CCIE学习笔记之MPLS与MPLS ×××
配置:
接口下启用:mpls ip
mpls label protocol ldp | tdp | both
配置LDP RID(全局):mpls ldp route-id interface [force]
如mpls ldp route-idloopback0 force
注:force强制命令立即生效,注意对方的LDP RID可达才能和对方建立LDP邻居关系
修改MPLS MTU(接口):mpls mtu [override] 1516 //因为加上4字节的标签,这条命令可以用在局域网接口上来防止分片(广域网MTU自动增加)
全局:no mpls ippropagate-ttl [forward | local] //默认会把IP的TTL复制到MPLS标签中,出了MPLS域再复制回来,这条命令不复制而是吧MPLS标签中的TTL设为255,防止tracer跟踪,forward针对穿越MPLS域的流量(对自身发起流量无效),local针对MPLS域这身发起的流量(对穿越MPLS域的流量无效)
全局:mpls ldpadvertise-lable for 1 to 2
只针对ACL1的路由发标签,发给ACL2的LDP邻居
全局:(config)#mpls labelrange 100 200 //定义分发标签的范围
查看命令:
R3#show mpls ldp parameters //查看本地LDP参数
Protocol version: 1
No label generic region for downstreamlabel distribution
Session hold time: 180 sec; keep aliveinterval: 60 sec
Discovery hello: holdtime: 15 sec;interval: 5 sec
Discovery targeted hello: holdtime: 90 sec;interval: 10 sec
Downstream on Demand max hop count: 255
Downstream on Demand Path Vector Limit: 255
LDP for targeted sessions
LDP initial/maximum backoff: 15/120 sec
LDP loop detection: off
R1#show mpls interfaces
Interface IP Tunnel Operational
FastEthernet1/0 Yes (ldp) No Yes
R1#show mpls ldp discovery //显示所有LDP邻居
Local LDP Identifier:
12.1.1.1:0
Discovery Sources:
Interfaces:
FastEthernet1/0 (ldp): xmit/recv
LDP Id: 12.1.1.2:0; no host route
R1#show mpls ldp neighbor [detail] //显示邻居具体信息
Peer LDP Ident: 12.1.1.2:0; Local LDP Ident 12.1.1.1:0
TCP connection: 12.1.1.2.36072 - 12.1.1.1.646
State: Oper; Msgs sent/rcvd: 9/8; Downstream
Up time: 00:03:23
LDP discovery sources:
FastEthernet1/0, Src IP addr: 12.1.1.2
Addresses bound to peer LDP Ident:
12.1.1.2
R1#show mpls ldp bindings
tibentry: 1.1.1.1/32, rev 4
local binding: tag: imp-null
tibentry: 12.1.1.0/24, rev 2
local binding: tag: imp-null
remote binding: tsr: 12.1.1.2:0, tag: imp-null
R1#show mpls forwarding-table //查看LFIB
MPLS ×××
配置:
VRF:
R1(config)#ip vrf r1
R1(config-vrf)#rd 1:1
R1(config-vrf)#route-target import 1:2
R1(config-vrf)#route-target export 1:2
R1(config)#int f1/0
R1(config-if)#ipvrf forwarding r1
R1(config-vrf)#maximumroutes 10 80 //限制安装到VRF表的路由数量为10,超过80%报警,超过最大则超过的不会放进该vrf路由表,如果用warn only那么只报警继续安放
MP-BGP:
R1(config)#router bgp 1
R1(config-router)#nei 2.2.2.2 remote-as 1
R1(config-router)#neighbor 2.2.2.2update-source l0
R1(config-router)#neighbor 2.2.2.2 next-hop-self
R1(config-router)#address-family ***v4
R1(config-router-af)#neighbor 2.2.2.2activate
R1(config-router-af)#neighbor 2.2.2.2 next-hop-self //如果和客户之间建立EBGP邻居则需要
R1(config-router-af)#neighbor 2.2.2.2send-community ? //默认extended,如果也要传递标准的BGP社团属性用both
both Send Standard andExtended Community attributes
extended Send Extended Communityattribute
standard Send Standard Communityattribute
R1(config-router)#address-family ipv4 vrfr1
R1(config-router-af)# neighbor 13.1.1.3 remote-as3
R1(config-router-af)#redistribute ospf 1 match ? //如果没有match那么只有internal OSPF被重分发进MP-BGP
external Redistribute OSPFexternal routes
internal Redistribute OSPFinternal routes
nssa-external Redistribute OSPFNSSA external routes
R1(config-router-af)#neighbor 2.2.2.2 maximum-prefix 1080 warning-only //限制从邻居学来的前缀数量
EIGRP:
R1(config)#router eigrp 1
R1(config-router)#address-family ipv4 vrfr1
R1(config-router-af)#autonomous-system 1
