnets
O       3.3.3.3 [110/2] via 10.1.23.3, 00:24:26, FastEthernet0/1
     4.0.0.0/32 is subnetted, 1 subnets
O       4.4.4.4 [110/3] via 10.1.23.3, 00:22:26, FastEthernet0/1
     10.0.0.0/24 is subnetted, 2 subnets
C       10.1.23.0 is directly connected, FastEthernet0/1
O       10.1.34.0 [110/2] via 10.1.23.3, 00:24:48, FastEthernet0/1

这时查看R2的全局路由表,就没有了F0/0的路由了

R2-PE1#show ip route vrf cisco

Routing Table: cisco
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     10.0.0.0/24 is subnetted, 1 subnets
C       10.1.12.0 is directly connected, FastEthernet0/0

查看VRF,发现有了直连路由

PE-CE运行OSPF

R1-CE1(config)#router ospf 1
R1-CE1(config-router)#router-id 1.1.1.1
R1-CE1(config-router)#network 10.1.12.1 0.0.0.0 area 0
R1-CE1(config-router)#network 1.1.1.1 0.0.0.0 area 0

R2-PE1(config)#router ospf 1 vrf cisco
R2-PE1(config-router)#network 10.1.12.2 0.0.0.0 area 0
R2-PE1#show ip route vrf cisco

Routing Table: cisco
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     1.0.0.0/32 is subnetted, 1 subnets
O       1.1.1.1 [110/2] via 10.1.12.1, 00:00:12, FastEthernet0/0
     10.0.0.0/24 is subnetted, 1 subnets
C       10.1.12.0 is directly connected, FastEthernet0/0

查看VRF的路由

创建VRF,并命名为CISCO,配置RD和RT

R4-PE2(config)#ip vrf cisco
R4-PE2(config-vrf)#rd 234:4
R4-PE2(config-vrf)#route-target export 234:4
R4-PE2(config-vrf)#route-target import 234:2

重新配置IP地址是因为加入VRF后,之前配置会给刷掉,这时F0/1属于VRF了

R4-PE2(config)#interface fastEthernet 0/1
R4-PE2(config-if)#ip vrf forwarding cisco
R4-PE2(config-if)#ip address 10.1.45.4 255.255.255.0
R4-PE2(config-if)#no shutdown

PE-CE间运行OSPF

R5-CE2(config)#router ospf 1
R5-CE2(config-router)#network 10.1.45.5 0.0.0.0 area 0
R5-CE2(config-router)#network 5.5.5.5 0.0.0.0 area 0
R4-PE2(config)#router ospf 1 vrf cisco
R4-PE2(config-router)#network 10.1.45.4 0.0.0.0 area 0
R4-PE2#show ip route vrf cisco

Routing Table: cisco
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     5.0.0.0/32 is subnetted, 1 subnets
O       5.5.5.5 [110/2] via 10.1.45.5, 00:00:08, FastEthernet0/1
     10.0.0.0/24 is subnetted, 1 subnets
C       10.1.45.0 is directly connected, FastEthernet0/1

查看VRF表,路由有了

7.4 MP-BGP(234)、MP-Ibgp

IBGP基于LOOPBAKC0建立的,需要先保证全局路由可达

需要对BGP进行扩展,做MP-BGP协议。Address-family vpnv4

R2-PE1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     2.0.0.0/32 is subnetted, 1 subnets
C       2.2.2.2 is directly connected, Loopback0
     3.0.0.0/32 is subnetted, 1 subnets
O       3.3.3.3 [110/2] via 10.1.23.3, 00:50:37, FastEthernet0/1
     4.0.0.0/32 is subnetted, 1 subnets
O       4.4.4.4 [110/3] via 10.1.23.3, 00:48:37, FastEthernet0/1
     10.0.0.0/24 is subnetted, 2 subnets
C       10.1.23.0 is directly connected, FastEthernet0/1
O       10.1.34.0 [110/2] via 10.1.23.3, 00:51:00, FastEthernet0/1

