捣鼓了半天EVE-NG,太耗资源了。纯思科还是GNS3方便些。。。这次做的实验室mpls *** option B。争取明天把option C实验敲完再写下来。
inter-as option B, 又名ASBR-ASBR, 相对于inter-as option A是比较靠谱的解决方案,唯一问题是ASBR的负担较重,既要承担数据层面路由转发又要控制跨域的标签分发。
这个方案最关键核心就是ASBR与同一AS的PE建立***v4邻居的时候,需要在mpbgp中使用next-hop-self,以及在ASBR中关闭route-target filter。
以下是topology
底层使用的是EIGRP,intra-as之间使用mpls ip,PE-CE间使用的是ospf。直接贴预配,两台P路由器就不贴了。
R1#sh run | s router
router eigrp 100
network 1.1.1.1 0.0.0.0
network 12.1.1.1 0.0.0.0
router ospf 100 vrf CustomerA
redistribute bgp 100 subnets
network 192.168.1.1 0.0.0.0 area 1
router bgp 100
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 3.3.3.3 remote-as 100
neighbor 3.3.3.3 update-source Loopback0
!
address-family ipv4
neighbor 3.3.3.3 activate
neighbor 3.3.3.3 next-hop-self
exit-address-family
!
address-family ***v4
neighbor 3.3.3.3 activate
neighbor 3.3.3.3 send-community extended
exit-address-family
!
address-family ipv4 vrf CustomerA
redistribute ospf 100 match internal external 1 external 2
exit-address-family
R1#sh run | s ip vrf
ip vrf CustomerA
rd 100:1
route-target export 100:1
route-target import 200:1
R1#
R3#sh run | s router
router eigrp 100
network 3.3.3.3 0.0.0.0
network 23.1.1.3 0.0.0.0
router bgp 100
bgp log-neighbor-changes
no bgp default ipv4-unicast
no bgp default route-target filter
neighbor 1.1.1.1 remote-as 100
neighbor 1.1.1.1 update-source Loopback0
neighbor 34.1.1.4 remote-as 200
!
address-family ipv4
neighbor 1.1.1.1 activate
neighbor 1.1.1.1 next-hop-self
neighbor 34.1.1.4 activate
exit-address-family
!
address-family ***v4
neighbor 1.1.1.1 activate
neighbor 1.1.1.1 send-community extended
neighbor 1.1.1.1 next-hop-self
neighbor 34.1.1.4 activate
neighbor 34.1.1.4 send-community extended
exit-address-family
R4#sh run | s router
router eigrp 100
network 4.4.4.4 0.0.0.0
network 45.1.1.4 0.0.0.0
router bgp 200
bgp log-neighbor-changes
no bgp default ipv4-unicast
no bgp default route-target filter
neighbor 6.6.6.6 remote-as 200
neighbor 6.6.6.6 update-source Loopback0
neighbor 34.1.1.3 remote-as 100
!
address-family ipv4
neighbor 6.6.6.6 activate
neighbor 6.6.6.6 next-hop-self
neighbor 34.1.1.3 activate
exit-address-family
!
address-family ***v4
neighbor 6.6.6.6 activate
neighbor 6.6.6.6 send-community extended
neighbor 6.6.6.6 next-hop-self
neighbor 34.1.1.3 activate
neighbor 34.1.1.3 send-community extended
exit-address-family
R4#
R6#sh run | s router
router eigrp 100
network 6.6.6.6 0.0.0.0
network 56.1.1.6 0.0.0.0
router ospf 100 vrf CustomerA
redistribute bgp 200 subnets
network 192.168.2.1 0.0.0.0 area 1
router bgp 200
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 4.4.4.4 remote-as 200
neighbor 4.4.4.4 update-source Loopback0
!
address-family ipv4
neighbor 4.4.4.4 activate
neighbor 4.4.4.4 next-hop-self
exit-address-family
!
address-family ***v4
neighbor 4.4.4.4 activate
neighbor 4.4.4.4 send-community extended
exit-address-family
!
