不得不说option C的配置非常复杂,光理解一些重分发就花了好多时间。
配置要点:
1 . RR与RR之间配置MP-BGP邻居关系,就带来了需要两者之间下层传输需要可达。
- 当一条***v4路由被RR传到另一个RR时,需要通过ASBR根据这个next-hop值分发一个标签。
- BGP可以用来分发标签,通过命令neighbor X.X.X.X send-label来实现。同时也要做非常精细的过滤,将己方的PE的loopback过滤出来发送给对方RR
- 当一条打了标签的***v4路由通过ASBR进入己方AS时,需要通过match mpls-label匹配,并将此条bgp路由重分发进IGP中。这条命令是为了保证,不同运营商PE之间建立IP可达性。
- 一般来说,RR与ASBR只建立ipv4邻居关系。
以下是topology
R1/R6 PE
R2/R5 RR
R3/R4 ASBR
配置部分
R1 (PE1)
ip vrf CustomerA
rd 100:1
route-target export 100:1
route-target import 200:1
!
router eigrp 100
network 1.1.1.1 0.0.0.0
network 12.1.1.1 0.0.0.0
network 13.1.1.1 0.0.0.0
!
router ospf 100 vrf CustomerA
redistribute bgp 100 subnets
network 192.168.1.1 0.0.0.0 area 0
!
router bgp 100
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 2.2.2.2 remote-as 100
neighbor 2.2.2.2 update-source Loopback0
!
address-family ipv4
neighbor 2.2.2.2 activate
neighbor 2.2.2.2 next-hop-self
exit-address-family
!
address-family ***v4
neighbor 2.2.2.2 activate
neighbor 2.2.2.2 send-community extended
exit-address-family
!
address-family ipv4 vrf CustomerA
redistribute ospf 100 match internal external 1 external 2
exit-address-family
!
R2(RR1)
router eigrp 100
network 0.0.0.0
!
router bgp 100
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 1.1.1.1 remote-as 100
neighbor 1.1.1.1 update-source Loopback0
neighbor 3.3.3.3 remote-as 100
neighbor 3.3.3.3 update-source Loopback0
neighbor 5.5.5.5 remote-as 200
neighbor 5.5.5.5 ebgp-multihop 255
neighbor 5.5.5.5 update-source Loopback0
!
address-family ipv4
network 1.1.1.1 mask 255.255.255.255
network 2.2.2.2 mask 255.255.255.255
neighbor 1.1.1.1 activate
neighbor 3.3.3.3 activate
exit-address-family
!
address-family ***v4
neighbor 1.1.1.1 activate
neighbor 1.1.1.1 send-community extended
neighbor 1.1.1.1 route-reflector-client
neighbor 5.5.5.5 activate
neighbor 5.5.5.5 send-community extended
neighbor 5.5.5.5 next-hop-unchanged
exit-address-family
!
R3 (ASBR1)
router eigrp 100
network 3.3.3.3 0.0.0.0
network 13.1.1.3 0.0.0.0
network 23.1.1.3 0.0.0.0
redistribute bgp 100 metric 10000 100 255 1 1500 route-map EIGRP
!
router bgp 100
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 2.2.2.2 remote-as 100
neighbor 2.2.2.2 update-source Loopback0
neighbor 34.1.1.4 remote-as 200
!
address-family ipv4
neighbor 2.2.2.2 activate
neighbor 2.2.2.2 next-hop-self
neighbor 34.1.1.4 activate
neighbor 34.1.1.4 route-map Set_Label out
neighbor 34.1.1.4 send-label
exit-address-family
!
ip prefix-list PE1 seq 5 permit 1.1.1.1/32
!
route-map EIGRP permit 10
match mpls-label
!
route-map Set_Label permit 10
match ip address prefix-list PE1
set mpls-label
!
route-map Set_Label permit 20
R4
router eigrp 100
network 4.4.4.4 0.0.0.0
network 45.1.1.4 0.0.0.0
network 46.1.1.4 0.0.0.0
redistribute bgp 200 metric 10000 100 255 1 1500 route-map EIGRP
!
router bgp 200
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 5.5.5.5 remote-as 200
neighbor 5.5.5.5 update-source Loopback0
neighbor 34.1.1.3 remote-as 100
!
address-family ipv4
network 5.5.5.5 mask 255.255.255.255
neighbor 5.5.5.5 activate
neighbor 5.5.5.5 next-hop-self
neighbor 34.1.1.3 activate
neighbor 34.1.1.3 route-map Set_Label out
neighbor 34.1.1.3 send-label
exit-address-family
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
!