R2的全局路由表已经有了R4 LOOPBACK0的路由

R4-PE2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     2.0.0.0/32 is subnetted, 1 subnets
O       2.2.2.2 [110/3] via 10.1.34.3, 00:49:09, FastEthernet0/0
     3.0.0.0/32 is subnetted, 1 subnets
O       3.3.3.3 [110/2] via 10.1.34.3, 00:49:09, FastEthernet0/0
     4.0.0.0/32 is subnetted, 1 subnets
C       4.4.4.4 is directly connected, Loopback0
     10.0.0.0/24 is subnetted, 2 subnets
O       10.1.23.0 [110/2] via 10.1.34.3, 00:49:09, FastEthernet0/0
C       10.1.34.0 is directly connected, FastEthernet0/0

R4的全局路由表已经有了R2LOOPBACK0的路由

R2-PE1(config-router)#address-family ?
  ipv4   Address family
  ipv6   Address family
  nsap   Address family
  vpnv4  Address family

支持地址簇

先建立基于IPV4的BGP连接,定义邻居,实际上不通过IPV4通告,而是VPNV4。再激活R2R4VPNV4的连接,激活邻居(R2会和R4同时维护IPV4和VPNV4地址簇的连接)

R2-PE1(config)#router bgp 234
R2-PE1(config-router)#bgp router-id 2.2.2.2 
R2-PE1(config-router)#no bgp default ipv4-unicast
R2-PE1(config-router)#neighbor 4.4.4.4 remote-as 234
R2-PE1(config-router)#neighbor 4.4.4.4 update-source loopback 0
R2-PE1(config-router)#address-family vpnv4
R2-PE1(config-router-af)#neighbor 4.4.4.4 activate
R2-PE1(config-router-af)#neighbor 4.4.4.4 send-community extended

而实际上R2R4此环境下,没必要维护IPV4BGP连接,不会尝试建IPV4连接

R4-PE2(config)#router bgp 234
R4-PE2(config-router)#bgp router-id 4.4.4.4
R4-PE2(config-router)#no bgp default ipv4-unicast
R4-PE2(config-router)#neighbor 2.2.2.2 remote-as 234
R4-PE2(config-router)#neighbor 2.2.2.2 update-source loopback 0
R4-PE2(config-router)#address-family vpnv4
R4-PE2(config-router-af)#neighbor 2.2.2.2 activate
R4-PE2(config-router-af)#neighbor 2.2.2.2 send-community extended

no bgp default ipv4-unicast:让R2R4之间不建IPV4连接

R4-PE2#show ip bgp summary

R2R4维持的是VPNV4地址簇的连接,所以看不到任何表项

R4-PE2#show ip bgp vpnv4 all summary
BGP router identifier 4.4.4.4, local AS number 234
BGP table version is 1, main routing table version 1

Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
2.2.2.2         4   234       7       7        1    0    0 00:03:11        0

需要查R4的VPNV4邻居

R2-PE1#show ip bgp vpnv4 all summary
BGP router identifier 2.2.2.2, local AS number 234
BGP table version is 1, main routing table version 1

Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
4.4.4.4         4   234       9       9        1    0    0 00:05:59        0

R2也是查看VPNV4邻居

至此R2R4的MP-IBGP邻居关系就建立好了

R2的F0/1抓包分析

R2-PE1#clear ip bgp all 234

拆除连接

查看R2-R4的OPEN消息

可以看到多协议扩展能力

7.5 PE-CE路由重发布

至此,OSPF路径默认不会进入BGP,R2的VRF里面有了客户路由1.1.1.1,但是是OSPF的,MPLS VPN里面传的是BGP的(VPNV4也是通过BGP承载的),需要把OSPF路由放到BGP中,需要把OSPF重发布进BGP,在对端再把BGP重发布进OSPF。

如果PE和CE间运行的本来就是BGP,那此步骤就可以忽略

7.5.1 PE1:OSPF->BGP

将VRF中的RIB表重发布进BGP,才能够粘贴RD值。

R2-PE1(config)#router bgp 234
R2-PE1(config-router)#address-family ipv4 vrf cisco
R2-PE1(config-router-af)#redistribute ospf 1 vrf cisco match internal external

注意,需要进VRF的IPV4地址簇,将客户路由重发布进VRF的地址簇

R2-PE1#show ip bgp vpnv4 all
BGP table version is 5, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 234:2 (default for vrf cisco)
*> 1.1.1.1/32       10.1.12.1                2         32768 ?
*> 10.1.12.0/24     0.0.0.0                  0         32768 ?