! 建立EIGRP邻居以这个为准,而不管router eigrp的自治体统号
R1(config-router-af)#no auto-summary
R1(config-router-af)#network 13.0.0.0
R1(config-router-af)#redistribute bgp 1metric 10000 10 255 1 1500
OSPF:
R1(config)#router ospf 1 vrf r1
R1(config-router)#network 13.1.1.1 0.0.0.0area 0
R1(config-router)#redistribute bgp 1subnets
show命令:
R1#show ip vrf
Name Default RD Interfaces
r1 1:1 Fa1/0
R1#show ip vrf detail
VRF r1; default RD 1:1; default ×××ID
Interfaces:
Fa1/0
Connected addresses are not in global routing table
Export ××× route-target communities
RT:1:2
Import ××× route-target communities
RT:1:2 RT:2:1
Noimport route-map
Noexport route-map
VRFlabel distribution protocol: LDP
R1#show ip vrf interfaces
Interface IP-Address VRF Protocol
Fa1/0 13.1.1.1 r1 up
R1#show ip protocols vrf r1
Routing Protocol is "bgp 1"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
IGPsynchronization is disabled
Automatic route summarization is disabled
Redistributing: ospf 1
Maximum path: 1
Routing Information Sources:
Gateway Distance Last Update
Distance: external 20 internal 200 local 200
Routing Protocol is "ospf 1"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
RouterID 13.1.1.1
Itis an area border router
Number of areas in this router is 1. 1 normal 0 stub 0 nssa
Maximum path: 4
Routing for Networks:
13.1.1.1 0.0.0.0 area 0
Reference bandwidth unit is 100 mbps
Routing Information Sources:
Gateway Distance Last Update
Distance: (default is 110)
Routing Protocol is "eigrp"
Outgoing update filter list for all interfaces is not set
Incoming update filter list for all interfaces is not set
Default networks flagged in outgoing updates
Default networks accepted from incoming updates
EIGRP metric weight K1=1, K2=0, K3=1, K4=0, K5=0
EIGRP maximum hopcount 100
EIGRP maximum metric variance 1
Redistributing: eigrp
EIGRP NSF-aware route hold timer is 240s
Automatic network summarization is not in effect
Maximum path: 4
Routing for Networks:
13.0.0.0
Routing Information Sources:
Gateway Distance Last Update
Distance: internal 90 external 170
R1#show ip route vrf r1
Routing Table: r1
Codes: C - connected, S - static, R - RIP,M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-ISlevel-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
13.0.0.0/24 is subnetted, 1 subnets
C 13.1.1.0 is directly connected, FastEthernet1/0
R1#show ip bgp ***v4 vrf r1 //查看×××v4VRF r1的BGP表
BGP table version is 3, local router ID is1.1.1.1
Status codes: s suppressed, d damped, hhistory, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? -incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 1:1 (default for vrfr1)
*> 13.1.1.0/24 0.0.0.0 0 32768 ?
R1#show ip bgp ***v4 all //查看所有×××v4的的BGP表
BGP table version is 3, local router ID is1.1.1.1
Status codes: s suppressed, d damped, hhistory, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? -incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 1:1 (default for vrfr1)
*> 13.1.1.0/24 0.0.0.0 0 32768 ?
R1#show ip bgp ***v4 rd 1:1 //查看特定rd的***v4的BGP表
BGP table version is 3, local router ID is1.1.1.1
Status codes: s suppressed, d damped, hhistory, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? -incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 1:1 (default for vrfr1)
*> 13.1.1.0/24 0.0.0.0 0 32768 ?