!
ip prefix-list PE2 seq 5 permit 6.6.6.6/32
no cdp log mismatch duplex
!
route-map EIGRP permit 10
match mpls-label
!
route-map Set_Label permit 10
match ip address prefix-list PE2
set mpls-label
!
route-map Set_Label permit 20
!
R5
router eigrp 100
network 0.0.0.0
!
router bgp 200
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 2.2.2.2 remote-as 100
neighbor 2.2.2.2 ebgp-multihop 255
neighbor 2.2.2.2 update-source Loopback0
neighbor 4.4.4.4 remote-as 200
neighbor 4.4.4.4 update-source Loopback0
neighbor 6.6.6.6 remote-as 200
neighbor 6.6.6.6 update-source Loopback0
!
address-family ipv4
network 6.6.6.6 mask 255.255.255.255
neighbor 4.4.4.4 activate
neighbor 6.6.6.6 activate
exit-address-family
!
address-family ***v4
neighbor 2.2.2.2 activate
neighbor 2.2.2.2 send-community extended
neighbor 2.2.2.2 next-hop-unchanged
neighbor 6.6.6.6 activate
neighbor 6.6.6.6 send-community extended
neighbor 6.6.6.6 route-reflector-client
exit-address-family
!
R6
ip vrf CustomerA
rd 200:1
route-target export 200:1
route-target import 100:1
router eigrp 100
network 6.6.6.6 0.0.0.0
network 46.1.1.6 0.0.0.0
network 56.1.1.6 0.0.0.0
!
router ospf 100 vrf CustomerA
redistribute bgp 200 subnets
network 192.168.2.1 0.0.0.0 area 0
!
router bgp 200
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 5.5.5.5 remote-as 200
neighbor 5.5.5.5 update-source Loopback0
!
address-family ipv4
neighbor 5.5.5.5 activate
exit-address-family
!
address-family ***v4
neighbor 5.5.5.5 activate
neighbor 5.5.5.5 send-community extended
exit-address-family
!
address-family ipv4 vrf CustomerA
redistribute ospf 100 match internal external 1 external 2
exit-address-family
!
配置分析主要集中在RR和ASBR上,先来看RR
路由反射器需要和己方AS PE建立***v4邻居关系,(当然PE是RR的client)
R2
address-family ipv4
neighbor 1.1.1.1 activate
address-family ***v4
neighbor 1.1.1.1 activate
neighbor 1.1.1.1 send-community extended
neighbor 1.1.1.1 route-reflector-client
R4
address-family ipv4
neighbor 6.6.6.6 activate
address-family ***v4
neighbor 6.6.6.6 activate
neighbor 6.6.6.6 send-community extended
neighbor 6.6.6.6 route-reflector-client
之前提到过RR与RR之间要建立***v4邻居关系,意味着底层ipv4要打通。
R3
address-family ipv4
network 1.1.1.1 mask 255.255.255.255
R4
address-family ipv4
network 5.5.5.5 mask 255.255.255.255
之后RR之间再建立***v4的邻居关系
R2
router bgp 100
neighbor 5.5.5.5 remote-as 200
neighbor 5.5.5.5 ebgp-multihop 255
neighbor 5.5.5.5 update-source Loopback0
!
address-family ***v4
neighbor 5.5.5.5 activate
neighbor 5.5.5.5 send-community extended
neighbor 5.5.5.5 next-hop-unchanged
R5
router bgp 200
address-family ***v4
neighbor 2.2.2.2 remote-as 100
neighbor 2.2.2.2 ebgp-multihop 255
neighbor 2.2.2.2 update-source Loopback0
!
address-family ***v4
neighbor 2.2.2.2 activate
neighbor 2.2.2.2 send-community extended
neighbor 2.2.2.2 next-hop-unchanged
此时,下一跳不改变是为了之后数据层面不经过次优路径做的,这里偷懒后面不解释了。
同时,这个bgp邻居需要multihop,改成相应的数值就行。
接下来看ASBR。当提及跨域MPLS时候,反复强调一点 即路由器需要为下一跳分发标签。牢记这点其实逻辑也不难。
-
在ebgp邻居上使用send-label命令
R3
neighbor 34.1.1.4 send-label
R4
neighbor 34.1.1.3 send-label - 用route-map对label进行过滤,过滤的对象为对端AS的PE路由器,注意为route-map放空语句
R3
ip prefix-list PE1 seq 5 permit 1.1.1.1/32
!