查看BGP表里面的VPNV4前缀

R2-PE1#show ip bgp vpnv4 all labels
   Network          Next Hop      In label/Out label
Route Distinguisher: 234:2 (cisco)
   1.1.1.1/32       10.1.12.1       203/nolabel
   10.1.12.0/24     0.0.0.0         204/aggregate(cisco)

查看本地分配的标签,标签伴随BGP更新传给R4

R4-PE2#show ip bgp vpnv4 all
BGP table version is 5, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 234:2
*>i1.1.1.1/32       2.2.2.2                  2    100      0 ?
*>i10.1.12.0/24     2.2.2.2                  0    100      0 ?
Route Distinguisher: 234:4 (default for vrf cisco)
*>i1.1.1.1/32       2.2.2.2                  2    100      0 ?
*>i10.1.12.0/24     2.2.2.2                  0    100      0 ?

R4已经收到了R2传过来的路由

R4-PE2#show ip route vrf cisco

Routing Table: cisco
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     1.0.0.0/32 is subnetted, 1 subnets
B       1.1.1.1 [200/2] via 2.2.2.2, 00:04:38
     5.0.0.0/32 is subnetted, 1 subnets
O       5.5.5.5 [110/2] via 10.1.45.5, 00:48:21, FastEthernet0/1
     10.0.0.0/24 is subnetted, 2 subnets
B       10.1.12.0 [200/0] via 2.2.2.2, 00:04:38
C       10.1.45.0 is directly connected, FastEthernet0/1

进R4的VRF表,有对端客户路由了,得益于RT IMPORT,否则不匹配也进不来

7.5.2 PE1:BGP->OSPF

R4的路由需要让R5知道

R4-PE2(config)#router ospf 1 vrf cisco
R4-PE2(config-router)#redistribute bgp 234 subnets

将BGP路由重发布进OSPF

R5-CE2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     1.0.0.0/32 is subnetted, 1 subnets
O IA    1.1.1.1 [110/3] via 10.1.45.4, 00:00:23, FastEthernet0/0
     5.0.0.0/32 is subnetted, 1 subnets
C       5.5.5.5 is directly connected, Loopback0
     10.0.0.0/24 is subnetted, 2 subnets
O IA    10.1.12.0 [110/2] via 10.1.45.4, 00:00:23, FastEthernet0/0
C       10.1.45.0 is directly connected, FastEthernet0/0

这时R5就学到了1.1.1.1和10.1.12.0路由了

IA是区域间路由?而这是BGP重发布进来的OE,因为核心思想是MPLS VPN骨干让客户端忽略存在,保留路由协议的特征。

7.5.3 PE2:OSPF->BGP

R4-PE2(config)#router bgp 234
R4-PE2(config-router)#address-family ipv4 vrf cisco
R4-PE2(config-router-af)#redistribute ospf 1 vrf cisco match internal external

R4中OSPF重发布进BGP

R2-PE1#show ip bgp vpnv4 all
BGP table version is 9, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 234:2 (default for vrf cisco)
*> 1.1.1.1/32       10.1.12.1                2         32768 ?
*>i5.5.5.5/32       4.4.4.4                  2    100      0 ?
*> 10.1.12.0/24     0.0.0.0                  0         32768 ?
*>i10.1.45.0/24     4.4.4.4                  0    100      0 ?
Route Distinguisher: 234:4
*>i5.5.5.5/32       4.4.4.4                  2    100      0 ?
*>i10.1.45.0/24     4.4.4.4                  0    100      0 ?

