MPLS ×××
实验
以CE和PE间的静态路由为例说明配置和验证过程
1.
在所有路由器的接口上配置IP,并使用Ping命令测试邻居间的连通性。
2.
在PE、P上配置IGP路由,这里使用OSPF,L0、PE—P的接口运行OSPF就可以,然后查看路由表,保证学到应有的路由。
3.
PE和P上运行MPLS,在全局下配置——ip cef,接口上启用MPLS——mpls ip或tag-switching ip都可以(查看配置的时候,始终显示为tag-switching ip),只需要在PE和P连接的接口上启用MPLS就可以。
4.
在PE上创建×××实例——ip vrf xxxx, 例如ip vrf ***a。在×××实例视图下配置RD——rd xx:xx,例如rd 100:1,RD的作用:用于区分不别×××使用相同的IP,在IP包头加了RD以后,IPV4就变成了×××-IPV4,例如:***a和***b都使用网段 10.0.0 .0/8,***a的RD为100:1,***b的RD为200:1,这样就能成为唯一的标识了,RD只有在不同的×××具有相同的IP时才有用,可以在同一×××的不同site配置不一样的RD,在同一台PE下,原理上不同的×××实例有不同的IP可以有相同的RD,但是厂商为了防止客户的IP变动造成与其它客户IP一致,一般都不允许不同的×××实例配置相同的RD,比如思科就会提示” % Cannot set RD, check if it's unique”。接着配置RT(通过标识来过滤不同的×××)——route-target [export|import|both]xx:xx,例如route-target both 100:1,表示只发送和接收带有100:1标识的包,不同的×××有不同的RT,同一×××不同site的RT进出标识要相互匹配。然后将接口绑定到×××实例中,在接口视图下配置ip vrf forwarding xxxx,如 ip vrf forwarding ***a,如果原来接口上有IP,会提示IP被删掉”% Interface Serial1/0 IP address 192.168.168.5 removed due to enabling VRF ***a”,必需重配IP,这是因为原来的IP是属于全局路由表的,现在这个接口是属于***a实例的路由表,例如接口的IP为192.168.168.5
PE2#show ip route
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF , IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
200.1.1.0/30 is subnetted, 2 subnets
O 200.1.1.0 [110/128] via 200.1.1.5, 01:23:33, Serial1/1
C 200.1.1.4 is directly connected, Serial1/1
199.1.1.0/32 is subnetted, 3 subnets
O 199.1.1.3 [110/65] via 200.1.1.5, 01:23:33, Serial1/1
C 199.1.1.2 is directly connected, Loopback0
O 199.1.1.1 [110/129] via 200.1.1.5, 01:23:33, Serial1/1
PE2#show ip route vrf ***a
Routing Table: ***a
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF , IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
192.168.168.0/30 is subnetted, 1 subnets
C 192.168.168.4 is directly connected, Serial1/0
5.在CE上配置默认路由,这个没有什么特殊,就是ip route 0.0.0 .0 0.0.0.0 x.x.x.x,PE上配置静态路由ip route vrf ***a 192.168.2.0 255.255.255.0 192.168.168.6,从这条命令可以看出它是属于***a的路由
PE2#show ip route vrf ***a
Routing Table: ***a
Codes: C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF , IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route
Gateway of last resort is not set
192.168.168.0/30 is subnetted, 1 subnets
C 192.168.168.4 is directly connected, Serial1/0
S 192.168.2.0/24 [1/0] via 192.168.168.6
6.配置MBGP
router bgp 100
no synchronization
bgp log-neighbor-changes
neighbor 199.1.1.1 remote-as 100
neighbor 199.1.1.1 update-source Loopback0
no auto-summary
!
address-family ***v4 //进入MBGP的×××-IPV4地址族视图
neighbor 199.1.1.1 activate //激活邻居
neighbor 199.1.1.1 send-community both //发送和接受团体属性,指RT
exit-address-family
!
address-family ipv4 vrf ***a //配置***a与MBGP地址族关联
redistribute connected //引入直连路由
redistribute static //引入静态路由
no auto-summary
no synchronization
exit-address-family
接着查看×××的BGP路由表,可以看到已经学习到邻居从分发的路由了
PE2#show ip bgp ***v4 vrf ***a
BGP table version is 9, local router ID is 199.1.1.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100:1 (default for vrf ***a)
*>i192.168.1.0 199.1.1.1 0 100 0 ?
*> 192.168.2.0 192.168.168.6 0 32768 ?
*>i192.168.168.0/30 199.1.1.1 0 100 0 ?
*> 192.168.168.4/30 0.0.0 .0 0 32768 ?
7.测试同一×××下SITE间的连通性
CE1#ping
Protocol [ip]:
Target IP address: 192.168.2.1
Repeat count [5]:
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]: y
Source address or interface: 192.168.1.1
Type of service [0]:
Set DF bit in IP header? [no]:
Validate reply data? [no]:
Data pattern [0xABCD]:
Loose, Strict, Record, Timestamp, Verbose[none]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.1.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 860/1131/1420 ms
8.根据RFC3031 中的描述,LSR 节点在对分组打标签时,需要将原IP 分组或
上层标签中的TTL 值拷贝到新增加标签的TTL 域,LSR 在转发标签分组时,
对栈顶标签的TTL 域作减一操作,标签出栈时,再将栈顶的TTL 值拷贝回IP
分组或下层标签
下面在CE1上对下一跳的跟踪,可以看到包括骨干网的路由都显示出来了
CE1#traceroute 192.168.2.1
Type escape sequence to abort.
Tracing the route to 192.168.2.1
1 192.168.168.1 76 msec 92 msec 36 msec
2 200.1.1.2 200 msec 240 msec 336 msec
3 192.168.168.5 144 msec 144 msec 120 msec
4 192.168.168.6 496 msec * 732 msec
为了隐藏骨干上的路由,可以在 ingress时不把IP的TTL值复制到MPLS报头的TTL字段,下面在PE1上特权模式下配置no tag-switching ip propagate-ttl后,CE1上的tracert过程,
CE1#traceroute 192.168.2.1
Type escape sequence to abort.
Tracing the route to 192.168.2.1
1 192.168.168.1 172 msec 120 msec 76 msec
2 192.168.168.5 260 msec 372 msec 256 msec
3 192.168.168.6 660 msec * 928 msec