address-family ipv4 vrf CustomerA
redistribute ospf 100 match internal external 1 external 2
exit-address
R6#sh run | s ip vrf
ip vrf CustomerA
rd 200:1
route-target export 200:1
route-target import 100:1
先分析控制层面。之前一篇日志提到,内层label是通过mp-bgp传递,根据VRF来分配的。这里有一层意思,既:BGP作为一个application protocol,还能分发标签。。。这在后面inter-as option C会用到。
来看R1 (AS100的PE),其会把22.22.22.22/32 路由放入BGP vrf 中并通过重分发进ospf的方式发给CE端。注意此时因为R3在***v4中使用了next-hop-self,使得这条路由的下一跳是R3的loopback地址。
同理,在R6 (AS200的PE)上,此时要看得是RT 100:1的11.11.11.11/32 ,其下一跳是AS200的ASBR loopback接口地址。
注意:此时要关闭bgp default route-target filter。否则ASBR间的***v4邻居关系不会起来。
看完***v4路由,再来看label如何分配
R1#show ip cef vrf CustomerA 22.22.22.22 detail
22.22.22.22/32, epoch 0, flags rib defined all labels
recursive via 3.3.3.3 label 309
nexthop 12.1.1.2 GigabitEthernet1/0 label 203
当CE1 (R7)把包交给PE1 (R1),R1查看vrf cef,内层标签为309(MPBGP发放的,因为MPBGP会默认为这条路由的下一跳分配一个标签)。外层标签是203,由R2(P router)发放。
R2收到之后直接php pop,交给R3
R2#sh mpls forwarding-table labels 203
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
203 Pop Label 3.3.3.3/32 7020 Gi2/0 23.1.1.3
而R3收到的是个只有一层标签308的数据包,
R3#show mpls forwarding-table labels 309
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
309 409 200:1:22.22.22.22/32 \
8968 Gi1/0 34.1.1.4
注:一个比较有趣的地方当路由器使用BGP去分发标签时,ASBR之间的接口会默认产生这条命令 mpls bgp forwarding
R3#sh run int gi 1/0
interface GigabitEthernet1/0
ip address 34.1.1.3 255.255.255.0
negotiation auto
mpls bgp forwarding
R4#sh run int gi 1/0
interface GigabitEthernet1/0
ip address 34.1.1.4 255.255.255.0
negotiation auto
mpls bgp forwarding
以下是两个链接,解释mpls bgp forwarding出现场景。
https://supportforums.cisco.com/t5/mpls/mpls-bgp-forwarding/td-p/2930379
https://learningnetwork.cisco.com/thread/71557
之后就比较按部就班了,一层层标签该swap swap, 该pop pop
R4#show mpls forwarding-table labels 409 detail
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
409 605 200:1:22.22.22.22/32 \
16348 Gi2/0 45.1.1.5
MAC/Encaps=14/22, MRU=1496, Label Stack{503 605}
CA0739940038CA063AF000388847 001F70000025D000
No output feature configured
注意,这里有个比较有趣的细节,需要使用show detail来查看。
R6#show ip bgp ***v4 all labels
Network Next Hop In label/Out label
Route Distinguisher: 100:1
11.11.11.11/32 4.4.4.4 nolabel/406
192.168.1.0 4.4.4.4 nolabel/407
Route Distinguisher: 200:1 (CustomerA)
11.11.11.11/32 4.4.4.4 nolabel/406
22.22.22.22/32 192.168.2.33 605/nolabel
192.168.1.0 4.4.4.4 nolabel/407
192.168.2.0 0.0.0.0 604/nolabel(CustomerA)
ASBR会在外层贴一层503的标签,这个是用来到达PE,LDP分配的 。
R5#sh mpls forwarding-table labels 503 detail
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
503 Pop Label 6.6.6.6/32 20334 Gi1/0 56.1.1.6
R6#show mpls forwarding-table labels 605
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
605 No Label 22.22.22.22/32[V] \
15276 Gi0/0 192.168.2.33
R6#
附上BGP update的抓包文件,抓包很清晰,BGP ***v4根据下一跳分发标签,next-hop为本地loopback接口,extended community里面包含200:1, 路由条目NLRI只是很小的一部分,包含标签605,RD,以及前缀22.22.22.22/32