BGP中VPNV4的路由过来了

R2-PE1#show ip route vrf cisco

Routing Table: cisco
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     1.0.0.0/32 is subnetted, 1 subnets
O       1.1.1.1 [110/2] via 10.1.12.1, 03:55:36, FastEthernet0/0
     5.0.0.0/32 is subnetted, 1 subnets
B       5.5.5.5 [200/2] via 4.4.4.4, 00:01:02
     10.0.0.0/24 is subnetted, 2 subnets
C       10.1.12.0 is directly connected, FastEthernet0/0
B       10.1.45.0 [200/0] via 4.4.4.4, 00:01:02

VRF表中也有了

R1-CE1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     1.0.0.0/32 is subnetted, 1 subnets
C       1.1.1.1 is directly connected, Loopback0
     10.0.0.0/24 is subnetted, 1 subnets
C       10.1.12.0 is directly connected, FastEthernet0/0

但是R1还没有对端路由

7.5.4 PE2:BGP->OSFP

R2-PE1(config)#router ospf 1 vrf cisco
R2-PE1(config-router)#redistribute bgp 234 subnets

将BGP重发布进OSPF

R1-CE1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     1.0.0.0/32 is subnetted, 1 subnets
C       1.1.1.1 is directly connected, Loopback0
     5.0.0.0/32 is subnetted, 1 subnets
O IA    5.5.5.5 [110/3] via 10.1.12.2, 00:00:31, FastEthernet0/0
     10.0.0.0/24 is subnetted, 2 subnets
C       10.1.12.0 is directly connected, FastEthernet0/0
O IA    10.1.45.0 [110/2] via 10.1.12.2, 00:00:31, FastEthernet0/0

重发布后,R1就有了对端路由了,也是O IA属性。

7.6 测试

R1-CE1#ping 5.5.5.5 source 1.1.1.1

Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 5.5.5.5, timeout is 2 seconds:
Packet sent with a source address of 1.1.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 116/126/140 ms

R1可以PING通R5了

R1-CE1#traceroute 5.5.5.5 source 1.1.1.1

Type escape sequence to abort.
Tracing the route to 5.5.5.5

  1 10.1.12.2 16 msec 28 msec 32 msec
  2 10.1.23.3 [MPLS: Labels 301/403 Exp 0] 124 msec 136 msec 124 msec
  3 10.1.45.4 [MPLS: Label 403 Exp 0] 84 msec 96 msec 76 msec
  4 10.1.45.5 124 msec 140 msec 124 msec

TRACE路径,有的IOS不显示MPLS,需要再R1的F0/0接口开启MPLS IP

R2压上两层标签[MPLS: Labels 301/403 Exp 0]传给R3,外网301(R3分的,穿越MPLS用),内层403(R4分的,区分客户用)

R3为R4直连接口的次末条PHP,所以弹出了外层标签,发给R4。

R4弹出便签后,变成IP包,传给R5。

7.7 分析

7.7.1 控制层面

BGP路由更新:

R5-CE2#show ip interface brief
Interface                  IP-Address      OK? Method Status                Protocol
FastEthernet0/0            10.1.45.5       YES manual up                    up
FastEthernet0/1            unassigned      YES unset  administratively down down
Loopback0                  5.5.5.5         YES manual up                    up

R5的5.5.5.5的路由通过OSPF传递给了R4

R4-PE2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     2.0.0.0/32 is subnetted, 1 subnets
O       2.2.2.2 [110/3] via 10.1.34.3, 05:01:59, FastEthernet0/0
     3.0.0.0/32 is subnetted, 1 subnets
O       3.3.3.3 [110/2] via 10.1.34.3, 05:01:59, FastEthernet0/0
     4.0.0.0/32 is subnetted, 1 subnets
C       4.4.4.4 is directly connected, Loopback0
     10.0.0.0/24 is subnetted, 2 subnets
O       10.1.23.0 [110/2] via 10.1.34.3, 05:01:59, FastEthernet0/0
C       10.1.34.0 is directly connected, FastEthernet0/0