route-map EIGRP permit 10
match mpls-label
!
route-map Set_Label permit 10
match ip address prefix-list PE1
set mpls-label
!
route-map Set_Label permit 20
!
router bgp 100
address-family ipv4
neighbor 34.1.1.4 route-map Set_Label out
R4
ip prefix-list PE2 seq 5 permit 6.6.6.6/32
!
route-map EIGRP permit 10
match mpls-label
!
route-map Set_Label permit 10
match ip address prefix-list PE2
set mpls-label
!
route-map Set_Label permit 20
!
router bgp 200
address-family ipv4
neighbor 34.1.1.3 route-map Set_Label out
3.需要advertise对端PE的loopback地址,否则之前使用的next-hop-unchanged的下一跳会不优
R3
address-family ipv4
network 1.1.1.1 mask 255.255.255.255
R4
address-family ipv4
network 6.6.6.6 mask 255.255.255.255
4.把打了标签的bgp路由重分发进IGP中
另外,ASBR只需要运行普通ipv4 BGP就行了。
R3
redistribute bgp 100 metric 10000 100 255 1 1500 route-map EIGRP
R4
redistribute bgp 200 metric 10000 100 255 1 1500 route-map EIGRP
此时,彼方IGP中会有条己方AS PE的路由
R1#show ip route | in EX
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
D EX 6.6.6.6 [170/281856] via 13.1.1.3, 01:10:09, GigabitEthernet0/0
R6#sh ip route | in EX
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
D EX 1.1.1.1 [170/281856] via 46.1.1.4, 00:41:01, GigabitEthernet2/0R6
配置分析完了,来看数据层面
R1#show ip cef vrf CustomerA 22.22.22.22 detail
22.22.22.22/32, epoch 0, flags rib defined all labels
recursive via 6.6.6.6 label 605
nexthop 13.1.1.3 GigabitEthernet0/0 label 307
PE端,内层标签605,外层标签307
R3#show mpls forwarding-table labels 307
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
307 400 6.6.6.6/32 610 Gi1/0 34.1.1.4
R4#show mpls forwarding-table labels 400
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
400 Pop Label 6.6.6.6/32 1180 Gi2/0 46.1.1.6
R6#show mpls forwarding-table labels 605
Local Outgoing Prefix Bytes Label Outgoing Next Hop
Label Label or Tunnel Id Switched interface
605 No Label 22.22.22.22/32[V] \
1140 Gi0/0 192.168.2.33
配上一个BGP update的抓包,由R2发送给R5,NLRI 11.11.11.11/32, 下一跳1.1.1.1 label是103
optionC的确要比option B分析起来简单些,当然配起来的确很绕。有时间回来把这实验再敲一遍。
过两天研究IS-IS和MPLS TE。
补充一份最近搜到的Cisco live讲inter-as ×××的截图。第一幅图是控制层面的BGP标签分发。PE端分发的标签,将下一跳,RT RD VRF 及标签绑定在一起,但是注意,下一跳仍然是最关键的。当BGP充当标签分发器时,永远是根据下一跳分发的。即使是ASBR之间的label unicast,也仍然依照next hop value分发。所以在传递的过程中,其实是三层标签。LSP/ASBR/remote PE
4月9号更新,上一个其实还是有点问题。把两个问题写下来。为什么要重分发对端的PE 环回口,因为在查询vrf路由的时候,下一眺的recursive lookup一定要在global RIB中。
如果不重分发,那11.11.11.11/32前面的星号就没了。
第二,使用show ip bgp ***v4 rd 200:1 label来查看本地发放了什么标签给对端。
第三,查看路由表,bgp路由下一跳,以及PE收到的关于此下一跳的标签就可以明白标签是如何堆叠的。为何这种方法是两层标签,是因为我们把对端PE的环回口发送进了本地IGP。使得在标签分发的过程中,这个对端PE对于本地分发标签的时候就好像本地AS的路由一样。