R1#show mpls forwarding-table vrf r1
Local Outgoing Prefix Bytes tag Outgoing Next Hop
tag tag or VC or Tunnel Id switched interface
16 Aggregate 13.1.1.0/24[V] 0
环路避免:
OSPF down-bit位:
从MP-BGP重发布到OSPF时设置,用于防止同一OSPF区域到MP-BGP的双向重发布时的环路
OSPF tag field:
用于防止不同区域和MP-BGP双向重发布引起的环路(外部OSPF路由从一个OSPF区域重发布进另一个OSPF区域是down-bit被清空,但是外部OSPF路由所携带的tag field保持),tag field即MP-BGP的AS号,根据AS-path原则防环:
OSPF sham link(防止优选后门链路):
因为从MP-BGP学来的是O IA而从后门链路学来的是O,所以优选从后门链路学来的,尽管后门链路带宽较低
配置了sham link后相当于两个PE用一条处于区域1的链路连在一起,传递的是LSA1,相当于都处在同一区域,同一区域该怎么选路就怎么选路(根据带宽)
sham link配置:
(config-router)#area area-id sham-linksource-address destination-address cost number
如:
R1(config)#router ospf 1 vrf r1
R1(config-router)#area 1 sham-link 1.1.1.12.2.2.2 cost 10
注意:source-address(1.1.1.1)要宣告进MP-BGP但不能宣告进OSPF和BGP
打破AS-path防环规则
as-override:
问题:
解决:
在PE上:
R1(config-router)#address-family ipv4 vrfr1
R1(config-router-af)#neighbor 2.2.2.2as-override //2.2.2.2为CE邻居,这样对发给2.2.2.2的BGP更新的AS号进行重写
如果服务提供商收到的第一个AS号(如果有用as path prepend则是相同的一连串AS号)和将要把更新发给的邻居相同,则用自己的AS号替换这个AS号(或这一串AS号)
allow as in:
在CE上:
R2(config-router)#neighbor1.1.1.1 allowas-in 1 //允许一个AS接受一个存在自己AS号的BGP更新
用SOO防环:
1. 只需在多宿主(DUAL-home)端配置
2. 如果PE和CE建立EBGP邻居关系则用route-map配置:
3. 如果PE和CE运行其它路由协议则在接口下配置:
同时接入MPLS×××和internet:
接口:
1. 用两个物理接口和ISP相连
2. 用物理接口和隧道接口:
PE端配置:
interfaceFastEthernet1/1
ip vrf forwarding r6
ip address 16.1.1.1 255.255.255.0
interface Tunnel0
ip vrf forwarding internet
ip address 61.1.1.1 255.255.255.0
tunnel source 16.1.1.1
tunnel destination 16.1.1.6
tunnel vrf r6 //一定要这条命令,因为隧道的源处在VRF r6中
CE端配置:
interfaceFastEthernet1/0
ip address 16.1.1.6 255.255.255.0
ip ospf 1 area 0
interfaceTunnel0
ip address 61.1.1.6 255.255.255.0
tunnel source FastEthernet1/0
tunnel destination 16.1.1.1
3. 用子接口:
PE端配置:
interfaceFastEthernet1/1
ip vrf forwarding r6
ip address 16.1.1.1 255.255.255.0
interfaceFastEthernet1/1.10
encapsulation dot1Q 10
ip vrf forwarding internet
ip address 61.1.1.1 255.255.255.0
CE端配置:
interfaceFastEthernet1/0
ip address 16.1.1.6 255.255.255.0
ip ospf 1 area 0
interfaceFastEthernet1/1.10
encapsulation dot1Q 10
ip address61.1.1.6 255.255.255.0
和ISP建立邻居关系:
1. 一条链路建立MP-EBGP邻居,一条链路建立普通EBGP邻居
2. 一条链路建立MP-EBGP邻居(处在和对方站点的VRF中),一条链路建立MP-EBGP邻居(处在VRF internet中)
关键配置(把承载有公网BGP的路由器看做VRF internet的CE即可,):
PE端:
ip vrf internet
rd 100:100
route-target export 100:100
route-target import 100:100
interfaceFastEthernet1/1
ip vrf forwarding internet
ip address 35.1.1.3 255.255.255.0
router bgp 123
address-family***v4
neighbor 1.1.1.1 activate
neighbor 1.1.1.1 send-community extended
address-familyipv4 vrf r7 //客户的MPLS ×××
no synchronization
redistribute ospf 3 vrf r7
address-familyipv4 vrf internet
no synchronization
neighbor 35.1.1.5 remote-as 5 //和载有公网BGP的路由器建立VRF internet的MP-BGP邻居
neighbor 35.1.1.5 activate
承载有公网BGP的路由器配置:
router bgp 5
network 0.0.0.0
network 5.5.5.5 mask 255.255.255.255 //5.5.5.5充当公网路由
neighbor 35.1.1.3 remote-as 123
neighbor 35.1.1.3 prefix-list defonly out //只把默认路由发给VRF internet
ip route 0.0.0.00.0.0.0 Null0
ip prefix-listdefonly seq 5 permit 0.0.0.0/0
VRF路由过滤:
只允许特定的路由进入VRF表:
为特定的路由添加route-target(相当于让这些路由加入特定的MPLS ×××):
注意有additive关键字为添加,没有则是覆盖