R4将收到的路由放到了VRF表中,所以全局路由表中是没有5.5.5.5的路由的

R3-P#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     2.0.0.0/32 is subnetted, 1 subnets
O       2.2.2.2 [110/2] via 10.1.23.2, 05:04:56, FastEthernet0/0
     3.0.0.0/32 is subnetted, 1 subnets
C       3.3.3.3 is directly connected, Loopback0
     4.0.0.0/32 is subnetted, 1 subnets
O       4.4.4.4 [110/2] via 10.1.34.4, 05:02:25, FastEthernet0/1
     10.0.0.0/24 is subnetted, 2 subnets
C       10.1.23.0 is directly connected, FastEthernet0/0
C       10.1.34.0 is directly connected, FastEthernet0/1

R3的P路由器的路由表只有CORE内路由,不关心用户路由

R4-PE2#show ip route vrf cisco

Routing Table: cisco
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     1.0.0.0/32 is subnetted, 1 subnets
B       1.1.1.1 [200/2] via 2.2.2.2, 03:33:55
     5.0.0.0/32 is subnetted, 1 subnets
O       5.5.5.5 [110/2] via 10.1.45.5, 04:17:38, FastEthernet0/1
     10.0.0.0/24 is subnetted, 2 subnets
B       10.1.12.0 [200/0] via 2.2.2.2, 03:33:55
C       10.1.45.0 is directly connected, FastEthernet0/1

R4从R5收到5.5.5.5的路由后,放到了VRF中

R4-PE2#show ip bgp vpnv4 all
BGP table version is 9, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 234:2
*>i1.1.1.1/32       2.2.2.2                  2    100      0 ?
*>i10.1.12.0/24     2.2.2.2                  0    100      0 ?
Route Distinguisher: 234:4 (default for vrf cisco)
*>i1.1.1.1/32       2.2.2.2                  2    100      0 ?
*> 5.5.5.5/32       10.1.45.5                2         32768 ?
*>i10.1.12.0/24     2.2.2.2                  0    100      0 ?
*> 10.1.45.0/24     0.0.0.0                  0         32768 ?

接着将5OSPF路由5.5.5.5重发布进了BGP,变成了BGP路由,放进MP-BGP进程,便于传递给IBGP邻居

R4-PE2#show ip bgp vpnv4 rd 234:4 5.5.5.5
BGP routing table entry for 234:4:5.5.5.5/32, version 8
Paths: (1 available, best #1, table cisco)
  Advertised to update-groups:
        1
  Local
    10.1.45.5 from 0.0.0.0 (4.4.4.4)
      Origin incomplete, metric 2, localpref 100, weight 32768, valid, sourced, best
      Extended Community: RT:234:4 OSPF DOMAIN ID:0x0005:0x000000010200
        OSPF RT:0.0.0.0:2:0 OSPF ROUTER ID:10.1.45.4:0
      mpls labels in/out 403/nolabel

查看路由5.5.5.5的具体消息,如有R4给该路由分配的403标签

R2-PE1#show ip bgp vpnv4 all
BGP table version is 9, local router ID is 2.2.2.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 234:2 (default for vrf cisco)
*> 1.1.1.1/32       10.1.12.1                2         32768 ?
*>i5.5.5.5/32       4.4.4.4                  2    100      0 ?
*> 10.1.12.0/24     0.0.0.0                  0         32768 ?
*>i10.1.45.0/24     4.4.4.4                  0    100      0 ?
Route Distinguisher: 234:4
*>i5.5.5.5/32       4.4.4.4                  2    100      0 ?
*>i10.1.45.0/24     4.4.4.4                  0    100      0 ?

R2通过IBGP将路由传递给了R2,R2收到后,将该路由放进BGP表

R2-PE1#show ip route vrf cisco

Routing Table: cisco
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     1.0.0.0/32 is subnetted, 1 subnets
O       1.1.1.1 [110/2] via 10.1.12.1, 04:40:11, FastEthernet0/0
     5.0.0.0/32 is subnetted, 1 subnets
B       5.5.5.5 [200/2] via 4.4.4.4, 00:45:37
     10.0.0.0/24 is subnetted, 2 subnets
C       10.1.12.0 is directly connected, FastEthernet0/0
B       10.1.45.0 [200/0] via 4.4.4.4, 00:45:37

R2再根据RT进行过滤后,进入了VRF表

R1-CE1#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     1.0.0.0/32 is subnetted, 1 subnets
C       1.1.1.1 is directly connected, Loopback0
     5.0.0.0/32 is subnetted, 1 subnets
O IA    5.5.5.5 [110/3] via 10.1.12.2, 00:44:56, FastEthernet0/0
     10.0.0.0/24 is subnetted, 2 subnets
C       10.1.12.0 is directly connected, FastEthernet0/0
O IA    10.1.45.0 [110/2] via 10.1.12.2, 00:44:56, FastEthernet0/0

接着R2将BGP重发布进OSPF,R1也有了5.5.5.5的路由

R2上前缀标签,5.5.5.5的路由,如内层标签403是之前R4分配的,外层标签则是由LDP分配的,外层标签压的是R2给的

7.7.2 数据层面

R1的IP报到R2后;

R2-PE1#show mpls forwarding-table
Local  Outgoing    Prefix            Bytes tag  Outgoing   Next Hop
tag    tag or VC   or Tunnel Id      switched   interface
200    Pop tag     10.1.34.0/24      0          Fa0/1      10.1.23.3
201    Pop tag     3.3.3.3/32        0          Fa0/1      10.1.23.3
202    301         4.4.4.4/32        0          Fa0/1      10.1.23.3
203    Untagged    1.1.1.1/32[V]     1884       Fa0/0      10.1.12.1
204    Aggregate   10.1.12.0/24[V]   520

R2会先压内层标签(R4分配的,通过MP-BGP传递过来,有MP-BGP分配,为VPNV4路由分配),然后压外层标签,由R3分配的标签,传给R3;

R3-P#show mpls forwarding-table
Local  Outgoing    Prefix            Bytes tag  Outgoing   Next Hop
tag    tag or VC   or Tunnel Id      switched   interface
300    Pop tag     2.2.2.2/32        28447      Fa0/0      10.1.23.2
301    Pop tag     4.4.4.4/32        36406      Fa0/1      10.1.34.4

R3收到标签包后,查看顶层标签,收到301,出去POP,则弹出顶层标签后,发给R4

R4-PE2#show mpls forwarding-table
Local  Outgoing    Prefix            Bytes tag  Outgoing   Next Hop
tag    tag or VC   or Tunnel Id      switched   interface
400    300         2.2.2.2/32        0          Fa0/0      10.1.34.3
401    Pop tag     3.3.3.3/32        0          Fa0/0      10.1.34.3
402    Pop tag     10.1.23.0/24      0          Fa0/0      10.1.34.3
403    Untagged    5.5.5.5/32[V]     1824       Fa0/1      10.1.45.5
404    Aggregate   10.1.45.0/24[V]   0

R4收到后,接着去除内层标签(弹出整个标签栈),发给R5

7.8 扩展:RR

RR路由器没有任何VRF配置,不会过滤路由,直接反射。

有些特定场合,P也配置BGP。

R2-PE1(config)#router bgp 234
R2-PE1(config-router)#no neighbor 4.4.4.4 
R2-PE1(config-router)#no bgp default ipv4-unicast
R2-PE1(config-router)#neighbor 3.3.3.3 remote-as 234
R2-PE1(config-router)#neighbor 3.3.3.3 update-source loopback 0
R2-PE1(config-router)#address-family vpnv4
R2-PE1(config-router-af)#neighbor 3.3.3.3 activate 
R2-PE1(config-router-af)#neighbor 3.3.3.3 send-community extended
R3-P(config)#router bgp 234
R3-P(config-router)#no bgp default ipv4-unicast
R3-P(config-router)#neighbor 2.2.2.2 remote-as 234
R3-P(config-router)#neighbor 2.2.2.2 update-source loopback 0
R3-P(config-router)#neighbor 4.4.4.4 remote-as 234
R3-P(config-router)#neighbor 4.4.4.4 update-source loopback 0
R3-P(config-router)#address-family vpnv4
R3-P(config-router-af)#neighbor 2.2.2.2 activate
R3-P(config-router-af)#neighbor 2.2.2.2 send-community extended
R3-P(config-router-af)#neighbor 4.4.4.4 activate
R3-P(config-router-af)#neighbor 4.4.4.4 send-community extended
R3-P(config-router-af)#neighbor 2.2.2.2 route-reflector-client
R3-P(config-router-af)#neighbor 4.4.4.4 route-reflector-client
R4-PE2(config)#router bgp 234
R4-PE2(config-router)#no neighbor 2.2.2.2
R4-PE2(config-router)#neighbor 3.3.3.3 remote-as 234
R4-PE2(config-router)#neighbor 3.3.3.3 update-source loopback 0
R4-PE2(config-router)#address-family vpnv4
R4-PE2(config-router-af)#neighbor 3.3.3.3 activate
R4-PE2(config-router-af)#neighbor 3.3.3.3 send-community extended
R3-P#show ip bgp vpnv4 all
BGP table version is 5, local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 234:2
*>i1.1.1.1/32       2.2.2.2                  2    100      0 ?
*>i10.1.12.0/24     2.2.2.2                  0    100      0 ?
Route Distinguisher: 234:4
*>i5.5.5.5/32       4.4.4.4                  2    100      0 ?
*>i10.1.45.0/24     4.4.4.4                  0    100      0 ?

R3有了客户端路由

R4-PE2#show ip bgp vpnv4 all
BGP table version is 17, local router ID is 4.4.4.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
              r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 234:2
*>i1.1.1.1/32       2.2.2.2                  2    100      0 ?
*>i10.1.12.0/24     2.2.2.2                  0    100      0 ?
Route Distinguisher: 234:4 (default for vrf cisco)
*>i1.1.1.1/32       2.2.2.2                  2    100      0 ?
*> 5.5.5.5/32       10.1.45.5                2         32768 ?
*>i10.1.12.0/24     2.2.2.2                  0    100      0 ?
*> 10.1.45.0/24     0.0.0.0                  0         32768 ?

R4上也有了相应路由

R4-PE2#show ip bgp vpnv4 all 1.1.1.1
BGP routing table entry for 234:2:1.1.1.1/32, version 14
Paths: (1 available, best #1, no table)
  Not advertised to any peer
  Local
    2.2.2.2 (metric 3) from 3.3.3.3 (3.3.3.3)
      Origin incomplete, metric 2, localpref 100, valid, internal, best
      Extended Community: RT:234:2 OSPF DOMAIN ID:0x0005:0x000000010200
        OSPF RT:0.0.0.0:2:0 OSPF ROUTER ID:10.1.12.2:0
      Originator: 2.2.2.2, Cluster list: 3.3.3.3
      mpls labels in/out nolabel/203
BGP routing table entry for 234:4:1.1.1.1/32, version 16
Paths: (1 available, best #1, table cisco)
Flag: 0x820
  Not advertised to any peer
  Local, imported path from 234:2:1.1.1.1/32
    2.2.2.2 (metric 3) from 3.3.3.3 (3.3.3.3)
      Origin incomplete, metric 2, localpref 100, valid, internal, best
      Extended Community: RT:234:2 OSPF DOMAIN ID:0x0005:0x000000010200
        OSPF RT:0.0.0.0:2:0 OSPF ROUTER ID:10.1.12.2:0
      Originator: 2.2.2.2, Cluster list: 3.3.3.3
      mpls labels in/out nolabel/203

R4上1.1.1.1的详细路由,起源为2.2.2.2,簇为3.3.3.3反射过来的

R5-CE2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
       D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
       ia - IS-IS inter area, * - candidate default, U - per-user static route
       o - ODR, P - periodic downloaded static route

Gateway of last resort is not set

     1.0.0.0/32 is subnetted, 1 subnets
O IA    1.1.1.1 [110/3] via 10.1.45.4, 00:03:00, FastEthernet0/0
     5.0.0.0/32 is subnetted, 1 subnets
C       5.5.5.5 is directly connected, Loopback0
     10.0.0.0/24 is subnetted, 2 subnets
O IA    10.1.12.0 [110/2] via 10.1.45.4, 00:03:00, FastEthernet0/0
C       10.1.45.0 is directly connected, FastEthernet0/0

路由也到达了R5

发表回复